Five mental shifts we must make to achieve security beyond perimeters
Data centers aren’t exactly going extinct, but given the massive shift to public clouds,
you need to make some significant adjustments if your mindset doesn’t
already include or understand the cloud. The problem is that not every
organization knows how to prepare for and embrace the cloud-driven
future. It can take some major mental adjustments to shift mindset from
on-prem environments based on the data center, which has a clear and
definable perimeter, to the nebulous world of the cloud.
To help you get your mind out of the data center, beyond the
perimeter, and into the cloud, we suggest you consider the five mental
shifts outlined below.
The threat landscape is evolving
There was a time when keeping an eye on your network perimeter was
sufficient to catch most threats. Today, that’s not the case. The 2017
Threat Landscape Survey from SANS found that endpoints and end users are
now the front line of the battle against online threats. These are the
most frequent targets for attackers who want to weasel into your
organization’s network.
Among the most common threats this past year were phishing and
ransomware, both of which can often skirt traditional perimeter-based
security solutions like firewalls and antivirus. Zero-day exploits,
while less common, are a good example of how the most advanced threats
laugh in the face of perimeter-based security. In light of this reality,
understanding how the landscape has changed (and how it will continue
to change) is the first key to better protecting your organization
against the modern threat landscape.
Detection must precede prevention
In the cloud, where you don’t have a defined perimeter to monitor
closely like you would with a data center, detection matters more than
prevention. Prevention was the name of the game with static, on-prem
environments, but today it’s not a viable strategy.
The reality is that threats of all sorts — from insider misuse to
nation-state attacks to more mundane varieties of cybercrime — evolve
quickly, as I mentioned above. At some point, they will inevitably slip
past your defenses. For this reason, prevention alone is a
head-in-the-sand strategy.
If your security strategy
is focused on detection, however, you’ll know when a breach happens,
and you can take steps to stop the attack in its tracks. None of this is
to say that you shouldn’t employ basic preventive measures — like
making sure your environments are configured correctly. But if your
entire strategy is prevention, you’ll regret that in the cloud.
Real-time visibility matters
It follows that you can’t let detection lag significantly behind any
incident that takes place. Ideally, you want to adopt an integrated and
comprehensive intrusion detection platform (IDP) that solves the
fundamental problem of not having sufficient visibility into your cloud
environment. This way, you can be alerted in real time (or near real
time) about risk behaviors, rather than after those behaviors have led
to a breach.
Types of behaviors you want the ability to catch in real time include:
- Access to development and production environments
- Logins under root
- User privilege escalation.
A strong host-based IDP will help you answer the key questions of
who, what, when, and where, so that risky behavior can be addressed and
mitigated quickly. This is the best way to ensure that you don’t become
the next headline or casualty in the cyberthreat landscape.
Point solutions can’t cut it
As you might imagine, point solutions are not an ideal way to address
the shifting threat landscape. Oftentimes they don’t focus enough on
detection, and even when they do, they require a lot of manual effort to
connect the data from disparate point solutions and piece together the
bigger picture. This means you can’t respond at the speed at which
threats proliferate today.
It’s never been more important to invest in security tools that
provide a complete, 360-degree view of your systems and that can quickly
(ideally automatically) correlate data points when a threat arises. As
mentioned previously, an IDP or other platform that provides real-time
visibility is the best way to ensure that you can always stay one step
ahead of attackers.
Security is a team sport
There was a time when it made sense to have a single point person or a
small team in charge of security. These folks would be brought in right
at the end of the development cycle, before a product headed off to
market. They would tsk-tsk about any policies, standards, or regulations
that had not been met, and implement patches where needed.
This doesn’t work anymore, for a number of reasons, but particularly
because continuous development and continuous integration methodologies
don’t allow for the time lag that this approach requires. Anytime
security lengthens the product release cycle, it becomes the enemy,
because it undercuts speed — the primary reason for moving to the cloud!
For today’s business velocity, you must integrate your security
practices throughout the product development lifecycle. This means that
security can’t just be a function of the security team. Your Development
and Ops pros need to know how it works and what it means for their
jobs, and they must be able to apply best practices with a minimum of
hand holding. This is the idea behind the discipline of SecOps, and it’s the key to ensuring that security is a business enabler, not a roadblock.
Five shifts, one mindset
The five shifts described above may take some time to make,
especially if your organization has been on-prem and in the data center
for a long time. But they are well worth making because they will enable
your business to take advantage of all the benefits the cloud has to
offer without sacrificing security at the altar of speed.
When you learn to prioritize detection, seek out visibility, and
approach security like a team sport, you enable your entire organization
to stay competitive in today’s high-velocity landscape. That outcome is
well worth the effort it will take to shift your mindset from the data
center to a cloud-specific security paradigm.
Comments
Post a Comment