Cloud computing is nothing new in 2023, but is certainly still a growth piece of technology infrastructure, and one upon which many organisations work to build their IT infrastructure, whether across one cloud provider such as the market leaders AWS, or, increasingly, around a multi-cloud strategy across several providers, and some public cloud offerings.

However, with any technology consideration, a security consideration is not far behind. The statistics speak for themselves: Over 94% of organisations are already using cloud hosting for some of their IT infrastructure. 48% of these use it to store sensitive data. Yet the security practices for securing this environment still rank as a pressing concern for security professionals, with 75% citing cloud security as a top concern.

This concern comes with good reason. Recent years have seen cloud-based attacks and data breaches wreak widespread havoc, and have caused the loss of data on an untold scale. Examples of these breaches, just from 2022 alone include the FlexBooker breach, which saw 3.7 users exposed, and a data breach which saw the data of 1 Billion Chinese citizens stolen.

For decades, security teams have relied on the SOC Triad - Endpoint Detection & Response (EDR), Network Detection & Response (NDR), and Security Information and Event Management (SIEM) - along with traditional compliance tools such as vulnerability management, on-premise firewalls, email security, and Intrusion Detection & Prevention Systems (IDS/IPS). These tools formed the baseline of a full-featured Security Operations Center (SOC) that allowed enterprises to secure their on-premise networks. However, with the shift to cloud computing, security teams face new challenges that require a different approach. Cloud environments are more complex, and the shared responsibility model for cloud security means that traditional security tools may not be enough to protect cloud workloads. As a result, security teams need to adopt new strategies and tools that provide continuous monitoring, visibility, and protection for their cloud-based assets.

The cloud is a diverse and ever-evolving landscape that encompasses public, private, and hybrid clouds, as well as serverless computing and containers. Each of these forms of the cloud presents its own set of unique challenges for security teams. In Infrastructure as a Service (IaaS), for instance, many organisations lift and shift their existing servers to the cloud, leading to security blind spots and loss of network visibility.

Containerization is another method, driven by platforms such as Docker and Kubernetes, the agility of containers can lead to security teams not having time to implement security functions into services, hampering detection and response. Despite this, it has been very popular, rapidly consuming mindshare across a broad range of industries; most notable IT & Telecom, Professional & Financial Services, Healthcare and the Public sector. (Ref) This rapid growth in interest and adoption also brings new security challenges. There is increasing appetite among adversaries to target this growing attack surface, acknowledged by IT leaders who are citing security as the most significant challenge to organisations looking to adopt the technology, which has led to Increasing numbers of businesses are struggling with visibility into their cloud estates, and where they have visibility, knitting it together to form a cohesive and manageable view.

Software as a Service (SaaS) and serverless computing, meanwhile, require a different approach to monitoring security as the underlying infrastructure is often monitored by logs, which may not be sufficient.

Shifting left

One solution is to shift left, or remove problems before they become issues. While this makes sense, detection and response still has a place in cloud environments as all controls will eventually fail. Some vendors propose an agentless approach to detect issues as they emerge, but the APIs exposed by different cloud vendors may not provide consistent or sufficient information for effective detection and response.

Rather than adding complexity by purchasing new tools, organisations can redefine their security operations for both on-premise and cloud systems by reevaluating the tooling they have and reducing the number of tools while maintaining capability. Choosing tooling that provides security monitoring for both on-premise and cloud systems, and focusing on how network and endpoint data can be unified across complex environments, can help address these challenges.

It’s important that teams have visibility across every aspect of their network, in order to gain true contextual understanding of incidents in their cloud environment. Something which may just seem unusual in a cloud context may seem outwardly malicious once the context is gained from other areas of their network and infrastructure, such as on-prem. In summary, securing cloud workloads requires new strategies and tools that provide continuous monitoring, visibility, and protection. With the increasing complexity of the cloud, it is important to adopt a proactive and holistic approach to cloud security to mitigate risks and protect data and applications.