by Rajendra Jagtap
Maintaining security across hybrid multi-cloud environments is a complicated task for businesses. Inherent challenges associated with overseeing a distributed-but-connected architecture combining on-premises, private, and public clouds are amplified by a continuously evolving threat landscape, making cloud security an urgent priority for most businesses.
Although it is common practice to use multiple cloud-based environments within the same business, they must be configured and managed separately. Firms often assume that they do not need full visibility into the infrastructure’s security posture, which leaves it vulnerable to external threats. Factors that can compromise security include:
Infrastructure security is vital to ensure business continuity while maintaining optimal productivity. Cloud-based security solutions reinforce a firm’s security and compliance strategy by implementing the necessary controls and procedures. While cloud service providers (CSPs) are accountable for infrastructure management, maintaining security posture is a shared responsibility between the CSP and the customer (organization). Since services are deployed outside the organization’s security boundary, securing cloud infrastructure requires a different approach altogether.
Assuming that everything within the organization’s security perimeter is safe and compliant is not an ideal security strategy, primarily when core components of the infrastructure reside on the cloud and not inside the organizational perimeter. In such a scenario, however, keeping track of all cloud workloads and resources, managing access privileges, and maintaining compliance across all cloud assets can be extremely difficult.
As we know, phishing attacks lead to credential theft and credential theft leads to potential critical infrastructure attacks. The goal of these cyberattacks is often less about financial gain and more about disruption—creating as much chaos and damage as possible. Malicious actors use stolen passwords to access and hack networks, causing service outages. Just one successful supply chain attack on critical infrastructure can have catastrophic impacts.
To successfully protect critical infrastructure and networks, it is important that businesses implement security strategies to prevent critical infrastructure attacks and have structured security measures in place. The steps and proactive measures outlined here are not specific to any one provider; rather, they should be included in a holistic approach to securing multi-cloud environments leveraging Zero-Trust (i.e., trust but verify) and SASE principles.
Privileged accounts are the most valuable to any hacker as they offer unfettered access to your systems. You should not be using these accounts to do your day-to-day job, even as an admin. Setting apart highly privileged accounts is essential to protecting your networks.
Make sure role-based access control (RBAC) is fully configured across all users, so that you can control who can do what. Regularly audit access to ensure access privileges remain aligned with personnel roles and responsibilities.
Despite the prevalence of ransomware attacks on businesses in general, the use of MFA is still relatively rare. However, MFA is really the lynchpin for securing all environments and should be table stakes in the cloud. Whether you are a normal user or a super user, MFA should be configured for any and all access to all systems at any time. Implementing this relatively simple measure could help thwart disastrous attacks with far-reaching consequences.
Though a powerful deterrent, MFA on its own might not be enough. This is where conditional access comes into play. You can configure specific requirements for users and devices connecting to your networks as a secondary line of defense. Should a malicious actor get through your MFA, they can still be denied access if they do not meet set criteria, such as whether they are allowed access to certain apps, or if they have failed authentication a number of times.
Businesses should assemble teams that are strong in different areas, and strive to continually add expertise either through training or hiring. Having an in-depth understanding of IaaS, PaaS, and SaaS technologies across containerization, server-less, micro-services, 5G, edge, on-premises, and cloud ecosystems is critical, as is a robust knowledge of best practices when deploying workloads.
One of the primary problems for cloud-based security is a combination of the complexity of corporate infrastructures and large-scale automation technologies used by hackers to look for known errors, such as misconfigurations or exploitable versions of software. The majority of infrastructure security failures and vulnerabilities are a result of human/known errors, mainly in the form of cloud resource misconfiguration. Using PaC, which is a way of automating the security function, helps the security team operate as a cloud highway builder rather than a toll booth operator. Businesses implementing and using PaC benefit from automatic and immediate feedback on security issues before software is deployed.
Continually review and monitor the operational status, usage, and health of any devices, components, and services by implementing automated monitoring guardrails, policies and controls with central access, and control across infrastructure. Similarly, pay close attention to potential adversaries so that you can detect security events early. For example, you could monitor updates from the Cybersecurity and Infrastructure Security Agency (CISA) to help you understand how to protect businesses and your networks from current cyber threats. Knowing what is happening in the broader ecosystem enables you to proactively protect your customers from whatever threats are in their environment.
Every business should have a detailed plan for handling security events, whether they involve issues with end-to-end security, governance, staff turnover, or other factors. If an employee leaves your organization, for example, you need to ensure you can quickly close down everything they have access to—that could be via single sign on or active directory or domain controller.
You should also consider how you communicate with your customers about what you are doing and what they need to do in such events. Test response strategies and communications via tabletop exercises both internally and with your customers—and don’t panic when issues arise. These exercises are meant to reveal gaps and opportunities to refine your operating processes.
The Center for Internet Security (CIS) publishes benchmarks for what good security looks like across different operating systems, cloud providers, endpoints, and other variables. There are different levels, so you can determine your current risk level and aim to increase your security rating over time. Setting targets will help you craft the security story you will use to inform customers and stakeholders, as you can clearly demonstrate what you are doing and how that compares to benchmarks.
Mandatory security awareness training for all employees should be part of your company’s yearly training policies and security strategy.
Email is the most common attack vector (91% of cyberattacks start with an email); therefore, email security should be prioritized and should protect against all thirteen email threat types—from spam and ransomware to spear phishing, business email compromise, and account takeover.
Instead of relying on different remote access solutions from different vendors, organizations should seek out a standardized solution that is not only easy to use but also extensively secured.
Network segmentation helps reduce the spread of ransomware if a threat actor infiltrates an organization’s systems. Micro-segmentation then takes organizations to zero trust-based access, reducing the overall attack surface.
Regularly investigate software that is running on network devices and continuously maintain configuration management DB (CMDB) and asset management DB (AMDB). If software is unused or unauthorized, it should be removed immediately. Pay special attention to remote monitoring and remote access tools; if your organization is not using them, they should be disabled.
These applications are outward facing and can be vulnerable to distributed denial-of-service (DDoS) attacks and intrusion. It is important to pay particular attention to how these apps are accessed either via bots or humans (or both).
Businesses should test backups regularly and monitor access control of the backups. Threat actors know how to look for backup assets, so it is vital to protect these assets and know who has access to them.
Cloud-based security solutions offer a comprehensive approach to infrastructure security and account for the following:
There are various security solutions available that target specific security needs. Some of them include:
Understandably, critical infrastructure will always be a high-risk target of cyberattacks. As ransomware becomes more sophisticated, preventative measures must be taken to minimize disruption, damage, and chaos. Implementing cybersecurity best practices before an attack is your most effective defense. The steps outlined above can help you mitigate some security risks (from attacks, identity thefts, data loss, abnormal activities, vulnerabilities or breaches) and proactively monitor infrastructure to keep it as secure, compliant, and uneventful as it can be.
FI Consulting’s approach to security adheres to the Zero Trust Maturity Model and NIST frameworks, and implements cloud-native services for multi-cloud architectures. It centers on preventing unauthorized access to data and services while making access control enforcement as granular as possible. We leverage automated scanning, integration of security tools, and effective performance measures that proactively reduce threats and vulnerabilities across hybrid multi-cloud infrastructures.
If you are interested in learning more about how FI can help secure your organization’s hybrid multi-clouds infrastructure, please email [email protected] or call us at 571.255.6900.
