Over the last two years, there has been a considerable increase in the use of cloud and SaaS applications by enterprises to support offsite employees and maintain customer connection channels available. At the same time, it has raised the danger of shadow IT, data exfiltration, and insider threats. A shift in cyber security strategies is thus crucial in navigating this landscape.
ManageEngine, Zoho Corporation’s enterprise IT management subsidiary, which provides end-to-end IT management and security solutions to enterprises worldwide, recently announced the cloud access security broker (CASB) component for its SIEM solution, Log360.
CIO World Asia spoke with Manikandan Thangaraj, Vice President, ManageEngine to discover insights on cyber security strategies.
Major Risks Causing Compromised Networks
Though security risks such as malware and phishing attacks are prevalent in the cloud landscape, there are three major security risks that result in most cloud security attacks—cloud misconfigurations, insecure APIs, and poor implementation of identity and access controls.
When enterprises move their resources and data to the cloud, they tend to apply configurations that worked well for their on-premises setup, but not in the cloud. In the cloud landscape, organisations must understand the shared security responsibility model to correctly configure resources and set up data access control policies. A single misconfiguration of one of these could result in accidental exposure of data or a security loophole that could lead to a massive data breach.
Next on the list is insecure APIs. With the cloud, data communication between the end user and the resources hosted on the cloud happens through APIs. If these APIs have vulnerabilities and aren’t secured, adversaries can abuse them, resulting in a cloud data leak. So it’s imperative to use secured and authorised APIs to perform operations on cloud resources.
With the cloud, identities form the basis of security. Access to cloud resources and data is determined based on user identities. Identity theft costs you more on the cloud than on an on-premises network. Organisations need to strengthen their identity and access management approach. Implementing a Zero Trust architecture, following the principle of least privilege, and continuously monitoring user activities to detect behavioural anomalies can be used to implement an identity-driven security approach that will reduce the impact of identity-based cloud attacks.
Transparency In Usage Of Cloud Applications
In today’s hybrid work environment, CIOs have observed a significant number of employees using non-corporate software and cloud services such as social networks, messengers, and other applications, which raises a significant concern when it comes to cloud security.
Shadow IT monitoring is one of the biggest concerns when it comes to perimeter-less networks like cloud deployment. IT teams monitor perimeter devices to know when someone is trying to intrude on an on-premises infrastructure, but they need to deploy reverse and forward proxies to know what’s happening in the cloud environment.
Tools such as cloud access security brokers (CASBs) help CIO’s overcome the issue of shadow applications by providing IT security teams visibility into cloud app usage, apps accessed from unmanaged devices, users accessing and modifying data on the cloud, and much more for holistic cloud security monitoring. CASB data can be further enriched using contextual insights from existing cybersecurity solutions, giving IT teams an edge over intruders.
CASB’s Role In An Enterprise Cybersecurity Strategy
Any enterprise that’s moving to the cloud can benefit from the proactive security strategies offered by a CASB. A CASB is a solution that sits between an organisation’s users and the various cloud services they access. Because of where it sits, a CASB not only helps an organisation authenticate and authorise users as they attempt to access cloud resources, but it also enables the organisation to identify what flows in and out of the cloud.
CASBs help provide comprehensive cloud security by giving analysts visibility into cloud environments, preventing and containing cloud security threats, preventing data leaks and breaches, and meeting compliance needs.
CASBs also shed light on cloud app usage and user behaviours to give security analysts insights into misconfigurations and provide the option to fix them before they’re exploited by adversaries. This is essential because many cloud security attacks are the result of exploited misconfigurations.
CASBs also shed light on cloud app usage and user behaviours to give security analysts insights into misconfigurations and provide the option to fix them before they’re exploited by adversaries. This is essential because many cloud security attacks are the result of exploited misconfigurations.Manikandan Thangaraj, Vice President, ManageEngine
Effective Management Of Security Operations Centre
Moving away from software applications, physical infrastructure too plays a key role in cyber security defence. The security operations centre (SOC) is an essential aspect of any enterprise, and it involves people, processes, and technology that continuously monitor and improve an enterprise’s security posture. The SOC is primarily responsible for responding to attacks and using key parameters such as mean time to detect, acknowledge, and respond to improve their attack responses. Another major responsibility of the SOC is educating users on the importance of cybersecurity and creating awareness around social engineering attacks.
With the evolving work environment, enterprises must reconsider their security strategies; this involves the SOC implementing an effective threat hunting system. To do this, CIOs must formulate security strategies that align with the network infrastructure, define what KPIs the SOC should look for, determine how to conduct security auditing, define procedures to tackle incidents, and plan out mitigation steps to contain attacks.
An all-rounded approach comprising patched software, smooth operations and informed personnel is key to bolstering cyber security defences. With cyber attackers upping their game daily, organisations also need to strengthen their defences to stay ahead.