In 2020, the cloud industry will continue to focus heavily on security issues. Why?
For starters, everything in the cloud is delivered to the client via software, while somewhere below that layer lies the physical equipment, like servers, rack cabinets, and wiring. It’s hard to tame something that exists somewhere between these physical resources, the internet, and final client software.
Additionally, more and more companies—including conservative entities in government, healthcare, mining, financial, and insurance—will be moving to the cloud, and they need to be certain that their data is secure. Cloud security will have to be intensified this coming year, as more audits are expected in connection with data privacy violations and regulations, such as GDPR, looming on the horizon.
We all know that when a security incident occurs, we don’t have much time to react. Every wrong decision we make can lead to another problem. In the cloud, this can be especially problematic because one client’s security incident can spread to all other users of the same cloud provider.
For example, transferring files unknowingly infected with malware to the cloud can potentially damage stored data and significantly increase the risk of infection of any device used to access this data. Automatic data synchronization in the cloud can even transfer malicious code without any user’s action. By sharing cloud space with other users and clients it is possible to infect all of them with one harmful file, which can lead to destructive data breaches and even ransomware attacks.
It’s past time to take security seriously. Here below, we cover some cloud security trends to watch in 2020.
Are you a cloud security expert? We need your knowledge. Write for us!
New 5G and IoT Threats Are Coming
Many IT professionals think that 2020 will be the year of 5G technology, and I agree with them. The introduction of 5G has already begun, and all companies, including the cloud vendors, must address its challenges. With the development and dissemination of 5G, the use of cloud-connected IoT devices will increase. However, the security of the connections between these devices and the cloud networks are still not as robust as they should be, exposing them to incidents like 5th generation cyberattacks. These attacks are multithreaded and multidimensional, with the goal of infecting all elements of an IT infrastructure including its networks, virtual machines, servers, and, of course, vulnerable IoT devices.
These days, our ordinary household appliances can be used as the starting points or midpoints of large cyberattacks, and, by connecting to the cloud and other systems, they can facilitate further spread of them. Our smart washing machines, smart ovens, and smart dishwashers often have operating systems with vulnerabilities, and they can be connected to a cloud management system via a 5G network. There, these attacks can spread rapidly and outmaneuver conventional detection-based security systems, such as firewalls.
Security issues of these types of devices are often marginalized, since many people wonder why anyone would want to break into their oven. While IoT and 5G are cool, they are also risky. And a hardening of this security area will have to happen.
Let’s Be Vigilant About PICERL
Identifying security incidents is no longer enough to ensure security in the cloud. If you only identify a problem but do nothing to fix it, it can return in the exact same place, or elsewhere. In 2020, we’ll need to be more vigilant in applying PICERL phases to the resolution of cloud security problems. These phases are:
- Preparation: Here, you create response strategies and build a security team. This phase includes everything needed to maintain the security handling process.
- Identification: This includes determining if an event is an actual incident and verifying that it is not a user or admin mistake. You then need to find out how widely deployed the compromised system is (i.e., its potential scope) and if other factors exist that reduce or increase the vulnerability’s risk or potential impact.
- Containment: You must prevent an attacker from getting any deeper into impacted systems or other systems to “stop the bleeding.” This phase can be split into short-term and long-term containment. In the short-term, you’ll want to try to prevent an attacker from causing more damage without tampering with the evidence. In the long-term, a patching provider and client software and hardware—in this case, in a cloud environment—is critical.
- Eradication: Here, you need to determine the causes and symptoms of the incident to understand how it was executed and prevent reoccurrence. With the bleeding stopped, the goal becomes getting rid of the attacker’s artifacts. Try to isolate the attack and determine how it was executed.
- Recovery: This stage involves putting the impacted systems back into production in a secure manner. Ensure that the whole system environment is working properly before announcing to clients that the problem has been eliminated.
- Lessons Learned: After the attack is over, document what happened, and improve capabilities via a root cause analysis. Based on what you learned, try to fix your processes and technology as well as improve your incident-handling capabilities.
Complexity Causes More Problems
Many companies use cross-clouds and hybrid clouds instead of a single cloud, creating additional layers of complexity. It’s easier to be focused on security concerns in a single cloud environment than it is in an environment that uses multiple different clouds simultaneously. If you use a variety of cloud solutions, you must be aware that your entire cloud-based system is only as secure as its least-secure element.
IOD creates expert-based content for some of the biggest brands in tech.
Even if one cloud provider has already eliminated a specific vulnerability from its system, another vendor might still be vulnerable to it. Additionally, when you work with the same data on different platforms at the same time, data leakage can occur in areas where it is easiest to bypass security. The matter is made even more complicated when various suppliers are required to solve the security problem.
In some situations, it might be better to minimize the use of cloud solutions. Reducing complexity will result in a more secure environment.
Increasing Security Is the Cloud Providers’ Goal
Cloud providers must ensure that they meet all safety requirements for their customers. As they take on more customers who operate on high-value information, such as governmental and financial institutions, they face a higher and higher risk of a potential attack.
The Capital One data breach illustrates how even industry leaders, such as AWS in this case, can be taken down by gaps in security.
Some big public cloud players realized that the level of security they offer can be leveraged to attract new clients. Last year, Palo Alto Networks declared that it would spend $410 million to take over Twistlock, a cloud security-oriented startup, in order to strengthen its position in the cloud.
There’s no question about it, cloud security will ramp up in 2020. The main catalyst for this will be the further development and dissemination of 5G networks and IoT devices, but more audits and legal regulations will also force companies to adopt better security practices. Another significant driver behind this trend is the impact of experiences such as the 2019 Capital One data breach.
Companies offering cloud services—and their clients—will have to find additional resources to introduce a secure product lifecycle management process (SPLC) to a cloud environment–if they don’t already have one–while also improving overall levels of security. The implementation of the PICERL approach should be a key aspect of any SPLC. Being aware of this and other cloud security trends should help you to stay on top of your company’s growing security needs.