This article is part of our State of Cloud Security 2021 Series which interviews a diverse mix of cloud security experts, design-makers, and practitioners with a goal of better understanding their perspectives on the current state of and future of cloud security.
JG: What is the state of cloud security today?
RJ: It’s very sad.There’s a mindset that what worked five years ago is still applicable today. When in reality, what worked five months ago isn’t even applicable today. A lot of the methods, procedures, and tools that people use are outdated. Cloud security threats are constantly evolving and it’s overwhelming for security companies or IT departments because they just don’t know how to keep up. So, they keep doing the same thing they always do, which doesn’t work, and it’s why we’re seeing all of these breaches.
JG: What are the most common challenges organizations face when it comes to cloud security today?
RJ: The procedures I mentioned above, the ones from five years ago, are now causing a lot of human error. The most common reason for a cloud data breach is misconfiguration. Meaning, somewhere along the way, a person made an error setting up the cloud firewall or setting up the way the cloud servers talk to each other. This can open the door for cyber espionage or cybercrime. It really comes down to incompetency–and not in a negative way. With everything in this space evolving so quickly, there can be a lot of unknown if you’re not keeping up with what you need to.
JG: What lessons can be learned from the biggest cloud-related breaches of 2020?
RJ: In January of 2020, Microsoft announced a breach that they discovered from December of 2019 where 250 million support ticket records were leaked. This is one of the biggest examples of incompetency, because this breach was caused by a complete misconfiguration by their network security engineers. They never named somebody individually, but someone on the network security team that is supposed to keep things safe, misconfigured their cloud servers and left that door wide open. These support ticket records were opened to the public, anybody with an internet browser could access these people’s names, email addresses, and what they were looking for support on, for a period of about two weeks.
Another breach we can take a lesson from happened to Marriot. In 2018, Marriot had 339 million records leaked due to a misconfiguration by their network security engineers. But it didn’t stop there. Last year, they had another 5 million records leaked, this time due to insider threats. It was discovered that two employees were found to have used their credentials to gain access to these records. Meaning, somebody somewhere hired these people and paid them to open the door to those records.
In summation, the most valuable lesson we can learn from these breaches is that they’re all related to human error.
JG: What are 3-5 pieces of advice for organizations looking to improve their cloud security in 2021?
RJ: A well rounded approach to effective cloud security isn’t just about blocking cybercriminals from gaining access to your network, because the odds are, they already have. You have to approach cloud security the same way you would if you thought there was a stranger hiding in your house. As soon as you find evidence of a data breach, that means they’re already in your network. You then need to fight them from the inside and find out where they have footholds within the network such as a bot they may have installed or different code they may have injected. It’s a race against the clock, because the longer they’re in there, the more of a foothold they can grab. Which leads me to my next piece of advice.
The only way to win the race against the clock and remove the attackers foothold within your network is with Machine Learning and Artificial Intelligence. Machines will move much faster and with more accuracy than human beings, and it continues to prove itself as the only path forward.
Lastly, use common sense.There was another Microsoft breach last year to the point where the White House was advising government agencies to unplug exchange servers (Microsoft email servers) from their networks. Microsoft put out a five-step plan for all the network security administrators to fix the patch. But that was the problem: those 5 steps were the same remedy that Microsoft had been using for the past decade and did not address the fact that the attackers were already in their network, they already had a foothold. So, use your common sense and understand that if you left the door open to your house, now you have to go and search around for what that person may have taken or if they’re even still in your house!
JG: What’s the future of cloud security?
RJ: There’s two real areas of the cloud. There’s SaaS, a cloud app that you purchase and may use for CRM or email. Then, there’s also private or shared cloud servers, meaning you’re moving your servers that you used to have in your office to the cloud. But they still have to exist somewhere. So, moving into the cloud actually means that there is still a physical box somewhere in a data center that is your server now.
For SaaS, we’re going to start to see more continuous real-time monitoring for live feedback from that SaaS provider. Meaning, your security engineer should be informing you about the state of your security, where they see some vulnerabilities right now, and what they are doing to address those. Transparency is going to be key–and SaaS providers that don’t provide that security transparency are going to go under.
We’re also going to start seeing more native cloud security. All the security measures and tools (save for a few that are at the forefront) that exist right now are made for that on-premise network. They’re made for the servers that used to live at your office. So, you’re going to start to see more native security tools that are developed specifically for the cloud soon.