.svg)
How trusting no one can help improve your breach detection and response
Cloud security can be complex to navigate given its multiple solution options. For example, even the Shared Responsibility Model many businesses follow has multiple permutations: The division of responsibilities between what the cloud service provider maintains and what the customer retains is a bit of a moving target depending on your preference and partner for Software as a Service (SaaS), Infrastructure as a Service (IaaS), or Platform as a Service (PaaS).
Regardless of the Cloud Security model selected, however, the service provider's responsibilities typically focus on the security of the infrastructure itself, including its physical security. For the customer, though, that means there is still a lot to take on, including identity and access management, encryption, protection from unauthorized access, and compliance, to name but a few.
If it isn't challenging enough navigating the Shared Responsibility Model, and what modules you will and won't purchase from a cloud service provider, there are additional Cloud Security challenges to consider, including:
- Increased attack surface.
- Misconfigurations - which have accounted for a high number of breached records.
- Multitenancy - which could make you collateral damage when another business is targeted.
- Privileged access management - often the role of cloud users isn't strictly controlled beyond what is required.
- Complexity Hybrid, or the use of multiple cloud environments - often also span geographical locations, which in some way reduces disaster risk but in others adds management complexity, including finding tools that work seamlessly across all platforms.
And the list goes on. And on. The impact on any organization, regardless of its' size and IT maturity, is evident. So, let's look at one of the most considered options “ one that Gartner predicted 60% of organizations would embrace as a starting point for security by 2025 in their Top Eight Cybersecurity Predictions for 2022-23: Zero Trust.
So, what is Zero Trust and how does it improve breach detection by impacting those variables for which the customer “ you - typically are responsible? (Remember - identity and access management, protection from unauthorized access...)
NIST (National Institute of Standards and Technology) defined Zero Trust as a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. They went on to say, the goal [is] to prevent unauthorized access to data and services coupled with making the access control enforcement as granular as possible.
While Zero Trust may seem like a relatively new concept, it actually emerged nearly 20 years ago from the Jericho Forum, an international group working to define and promote de-perimeterization in 2004. Three years later, they published the Jericho Forum Commandment stating that: De-perimeterization has happened, is happening, and is inevitable; central protection is decreasing in effectiveness. It will happen in your corporate lifetime.
One of their commandments was Assume context at your peril. They explained that security solutions designed and intended for one environment may not be effectively transferable to work in another. Problems, limitations, and issues can come from a variety of sources, including geographic, legal, technical, acceptability of risk, etc., they explained. Sound like the cloud to you?
The concepts of de-perimeterization evolved and improved into the larger concept of Zero Trust, which was later coined by John Kinder'vag while at Forrester. Zero Trust then became the term used to describe various cybersecurity solutions that moved security away from implied trust based on network location and instead focused on evaluating trust on a per-transaction basis.
Gartner went on to say in their Cybersecurity Predictions that more than half will fail to realize the benefits of Zero Trust. So how does Zero Trust Architecture help businesses improve breach detection in a cloud environment and not miss out on its benefits?
A well-tuned Zero Trust Architecture is based on trust algorithms working in your cloud environment. For example, one type of trust algorithm will be especially helpful when it comes to a detection and response strategy; contextual trust algorithms.
So, what is a contextual trust algorithm? Take, for example, someone from HR who, on average, accesses 25 employee records a day and is now trying to gain access to over a hundred. A contextual trust algorithm might send out an alert in that scenario. But, if this was happening after hours, it could be an attacker exfiltrating records, and the algorithm would pick that up too and take appropriate action.
Or someone from the finance team who typically works business hours in the office is trying to access the system at 1 am from an unknown location. A contextual trust algorithm might require the subject to jump through some more verification hoops while sending out an alert.
Of course, putting together a set of criteria or threshold values for each resource requires planning and testing, especially in a hybrid or multi-cloud environment. But once defined, they offer more dynamic and granular access control and will adapt to changing circumstances far more quickly than other approaches, which helps with the complexity of cloud environments.
You can see how a Zero Trust Architecture combined with contextual trust algorithms could enhance your detection capabilities. Detecting new behaviors over single events would certainly strengthen your security posture. It would also increase the speed of detection overall.
When it comes down to it all, the ultimate goals of Cloud Security are to significantly reduce your Mean Time to Detect and Mean Time to Respond. Zero Trust combined with contextual trust algorithms in a cloud environment will certainly help and keep you ahead of the solutions curve.
Have questions? Need to baseline your security posture - or want to discuss the right Cloud Security model for your business? Give me a shout at VikingCloud today.
.avif)