What is cloud security?
Learn the landscape of cloud security solutions, how different tools work, and how Corelight simplifies cloud security.
Executive Summary:
Cloud adoption introduces new security challenges distinct from traditional on-premises infrastructure. The shared responsibility model defines that cloud service providers are responsible for the security of the cloud, while customers handle security in the cloud. The division of responsibility varies depending on the service type, from the application layer down to physical security.
Key cloud security challenges include multi-cloud complexity, visibility and control issues, cloud threat detection, the need for new incident response tooling, and security misconfigurations.
The cloud security tools landscape is diverse, with solutions for identity management (CIEM), access control (SASE), configuration and workload security (CSPM, SSPM, CWPP, CNAPP), data protection (DLP, encryption), and cloud threat detection and response. These solutions must adapt to evolving security threats and work across different cloud environments.
Network evidence plays a crucial role in cloud security, offering visibility and aiding in the detection and response to threats even across multi-cloud environments. Corelight’s Open NDR platform simplifies cloud security by providing comprehensive visibility, cloud-specific detections, and accelerated incident response capabilities. It standardizes data and schemas for consistent security operations, integrating generative AI workflows to enhance alert context and understanding.
What is cloud security?
Cloud security refers to tools, policies and services used to secure cloud based infrastructure, applications and data.
“Cloud” or “cloud computing” refers to delivery of IT infrastructure services including compute, storage, networking, databases, analytics, etc., through the internet. Cloud services offered by cloud service providers (CSPs) can be leveraged by their customers in different ways resulting in a shared responsibility model for securing the infrastructure. The CSPs are responsible for security ‘of’ the cloud whereas the customers are responsible for security ‘in’ the cloud.
Why is cloud security important?
The proportion of corporate data stored in the cloud has increased steadily reaching to over 60% (Thales) over the years. Organizations can leverage cloud computing to reduce cost, foster innovation and scale of their infrastructure. Although adoption of cloud has advantages for organizations it increases the ‘attack surface’ for security leaders and presents them with challenges that don’t exist in ‘on-prem’ infrastructure. According to a PwC study, cloud attacks are a top cyber risk concern for security leaders.
Attackers are increasingly targeting the expanded attack surface with cloud-native threats as organizations do not have visibility across their infrastructure. Organizations face significant risk with compromised systems, data exfiltration and compliance issues if the right cloud security strategies are not put in place.
Regardless of the size of the organization, cloud security needs to be an integral part of cloud strategy.
Read the Gartner® Competitive Landscape: Network Detection and Response Report
How does cloud security work?
Organizations can deploy cloud infrastructure using different models based on the needs of the business:
- Public cloud: A public cloud is offered by a third-party cloud provider where the same physical infrastructure is shared by multiple tenants who are responsible for control of their applications, data and access.
- Private cloud: A private cloud is offered by the organization itself or a third-party cloud provider but the physical infrastructure is dedicated to the organization. Organizations maintain greater control over the infrastructure in this model.
- Hybrid cloud: A hybrid cloud includes a combination of public cloud and private cloud where data is shared across the infrastructure.
- Multi-cloud: A multi-cloud includes infrastructure from multiple public cloud providers. Organizations leverage multi-cloud to increase resilience and reduce dependency on a single cloud provider.
Furthermore, cloud services are divided into three categories based on the service type:
- SaaS: Software as a service leverages cloud to deliver applications managed by a third-party provider.
- Paas: Platform as a service provides a framework for building and running applications in the cloud that are managed by organizations.
- IaaS: Infrastructure as a service provides resources like compute, storage, networking, etc., managed by third-party cloud providers that can be leveraged on-demand.
CSPs follow a ‘shared responsibility model’ which means that securing the cloud infrastructure is a joint effort between the CSPs and their customers. The shared responsibility model is a security framework that outlines the roles and responsibilities shared between cloud service providers (CSPs) and their customers to ensure data security.
Depending on the service type the division of responsibility may be different:
IaaS | PaaS | SaaS | |
Application configuration | Customer | Customer | Customer |
Identity and access control | Customer | Customer | Customer |
Application data storage | Customer | Customer | CSP |
Application | Customer | Customer | CSP |
OS | Customer | CSP | CSP |
Network | Customer | CSP | CSP |
Host infrastructure | CSP | CSP | CSP |
Physical security | CSP | CSP | CSP |
Organizations must understand the details of their responsibilities for each offering that they use.
Cloud security benefits
Cloud security can help manage the risk across the expanded organizational footprint, secure data, and protect against evolving threats:
- Complete visibility: Enhanced uniform network telemetry across all cloud environments can give complete visibility to the security teams without leaving any coverage gaps.
- Cloud compliance: With the right governance around data storage and use, organizations can ensure compliance with local and international regulations.
- Identify and mitigate cloud threats: Security teams can identify threats, disrupt attacks in progress, and mitigate the impact faster with the right cloud security solutions.
- Increased resilience: With multi-cloud security and data protection solutions, organizations can increase business resilience and minimize the time to recover from targeted attacks.
