As Canadian CIOs looking increasingly at various flavours of the cloud for some of their organization’s solutions they also have to consider the security impacts — in particular if they can use their current strategy or need a separate one for the cloud.
An article this week on CSO Online citing two recent vendor surveys that brings interesting light to the question and points to information CISOs need to keep in mind.
For example, an analysis of customer data from cloud security provider Alert Logic shows that in all types of cloud environments by far the most common type of incident was a Web application attack (75 per cent), followed by brute force attack (16 per cent), reconnaissance (5 per cent), and server-side ransomware (2 per cent).
Of those Web app attacks, the most common vectors were SQL (47.74 per cent), Joomla (26.11 per cent), Apache Struts (10.11 per cent), and Magento (6.98 per cent).
Of the sites that faced brute force attacks WordPress was the most common target at 41 per cent, followed by MS SQL at 19 per cent.
Note that WordPress, Joomla and Magneto are public cloud offerings.
So one question raised by this data is what’s your organization’s strategy for protecting against these attacks?
The article quotes Alert Logic advising CISOs to focus on three main areas for their cloud security strategy:
— Security tools for cloud environments must be native to the cloud;
— Define your architecture around the security and management benefits offered by the cloud, not the same architecture used in your traditional data centers;
–Identify points where cloud deployments are interconnected to traditional data centers running legacy code, because these are weak points.
The other survey cited was done for network monitoring solutions provider Gigamon. Half of the respondants said the cloud can “hide” information that enables them to identify threats. Almost half agreed that with the cloud they don’t see information on what is being encrypted, on insecure applications or traffic, while about one-third said they don’t get information on SSL/TLS certificate validity.
There are ways to solve the visibility problem, a Gigamon official is quoted as saying, starting by identifying how you want to organize and implement your security posture. These include any or all of intrustion detection systems (IDS), security information and event management (SIEM), forensics, data loss prevention (DLP), advanced threat detection (ATD).
There’s also this advice from the Gigamon exec: Not everything about a company’s existing security strategy has to change for the cloud. Keep using deep content inspection for forensics and threat detection, for example.
Cloud security is a tough challenge for CISOs. It takes a lot to craft a strategy that protects the organization yet still allows the advantages of flexibility that cloud allows. But as many organizations can show, there are ways.