The past year has seen a surge in cloud migration and remote working, posing many novel security challenges and risks for organisations. Security strategies must be adapted to successfully sustain new cloud-based working models, privileged access management being a key solution capable of mitigating risk, says Joseph Carson, chief security scientist, at the password management cloud firm Thycotic.
The phrase ‘new normal’ has more than one meaning. Used to describe new ways of living brought about by the COVID-19 pandemic, it means something different to everyone. In a social context it might refer to the shift from the pub quiz to the Zoom quiz; the gym to online fitness classes; or the normalisation of wearing masks in public places. In a business context, meanwhile, there have been similarly transformative changes, with arguably none more significant than the widespread adoption of remote working models.
A report from the European Commission found that close to 40 per cent of workers in the European Union began to work remotely as a result of the pandemic, yet 85pc had never done so prior to the outbreak of COVID-19. It was a transition borne out of necessity. For many organisations, there was little time for planning as they were forced to adapt quickly and at scale in order to continue operating effectively when faced with stay-at-home orders and lockdowns.
As a result, technology has become the heartbeat of countless companies, with digital adoption and transformation strategies shifting into overdrive. According to a McKinsey global survey of executives, organisations have accelerated the digitisation of their customer and supply chain interactions and of their internal operations by three to four years. The share of digital or digitally enabled products in company portfolios, meanwhile, is seven years ahead of where it would have been under normal circumstances.
The cloud has been a pivotal enabler of such changes, facilitating an improved ability to both operate and interact with customers remotely. Yet cloud migration has posed a number of novel challenges and risks.
It’s said that cloud migration is as stressful as moving home, and whilst you can prepare as much as possible for any big change, there will always be unforeseen challenges, even after the move has taken place. Necessity may have dictated the speed with which digital transformation took place in 2020, but moving any remaining on-premise legacy systems to the cloud will still be a major priority over the next year.
With many organisations having pursued rapid and reactionary transitions, it is now time to unpack the boxes properly – to consider the challenges, security risks, and best practices to ensure a cloud-based operating model can be as successful and sustainable as possible.
The cloud – a double-edged sword?
The cloud has created immense opportunity, but equally it has presented immense risks. As companies have gone remote, their digital footprints have expanded as an ever-greater number of devices and applications were incorporated into their ecosystems. Unfortunately, this has caught the attention of cybercriminals.
Since the pandemic began, the FBI has reported a 300% increase in cybercrime as wider digital footprints have created more targets for cybercriminals to hit. Just as organisations have adapted, so too have attackers, tailoring their tactics to the current environment and advancing the sophistication of their methods. In April 2020, for example, Google blocked 18 million daily malware and phishing emails related to Coronavirus – showing the resourceful opportunism of criminals.
The statistics speak for themselves. According to IBM, remote work has increased the average cost of a data breach by $137,000, while Fintech News reports that cloud-based cyberattacks rose 630pc between January and April 2020.
Tackling cybercrime is a challenge of cloud migration, yet it is not the only one – insider threats are also a potential menace. Without proper security protocols, staff may also be able to retrieve sensitive data, while former employees may retain access to confidential information long after they have left. Given the multi-faceted threat landscape, security considerations must be a priority for cloud migration. Indeed, developing a sound security posture has never been more important.
Privileged access management
This brings us to privileged access management (PAM). Much has been said about the need to properly manage data, GDPR and the Data Protection Act of 2018 being the most obviously applicable examples in the UK. More than ever before, companies have a responsibility to protect sensitive information, ensure compliance and prevent unauthorised access to systems, and PAM is a way in which this can be achieved.
PAM is a solution that securely manages users privileged accounts adding additional security controls and enforce the principle of least privilege. In doing so, an organisation’s attack surface is significantly reduced, preventing, or at least mitigating, the damage that may arise from external attacks or insider threats. Privileged users – those that can access wide amounts of company information – are high value targets for cybercriminals. Therefore, reducing user privileges where possible will improve overall security, and limit lateral movement and breach potential should one occur. By forcing cybercriminals to take more risks, they ultimately will create more noise on the network giving the defenders a improved chance at detecting the attackers before they strike.
Let’s consider a potential cyberattack.
A cybercriminal sends an authentic looking spear phishing email to a company employee, who in turn unknowingly downloads a malicious payload and allows the cybercriminal to establish a foothold on the end point. Without PAM, the cybercriminal may elevate privileges to the service account to move laterally without obstruction and retrieve critical digital assets which can ultimately be used to damage a company financially and/or reputationally. Even worse the attacker may deploy ransomware.
Phishing attacks are a common problem for businesses – which is no surprise, given that 95pc of all cyber breaches are attributed to or include human error. They are now almost inevitable, but can be managed and mitigated by achieving holistic visibility over who has access to data, applications and systems.
Visibility and auditability
So, how can PAM be used to transform enterprise visibility, in a multi-hybrid cloud world where cloud-based operating models coexist with on-premises environments? Primarily, PAM requires continuous authentication and authorisation, moving security to a level of sophistication far beyond the traditional password. PAM helps move passwords into the background and enable continuous verification. It is like a digital polygraph test for access to the companies resources.
Throughout any enterprise, users rely on their login credentials – a username and password – to access applications and devices. If these credentials are not managed, updated and secured properly, they create significant risks for an organisation. With PAM, such risks can be reduced using role-based access controls that are tied in with multi-factor authentication.
Instead of providing all users with an insecure way of accessing a company’s entire digital asset portfolio, the principle of least privilege can be used where employees are only permitted to access the data that they need to complete their specific function, backed up by continual multi-factor authentication. Not only does this bolster security, but it addresses a key pain point for many chief information security officers (CISOs) – transparency and auditability.
PAM tracks the access of individuals in a holistic way, allowing specific instances to be monitored and flagged if anything seems suspicious. In this way, visibility in both on-premises and cloud environments is transformed. It creates an audit trail, allowing both breaches to be spotted earlier and traced back to specific points of access. Essentially, PAM can offer insight into levels of risk which may be adjusted depending on the threat landscape.
For cloud environments, the ability to manage access with continuous authentication and authorisation is key in terms of granular control. It is essential to creating an adaptive risk-based model that allows a security team to increase and decrease the security fence as required.
