What are the key aspects of cybersecurity in the cloud?
In the past, when services were not located in the cloud but in each company’s own data centres, it was possible to think that the scope was more limited. We knew what needed to be protected because we had defined it.
With the cloud, the concept changes slightly. Now we don’t have such a clearly defined playing field, and within these limits it is necessary to share certain infrastructure, which makes it more complex to apply certain security controls. Although there are many, I will highlight three aspects that I find most relevant.
One of the main points to consider is data protection. Normally, the ultimate goal of cybersecurity is to protect information, and in a shared environment such as the cloud, this is essential. It must be ensured that the information stored in the cloud maintains the correct levels of confidentiality and integrity.
Another factor to bear in mind is the application of hardening techniques. Basically, working to make cloud systems as secure as possible from the point of view of the configuration of the environment itself.
I also consider the factor of visibility and traceability to be particularly relevant. In cloud environments, depending on the scenario, it is possible that some traceability of information may be lost due to the shared infrastructure. This is a problem, given that any process must have the capacity to keep records.
What are the main objectives?
In cybersecurity, the main objective is traditional: to ensure its basic pillars based on confidentiality, integrity and availability. In the context of the cloud, this does not change, but there are other aspects depending on how it is achieved.
Depending on the environment, the cloud can become chaotic. From a cybersecurity perspective, we have to secure and govern this chaos so that it does not become an ‘ungovernable monster’. It is necessary to put up automated barriers and have complete visibility.
Similarly, one of the potential handicaps of the cloud is agility. The cybersecurity team cannot become a ‘stopper’ of projects, but rather we must work at the same pace in these high-speed cycles.
What cybersecurity risks does the cloud face?
The inclusion of cloud systems solves some security-related problems, as, depending on the case, it is the service provider who is responsible for managing the risk, but at the same time it includes other needs to be addressed.
We could discuss many points, but here are the ones I think are most important to highlight:
- Insecure default settings. In the cloud, services are not ‘born’ protected based on best practices. Although much progress has been made, cybersecurity professionals are obliged to review each configuration to avoid leaving the door open to possible cyberattacks.
- Insecure or unauthorised access. In some cases, if there is no well-structured control, ‘keys’ can be distributed in the cloud to those who do not need them. Poor authorisation management can result in devastating attacks.
- Lack of visibility and traceability. Comparatively speaking, the visibility options available in an ‘in-house’ solution or system are greater than those offered in the cloud. This loss of visibility must be taken into account in different scenarios.
How does it differ from cybersecurity in other environments?
There are several notable differences. The first, and what I consider most important from a cybersecurity perspective, is the change or modification of the perimeter. When we had a traditional environment with our ‘in-house’ service, we clearly defined our entire line of defence; we knew how far we had to protect. In cloud environments, that line separating the outside world from our systems changes and extends, requiring us to constantly ask ourselves where connections are coming from and whether they are legitimate.
Another important point to highlight is the understanding of shared security with the cloud service provider. We have gone from having our own servers and security systems to sharing them with third parties. In other words, we are delegating part of the security to an external actor who provides a foundation, but does not do everything. This requires a good security architecture where design is paramount.
How has cybersecurity evolved in the cloud?
The evolution of the cloud has been incredible in every way. In a very short time, much of today’s Internet is in the cloud. And like all technology, it has undergone major technical and conceptual changes.
At first, the cloud was a great unknown and, at the same time, mistrusted. We knew, in part, that the future lay in jumping on this bandwagon, but we still saw services as much more secure when set up on our own infrastructure. The first steps were to set up non-critical environments, replicating the complete security systems we already knew.
As the cloud advanced, we saw how security also increased and some of the more traditional systems were not strictly necessary, as part of that security was shared. At this point, we identified a lack of our own security configurations, meaning that doors could easily be left open due to a series of configuration errors. In this case, it was not a matter of exploiting complex vulnerabilities, but rather a lack of prior security, which made it necessary to take security into account from the very beginning of the architecture.
Finally, everything has continued to evolve towards automation. Nowadays, even more so with the incorporation of Artificial Intelligence, cloud processes are often preceded by automation. Not so many manual services are deployed, but rather a template, a blueprint, a guide to the system is provided, showing how we want our environment to be built, so that we can focus on what is really important.
