The Growing Importance of Cloud Security and Zero-trust Architectures

The adoption of cloud services is on the rise, and enterprises are fast adopting multi-cloud strategies for multiple reasons, such as better cost management, diversified operational flexibility, improved resiliency, agility in support of mergers and acquisitions, and more. According to a recent study on cloud security, more than 79% of enterprises, which have adopted cloud, have more than one cloud provider. However, with each cloud provider, the complexity of multi-cloud deployment increases, resulting in a corresponding increase in threats and risks of cyberattacks.

A holistic approach is required to consistently apply Zero Trust architecture for securing multiple and heterogenous cloud environments. Such an architecture:

• Establishes visibility into who has access to what and for what purposes and appropriately limits the privileged access with segregation of duties.
• Manages security posture of identity and devices and secures access to enterprise applications and data across multi-cloud environments and SaaS applications.
• Dynamically enforces security policies based on the risk context of the request and behavioral analytics.

‘Secure By Design’ is a key approach for applying Zero Trust architecture and securing resources, including infrastructure, workloads, identities, and data in multi-cloud environments. Given the significance of Zero Trust in securing the cloud, let us discuss some of the key aspects to consider before its adoption:

Implement a least-permission framework: Hackers can exploit excessive permissions to access cloud resources with an increased blast radius. Misconfigurations in permission settings can lead to unauthorized access to sensitive data, service outages with unauthorized access to critical resources, and similar incidents. The principle of least privilege that ensures that all identities (human or non-human) in the cloud have only the minimum permissions required to perform a task reduces the attack surface.

Managing the blind spots of data security: Companies must protect sensitive data objects stored in the cloud with context-aware data security solutions and manage their security posture through a Data Security Posture Management (DSPM) solution. Such solutions help with the automated discovery and classification of data stored in the cloud and prevent misconfigurations due to blind spots that obscure data visibility.

Enhanced threat detection: The lack of visibility across the infrastructure and application stack in the heterogenous cloud environments add to the challenges. AI-driven technology can detect threats and anomalies in the baseline cloud security framework.

Security with shift-left: With the pervasive adoption of code-based deployment of cloud resources, enterprises seek to apply shift left for securing the DevOps pipelines. The transformational shift to consider security at all lifecycle stages of the cloud journey strengthens the security posture of multi-cloud landscapes.

AI and ML-based adaptive cloud security: AI and ML are considered fundamental elements of the mesh of cybersecurity strategy in the cloud. The rapid expansion of cloud services requires quick alignment with AI and ML-based use cases for cloud security controls, including managing cloud configurations, detecting anomalies, and preventing unauthorized actions.

Serverless security: With serverless computing becoming popular, the walls between attackers and cloud resources have diminished. The serverless applications are fine-grained, microservices-based, with multiple entry points. Thus, the security controls are built within the serverless functions to secure fine-grained and right-privileged access to applications.

Cloud misconfigurations: The misconfiguration of cloud resources is a widely prevalent cloud attack vector that opens the door for unauthorized access to cloud data and resources. According to the National Security Agency, cloud misconfiguration is a top vulnerability in cloud security and is classified as an attribute for nearly 80% of data breaches in the cloud. The increase in the pace of the rollout of cloud services is also adding complexities to security policies. The misconfigurations can introduce failings in the cloud architecture that defense-in-depth and zero-trust principles can address.

Supply chain security: The risk of misconfigurations in the cloud can render the enterprise an easy target for supply chain attacks. Thus, adequate measures are needed to reduce the attack surface with layered security and limit the damage in case of compromise on the supply chain.

Thus, as the adoption of multi-cloud services increases, a zero trust-based approach in securing the cloud services is required to reduce the attack surface and optimize the overall costs of security configurations. Such practices in cloud security shall be coherent with the architectural framework of the enterprise and will establish innovative practices in securing the future needs of cloud transformation journeys.

Authored By Shambhulingayya Aralelemath, Associate Vice President and Global Delivery Head, Cybersecurity, Infosys