Cloud security challenges
Organizations face similar challenges in the cloud as they face in their on-prem environments like insider threat, data breaches, etc. However, security leaders will likely face additional challenges, such as:
- Multi-cloud complexity: Managing security across multiple cloud platforms (AWS, GCP, Azure, etc.) can be challenging due to differences in architecture, security controls, and management interfaces.
- Visibility and control: Maintaining visibility into cloud infrastructure and services to detect unauthorized access, data breaches, or misconfigurations is critical but often challenging.
- Cloud threat detections: Many cloud attacks masquerade as normal admin traffic, making detection of cloud threats and vulnerabilities difficult and requiring analysis of various data sources.
- Cloud incident response means new tooling: Developing and maintaining effective incident response plans for cloud security incidents, including data breaches and service outages, is essential but often overlooked.
- Security misconfigurations: Misconfigurations across a complex cloud environment, including storage buckets, network settings, and access controls, are a leading cause of cloud incidents.
Detect and disrupt cloud-specific threats
Securing multi-cloud environments presents significant challenges due to the expanding attack surface and constant evolution of cyber threats and ever-changing network topology. See how to effectively mitigate limited visibility, missed detections and inefficient response times.
Types of cloud security solutions
The cloud security landscape is constantly evolving as new security threats that target the cloud emerge. There is a wide range of security solutions available for the cloud, including:
- Cloud identity management solutions: Cloud infrastructure entitlement management (CIEM) manages identities and privileges in cloud environments. CIEM helps understand which access entitlements exist across cloud and multi-cloud environments and address any vulnerabilities arising from higher level access that are not needed.
- Cloud access control solutions: Secure access service edge (SASE) is an architectural model that converges network connectivity with network security functions for secure access to the cloud. SASE offerings provide multiple converged network and security-as-a-service capabilities through a cloud-centric architecture. These include software-defined WAN (SD WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling, and zero trust network access (ZTNA).
- Cloud configuration and workload security solutions: Cloud security posture management (CSPM) and SaaS security posture management (SSPM) identify misconfiguration issues and compliance risks in the cloud. Cloud workload protection platform (CWPP) secures cloud workloads with runtime safety. Cloud-native application protection platform (CNAPP) combines CSPM and CWPP to secure cloud-native applications. Cloud firewall filters out potentially malicious traffic.
- Cloud data protection solutions: Data loss prevention (DLP) and data encryption solutions secure the data in the cloud.
- Cloud threat detection and response solutions: Cloud security strategy should not only focus on preventive measures, but also prioritize aggregating and analyzing configurations, user access, and network data within Software as a Service (SaaS) and cloud infrastructures. This comprehensive analysis is crucial for gaining valuable insights and detecting potential threats. To effectively identify these threats, it is essential to implement cloud threat detection systems, network detection and response solutions (NDR) solutions, and security information and event management (SIEM) tools.
Most CSPs have security tools that are best suited to their specific cloud environment and organizations with multi-cloud infrastructure struggle with learning and maintaining different security tools across cloud providers. Some third-party security solutions work across multi-cloud environments but it also means new learning and upskilling for security teams.
Why is network evidence integral to cloud security?
Network data analysis across a multi-cloud environment adds a layer of security beyond the preventive cloud security solutions and cloud firewalls. As threat vectors shift for cloud environments, signature based detections that rely on limited data sources like virtual private cloud (VPC) flow logs become less relevant.
An evidence-based strategy involves collecting and analyzing data across the multi-cloud network to identify and disrupt advanced attacks that don’t match known signatures or behaviors. The right network evidence can be helpful for comprehensive visibility, early detection of potential compromise, and streamlining their digital forensics and incident response (DFIR) efforts.
Use cases for network evidence:
- Visibility: Network evidence can capture the consistent detail to drive the visibility for threat hunting and investigations.
- Threat detection: Even when the traffic is encrypted, network evidence can be used to identify attack activity.
- Accelerate incident response (IR): Network evidence can help understand scope of impact for faster response.
How Corelight’s Open NDR Platform simplifies cloud security
Corelight’s network evidence can be enriched and normalized to simplify cloud security. Corelight Open NDR can help:
- Ensure complete visibility across multi-cloud with native virtual TAP integrations. Monitoring/management of security posture is simplified with consistent network evidence that doesn’t rely on VPC flow logs across hybrid and multi-cloud.
- Cloud specific detections like brute force, C2 and data exfiltration, etc., with advanced detection capabilities, including signature, behavioral, and machine learning algorithms. MITRE ATT&CK mapping for cloud threats results in faster triage with historical context to better understand the impact.
- Accelerate IR by transforming cloud traffic to deliver detailed logs, files, and insights, aiding security teams in alert triage and threat hunting. Open NDR standardizes data and schema for consistent use of tools and workflows in hybrid and multi-cloud setups by SOC teams thus eliminating the need for additional training. Finally, it includes Generative AI powered workflows for alert explainability and context.
Looking to improve cloud security across your environment? Contact us