How have attacker techniques evolved to the cloud ?
Identifying misconfigurations in cloud is one of the top threats security teams face . Attackers know that if they can compromise a misconfigured cloud instance , they can not only access data but also use the cloud as a proxy for further access into the organisation . If you gain access to one cloud application or piece of infrastructure and you can get access to APIs , those keys may allow the attacker to move across multiple cloud environments .
Another aspect is phishing , which is still common . We ’ ve seen attackers are moving to host their phishing pages on known and well trusted cloud applications Another threat vector organisations need to consider is malware delivery . Traditionally , malware will be delivered through the web channel as a link or in a phishing email . Attackers have become very smart , knowing they can use cloud applications to deliver malware . This is an issue because many organisations have put those applications and trusted apps into an ‘ allowed ’ list which circumnavigates standard security policies .
As an example , in our most recent Netskope Cloud Threat Report , OneDrive was responsible for delivering 33 % of malware to organisations . Other similar cloud applications are also used as vectors to deliver malware into organisations .
Why is the growing patchwork of vendors required in a perimeterbased security approach a source of frustration ?
We have this term ‘ console fatigue ’ – when you ’ re jumping between multiple consoles or user interfaces in a day , sometimes in the same hour . That causes fatigue and the challenge is , of course , each console has some underlying technology which requires updates .
The problem we ’ re seeing is that this approach typically fails because of the complexity . The requirement to manage all these consoles adds risk to the organisation too .
What are the key requirements to the business when it comes to security products ?
Four : Ensuring that the employee gets a better user experience and performance . Five : Making sure required metrics for the security team are available . Six : Looking at reducing total cost of ownership . That ’ s usually achieved through a consolidation of these controls .
How can organisations change their approach to remedy these challenges ?
Security Service Edge ( SSE ) – an iteration around SASE – is one of the best-known architectures for modernising a security programme .
Gartner has highlighted that the growth rate for SSE is around 30 % year on year and in the next three years , over half of organisations will have a specific strategy around this .
It ’ s something that organisations are really focusing on right now . Looking at frameworks , architectures and how they can measure those benefits in the six areas I mentioned .
What are the business and security benefits of a Security Service Edge ( SSE ) approach ?
Every employee wants a better user experience . There ’ s always going to be a demand for employees to have more freedom and more flexibility so they can choose the devices they use , as well as the services they consume . They don ’ t want to be restricted based on legacy architecture .
For most organisations , it ’ s also about understanding their use of the cloud . This also helps from a business benefit perspective because it helps focus on cloud governance . When data sits on a service , a platform or a server you don ’ t actually own , you have to start thinking about cloud governance . With SSE , you ’ re more appropriately managing the data where it ’ s residing and can understand who has access to this information , ensuring that data – a true business value asset – is protected .
Where do organisations start if they want to transition to this approach ?
One : Mitigating a business risk and improving the security posture of the organisation , ensuring it meets a specific requirement . Two : Centralising policies and configuration requirements . Three : Assessing how you can roll out new security services faster .
There are usually two approaches – the most common is where an organisation has an existing web gateway . They may have also invested in a Cloud Access Security Broker ( CASB ) to manage their cloud applications and services . Usually , the goal is to combine those , consolidating their web gateway and CASB . This is key for inline security , performance
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 83