Cloud security, hampered by proliferation of tools, has a “forest for trees” problem


This illustration shows a cloud with a lock above a globe of the Earth.
Image: Ar_TH/Adobe Stock

A new study Networks found that, on average, organizations rely on over 30 tools for overall security, and that degree of complexity is making for less security, not more.

Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security still hamper their cloud migration efforts, according to the 2023 State of Cloud-Native Security Report.

SEE: CrowdStrike: Attackers focusing on cloud exploits, data theft (TechRepublic)

Three quarters of respondents to Palo Alto Networks’ survey reported the number of cloud security tools they use creates blind spots that affect their ability to prioritize risk and prevent threats. Over three quarters said they struggle to identify what security tools are necessary to achieve their objectives.

90% of C-Suites respondents said they could not detect, contain and resolve cyberthreats within an hour, and about half conceded that a majority of their workforce doesn’t understand their security responsibilities.

Jump to:

Top challenges to providing comprehensive security, top to bottom, left to right

Respondents to the Palo Alto Networks’ survey named the top challenges to providing comprehensive security, which include the following:

Managing security holistically across teams

It isn’t enough to adopt a responsibility model between cloud service providers and users; companies need to look inward, and eliminate silos insofar as they prevent security processes that work for development, operations and security.

Embedding security across the cloud-native development lifecycle

Embedding the right cloud security solutions at every stage of the application development process from code to runtime is critical.

Training IT, development and security staff to use security tools

Cloud-native application development requires securing “exponentially more cloud assets across code, workloads, identities, data, etc., and across multiple execution environments, such as containers, serverless, and platforms,” noted the firm.

Lack of visibility into security vulnerabilities across cloud resources

Palo Alto Networks calls vulnerability management the “holy grail of application security.” But achieving this means being able to mirror the scale, speed and agility of the cloud, according to the company. Successfully done, it can reward companies with near real-time detection of threats and vulnerabilities.

Using the right tools

In the report, the ideal cloud security solution is scalable and able to handle immediate security needs and additional use cases as the company expands cloud applications and uses.

C-Suites executives unsure about secure cloud deployment

The report is based on a survey of 2,500 C-level executives worldwide in November and December 2022 that tracked enterprises’ shift from on-premise software and services to the cloud and found a generally weak security posture. A common theme among executives surveyed was that their organizations need to improve visibility into multiple clouds as well as incident response and investigation.

“With three out of four organizations deploying new or updated code to production weekly, and almost 40% committing new code daily, no one can afford to overlook the security of cloud workloads,” said Ankur Shah, senior vice president, Prisma Cloud, Palo Alto Networks.

“As cloud adoption and expansion continues, organizations need to adopt a platform approach that secures applications from code to cloud across multicloud environments.”

5 keys to best-in-class security capabilities and ease of use

According to the survey, the top factors companies consider when choosing security solutions for their cloud applications were:

  • Ease of use.
  • Best-in-class capabilities.
  • Potential impact on enterprise performance.
  • Familiarity with vendor or tool.
  • Competitive pricing and/or cost.

The survey found that enterprises are split between a single security vendor/tool approach and a multiple security vendor/tool approach for each of their security needs.

Companies keep too many security arrows in their quivers

Three quarters of the leaders Palo Alto surveyed said they struggled to identify which security tools were necessary to achieve their objectives, which led to deploying numerous single point security solutions — of the 30-plus security tools on average that organizations are using, six to 10 are dedicated to cloud security.

SEE: Open source code for commercial software applications is ubiquitous, but so is the risk (TechRepublic)

A quarter of respondents reported using both in-house and open source tools, with most of the companies polled saying they deploy multiple vendors to secure their clouds, networks and applications (Figure A).

Figure A

This illustration shows a comparison table of security incidents.
Image: Palo Alto Networks. Thirty-three percent of companies use multiple vendors/tools to secure cloud assets.

Security gaps persist in spite of efforts

Palo Alto Networks’ study reported that only about 10% of respondents couldn’t detect, contain and resolve threats in less than an hour. In addition, 68% of organizations were unable to even detect a security incident in less than an hour, and among those that did, 69% couldn’t respond in under an hour (Figure B).

Figure B

This illustration shows increase in security incidents.
Image: Palo Alto Networks. Thirty-three percent of companies use multiple vendors/tools to secure cloud assets.

How to avoid blind spots and poor overview of security risk

Recommendations from the study’s authors include quickly identifying anomalous or suspicious behaviors that indicate a compromise, and focusing on the means of increasing near-constant visibility of cloud assets, in part by eliminating blind spots caused by the lack of a holistic approach to security tool deployment. The authors also suggested:

Incorporate security at all stages

Security teams should have a comprehensive understanding of how their company goes from development to production in the cloud to find the least disruptive insertion points for security tools.

“Starting by raising visibility and fix-recommendations for software with known vulnerabilities and container image scanning is a great first step towards getting early buy-in from DevOps or platform teams,” the report said.

Adopt threat prevention techniques

Deployment tactics can actively block zero-day attacks and contain lateral movement in the event of a breach. Also, calculate net-effective permissions across cloud resources to ensure best practices for least-privilege access.

“At the very least, organizations should consider applying prevention solutions to their mission-critical applications,” said Palo Alto.

Align cyber tactics with cloud presence

Don’t end up with dozens of tools siloed for specific security use cases in the cloud, leading to what Palo Alto Networks calls a “sprawl” of tools that bog down cloud security teams and leave visibility gaps. The company suggests reviewing cloud adoption goals over a two to five year span.

Consolidate tools where possible

Unify data and security controls into a platform approach to obtain a comprehensive view of risk, versus the granular views provided by several siloed tools.

“By consolidating tools, security teams can automate correlation and tackle the most important security issues across the application lifecycle,” noted the firm.

Acting fast when an incident occurs depends on a strong policy

Security incidents on computers and other devices, networks, applications and cloud services platforms requires a fast response. The sooner one reports to IT and relevant security teams the better when receiving suspicious messages, noticing unusual changes to system or device performance, discovering a misdirecting link or any other suspected attack or infiltration. Download TechRepublic Premium’s Security Incident Response Policy to learn best practices for incident response.


Source link