7 Practices to Bolster Cloud Security and Keep Attackers at Bay

By Manikandan Thangaraj, ManageEngine

Since the COVID-19 pandemic, enterprises are increasingly utilizing hybrid environments, complex network architectures, and multicloud infrastructure. With over 72% of organizations using multicloud applications, visibility and context can be a challenge, creating difficulties for security professionals working to block sophisticated threats.

Within such vastly distributed environments, it is important to secure digital assets and prevent attackers from exploiting any security loopholes and cloud misconfigurations. Bad actors are using AI to expand the attack surface and exploit cloud networks; however, there are steps to take to keep these attackers at bay.

1. Reduce the Organization's Cloud Attack Surface

First of all, reducing the attack surface does not necessarily mean reducing the number of cloud applications in the enterprise. Moreover, if bad actors are going to use AI to bolster their attacks, it stands to reason that organizations too should use AI in their cloud security strategy. By adopting AI-based behavior profiling, the security operations center can reduce the attack surface, automate workflows within applications, mitigate attacks, and remediate successful attacks.

2. Utilize AI for Predictive Remediation

Related:How to Create a Cyber Security Incident Response Plan

AI tools can facilitate quicker threat detection, investigation, and response. All healthy cloud security postures should utilize ML-based user and entity behavior analytics (UEBA) tools. Such tools effectively identify anomalous behavior across the network, while facilitating rapid investigation of potential threats and automating responses to mitigate and remediate attacks. Ideally, security professionals want to find vulnerabilities before an attack occurs, and such AI tools can help to do just that.

3. Use Identity Mapping to Bolster Cloud Security Threat Detection

As enterprises continue to move to the cloud, identity security is beginning to complement, and even overtake, endpoint security. Security professionals are increasingly interested in who is behaving anomalously, rather than how, where, or why such behavior is occurring. By mapping cloud activities to users in the network, security personnel can derive contextual data by looking at who accessed which resources, data, and applications.

4. Rely on a Centralized Platform to Investigate Threats Across a Multicloud Environment

When a threat occurs in the cloud, it can sometimes be difficult to assess the potential impact across a distributed or multitenant surface. By utilizing a centralized platform, security personnel have access to a response center that can automate workflows by orchestrating with different cloud applications, which in turn reduces the mean time to resolve (MTTR) incidents and threats.

Related:Linux Security in the Cloud Era: Best Practices for Protecting Your Cloud Workloads

5. Correlate Network Events with Cloud Activities

By analyzing data from the network and cloud services, security professionals can identify patterns, relationships, and potential threats. It is vital that an enterprise's correlation rules for cloud security data have been designed, tested, and carefully implemented. Such correlation activities can help defense systems find and analyze unusual traffic, anomalous account usage, or unauthorized access to cloud storage.

By correlating access and security logs from cloud applications, security personnel can identify attempts at data exfiltration from the cloud. As a quick example, if a SOC professional is investigating potential customer data exfiltration from a cloud-based CRM tool, he or she would want to correlate the logs of that CRM tool with the logs of other cloud applications, such as email or team communication tools. A correlation could reveal a compromised user account and/or exfiltration of data via the CRM tool.

6. Eliminate Shadow IT and Regularly Conduct Cloud Security Risk Assessments

It's worth highlighting what a danger shadow IT poses. The use of unsanctioned applications across the network — a trend that has risen since the pandemic — leads to security vulnerabilities and potential threats. Security personnel should frequently perform cloud security risk assessments and audits. By taking a bottom-up approach, CISOs can gain visibility into granular components, and then move on to assess the overall security posture of the network.

7. Have a Well-Defined Incident Response Plan in Place

In case an attack is effective, it's vital to have an incident response plan (IRP), as well as a disaster recovery policy, and policies related to internal and external reporting. Across the globe, incident reporting requirements are becoming stricter, especially in the European Union. As a quick example, the recently enacted NIS 2.0 directive mandates that covered entities now have a mere 24 hours to report a cyberattack after the organization is cognizant of such an attack.

In addition to having an IRP and conducting regular risk assessments, it is also important to conduct penetration tests to ensure you always have access to sensitive data. Moreover, do not neglect to provide employees with security training, implement MFA, and regularly update all security tools.

Lastly, it's worth remembering that cybersecurity is an ongoing process —one that mandates constant attention and an ability to adapt to evolving threats. That said, by implementing these seven practices, organizations can mitigate threats, protect their network, and ensure the safety of all their digital assets.

About the author:

Manikandan Thangaraj is Vice President of Program Management at ManageEngine.