Post-pandemic cloud security begins at the edge with hyper-automation, writes David Shepherd, Global VP Sales Engineering, at the IT asset and identity management product company Ivanti.
Cloud computing is being heralded as a saviour by many CEOs after it helped businesses to rapidly adjust in the early days of the pandemic. That is certainly true, but so is the fact that this accelerated process of IT modernisation also created a bigger opportunity for cyber-criminals. In many organisations, those advocating security were shouted down in the rush to support remote work and roll-out new customer-facing services. But now the dust has settled, it’s time to put security back in the driving seat. Without it, no business can travel at the speed it needs.
Cloud security is tough, and in SaaS environments the provider will be responsible for a large part of it. That’s why, CISOs must focus on what they control. This means layering up security at the endpoint, and deploying hyper-automation tools to manage complexity and risk.
It’s difficult to overestimate the impact COVID-19 has had on corporate IT. Those that used to talk about digital strategy in ‘one- to three-year phases’ were forced to scale-up in just days or weeks, according to McKinsey. They’ve been extremely busy. Corporate investments ranged from workload migration to IaaS environments, to company-wide purchases of SaaS-based office productivity and collaboration tools. Zoom claimed that daily meeting participants grew from 10 million in December 2019 to roughly 200 million in March 2020.
However, these efforts also exposed organisations to increased cyber risk, as attackers pivoted to target vulnerabilities in remote working endpoints and users themselves, via phishing emails. Many CISOs worried about their newly distributed workforce; specifically, that home users juggling childcare duties would be more distracted and therefore susceptible to phishing. Or indeed that the laptops, PCs and mobile devices used to log on to corporate networks and cloud accounts weren’t properly protected.
More sophisticated threats also emerged. Microsoft detailed multiple waves of human-operated ransomware – often exploiting known flaws in unpatched VPN solutions, RDP and virtual desktops without multi-factor authentication (MFA), End of Life platforms like Windows Server 2003 and misconfigured web servers.
According to one poll of global security professionals conducted in April, nearly a quarter (23%) of respondents noted an increase in security incidents since the transition to cloud-enabled remote working. Some claimed attacks had doubled. Security teams were often themselves hampered by being forced to work on unrelated tasks to support the pivot to home working. This compounded pre-existing skills shortages, which currently stand at just over three million professionals globally, as well as reactive security postures.
A lack of automation in many IT functions means stretched teams are stuck in constant fire-fighting mode, overwhelmed by the number of patches they must prioritise and deploy on a growing volume of endpoints. The explosion in the latter caused by COVID-19, alongside existing trends for IoT growth, has made a precarious situation even worse. Many IT teams don’t know how many endpoints they have in the organisation. That is an untenable situation considering 68% of organisations suffered an endpoint attack last year, resulting in compromised data or IT infrastructure.
A major part of the problem is tooling: an ISACA study found that only 59% of IT security pros feel they have the right tools at home to do their job properly. Hybrid and multi-cloud environments make things more complicated still. 85% of organisations now use multiple clouds and 76% have between two and 15 hybrid clouds running, according to IBM.
This complexity will only grow, while mass remote working is surely here to stay. So, what does that mean for your cloud security strategy? It means starting at the edge, by enforcing IT hygiene best practices such as effective end user training, MFA on RDP and other endpoints, anti-malware on every device used to connect to work systems and networks, application control and prompt patching.
The latter, as we’ve discussed, can be particularly challenging given not only the agility of modern cyber-criminals and the size of the attack surface, but the visibility issues and staffing problems many IT functions experience. This is where hyper-automation comes into its own. Described by Gartner as a top 10 trend for 2020, it applies AI and machine learning to drive sophisticated automation of tasks like patch management. When done in this way, systems can automatically discover and monitor all endpoints in a distributed corporate environment, proactively detecting and remediating any security and configuration issues. With self-healing, self-securing endpoint and edge devices, IT and security teams are freed-up to focus on higher value tasks. It all adds up to cloud-powered success that will help organisations hit the ground running as they emerge from the pandemic.
