What’s Next With Cloud Security
Posted July 28, 2023 by Sayers
The 2023 Gartner Security and Risk Management Summit covered an ambitious range of cybersecurity topics, from trends in security strategy and organizational resilience to the changing face of data security. Though not an official agenda track at the conference, cloud security emerged as a recurring topic of conversation among presenters and attendees.
As today’s organizations continue to invest in cloud platforms, they’re looking for the best ways to secure cloud-based data, applications, and infrastructure from internal and external threats.
Among the top technology investments in 2023, cloud platforms saw a 50% increase in new or additional spending compared to 2022, behind cyber and information security (66%) and business intelligence and data analytics (55%), according to a 2023 Gartner CIO and Technology Executive Survey.
The Cloud Security Aspect Of Cybersecurity Mesh Architecture
Last year Gartner introduced Cybersecurity Mesh Architecture (CSMA) as a new concept of integrating security tools into a cooperative ecosystem. CSMA emphasizes tight integration between different security technologies, with a focus on identifying the minimum set of toolsets that can achieve the outcomes organizations want.
The results include better detection and response to threats, and more adaptive and granular access control.
“A tool rationalization exercise can help evaluate your current cybersecurity toolset for consolidation opportunities,” says Doug Close, Senior Vice President of Solutions at Sayers. “Beyond that, consider how tightly your current tools integrate and, more importantly, what specific strategies and challenges they solve for.”
Several technologies and toolsets within CSMA support cloud security, specifically:
Cloud Access Security Broker (CASB). CASB is a core functionality of Security Service Edge (more on that below) for Software as a Service application security. CASB, which focuses on areas including compliance risks and access control, serves as an intermediary between users and cloud service providers to consolidate enforcement for multiple types of security policies such as authentication, encryption, logging, and alerting.
SaaS Security Posture Management (SSPM). An offshoot of the CASB space, SSPM includes API-driven integrations and focuses on areas including SaaS risk assessment, configuration drift monitoring, and security control automation.
Cloud Workload Protection Platform (CWPP). For organizations using cloud for Infrastructure as a Service (IaaS), CWPP focuses on protecting any type of workload in enterprise environments, including physical servers, virtual machines, containers, and serverless workloads.
Cloud Security Posture Management (CSPM). Supporting Platform as a Service (PaaS) offerings, the CSPM toolset identifies cloud platform configuration problems and compliance risks in the cloud, gauging them against a regulatory framework or a custom check you’ve created.
Cloud-Native Application Protection Platform (CNAPP). CNAPP integrates a variety of cloud security capabilities for multiple layers of protection, including CSPM, CWPP, and Cloud Identity Entitlement Management (more on CIEM below). CNAPP supports IaaS and PaaS deployments, helping identify and reduce security and compliance risks during development and production of cloud-native applications.
Ken Wisniewski, Sayers Senior Security Architect, says:
“CNAPP is considered the big platform to cover cloud security challenges and provide a path forward away from point products.”
Cloud Infrastructure Entitlement Management: A New Approach To Identity
An often repeated Gartner prediction is to expect 99% of cloud security failures to be the customer’s fault through 2025. Chris Willis, VP of Cybersecurity and Network Engineering at Sayers, says:
“Chances are, those failures are probably going to be in the identity space. The customer opened up and allowed something, they didn’t authenticate the users, and now it’s publicly exposed.”
Managing cloud permissions has become more challenging as the number of cloud service offerings has expanded. For example, AWS went from offering three services in 2006 to more than 300 today.
Cloud Infrastructure Entitlement Management (CIEM) has emerged as a category of identity-centric SaaS solutions that manage identity access entitlements in those increasingly larger and more complex cloud environments.
“CIEM provides a tremendous amount of value in terms of understanding your cloud identity and access management including your roles, capabilities, and permissions offered to various entities within your cloud environments,” Wisniewski says.
CIEM helps solves the complexity of Identity Access Management (IAM) in securing public cloud. Gartner says:
“Security and risk management leaders must combine traditional IAM and cloud security approaches with CIEM for efficient identity-first security.”
In their recent conference, Gartner predicts the CIEM market ultimately will integrate into many of the CNAPP platforms for visibility across the cloud environment as well as on premise.
Security Service Edge: The Security Side of SASE
A Secure Access Service Edge (SASE) architecture converges networking (SD-WAN) and security functions in the cloud for seamless secure access. Many SASE deployments tend to be dual-vendor endeavors, with one vendor handling SD-WAN and another providing the security side of SASE, known as Security Service Edge (SSE).
SSE secures access to cloud environments by bundling together a range of technologies and capabilities for access control, data security, threat protection, and security monitoring.
The four core SSE services are:
- Cloud Access Security Broker (CASB)
- Cloud Secure Web Gateway (SWG)
- Zero Trust Network Access (ZTNA)
- Firewall as a Service (FWaaS)
SSE often includes additional security capabilities such as:
- Domain Name System (DNS) Security
- Remote Browser Isolation (RBI)
- Web Application and API Protection as a Service (WAAPaaS)
As more organizations move to fewer security technology providers, a growing number of vendors are converging technologies into platform offerings. SASE/SSE aligns with that consolidation trend. According to Gartner’s 2022 Strategic Roadmap for SASE Convergence:
“By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services, and private application access using a SASE/SSE architecture, up from 20% in 2021.”
As Gartner points out, an organization’s decision to consolidate security vendors and technologies should not just be for budgetary reasons but also for the capabilities and cybersecurity outcomes delivered by bundled solutions.
Zero Trust Goes Back To The Basics
Over the years, Zero Trust has moved beyond its “never trust, authenticate everywhere” approach that eliminated the idea of trusting some users and devices by default. Today, we see attempts to tack the label onto any cybersecurity technology.
“There is a tremendous amount of misconception about what Zero Trust is, what it means, and how to approach it,” Wisniewski says. “That misconception and confusion leads to a devaluation of the term.”
Gartner’s recommendation around Zero Trust, articulated in their recent Summit, is to take the concept back to the basics and focus on the specific standards that define Zero Trust, such as the National Institute of Standards and Technology (NIST) Special Publication 800-207 on Zero Trust architecture.
The NIST publication focuses on the basic tenets and logical components that should be involved in Zero Trust architecture. “An example of this approach is Google Cloud’s BeyondCorp Zero Trust solution, which focuses on a very specific set of capabilities versus trying to boil the ocean to implement Zero Trust,” says Wisniewski.
BeyondCorp enterprise access management shifts access decisions from the network perimeter to individual users and devices, so employees can work more securely from any location.
Questions? Contact us at Sayers today to learn how to create a cloud security strategy for your business.