Multi-cloud related issues range from enabling easy user log-ons without duplicating credentials that can increase the risk of a data breach to the need for improved authentication mechanisms that can detect – for example – a log-on from Florida followed five minutes later by an access attempt from India.
Moreover, improved identity and access control are only one part of the puzzle.
To gain an insight, Digital Journal spoke with Richard Diver Cloud Security Architect, Insight Enterprises.
Digital Journal: What is the current state of cybersecurity?
Richard Diver: Everyone is now more aware of the risks and impacts of poor cybersecurity on both the business and personal fronts. That awareness is good, but the solutions to control the risks and prevent loss and damage are still maturing behind the curve of the attackers’ capabilities. This is primarily due to the complexities of the past, poor adoption of rapidly changing best practices, and lack of resources to implement and respond quickly.
DJ: Are threats becoming more sophisticated?
Diver: Yes and no. While attackers are finding new ways of infiltrating systems, the most successful attacks still involve some of the same issues we have seen for the last two decades: social engineering, poor patch management and passwords. Fixing these three things would stop most attacks in their tracks, but these are three of the hardest issues to solve.
DJ: What challenges does multi-cloud use present in relation to access controls?
Diver:Standards are different across the platforms, so it is important that we find solutions that can bridge the gaps and bring uniformity to the way we operate the disparate environments. Identity access management (IAM), cloud access security broker (CASB), cloud workload protection platform (CWPP) and cloud security posture management (CSPM) platforms are all key to building this new multi-cloud strategy.
DJ: In relation to identity theft, what additional concerns are there with multi-cloud systems?
Diver:Gaining access to valid identity credentials allows attackers to carry out their missions without impediment. Visibility and control are therefore very important. Identities are the vehicles in which all actions are taken. Knowing who is doing what, where, when and why is a critical capability, along with the controls to govern which actions are valid and which are malicious. Behavior analytics, constant verification and lifecycle management are key to the success of a strong identity and access management solution for the multi-cloud world.
DJ: How can authentication mechanisms be improved?
Diver:We have to start treating passwords as next to useless when it comes to authentication. Authentication needs to be based on multiple conditions in order to grant access. We may trust the people in our organizations, but we cannot trust their digital identities to be impervious to attacks. The more sensitive the data they are handling, the more controls we need to implement. By implementing multiple layers of authentication, such as device based, app controls, network segmentation, tokens and biometrics, we enable our systems to assess the trustworthiness of the authentication being presented and request additional methods when necessary.
DJ: What other measures can businesses take (e.g. workforce education)?
Diver:Workforce education on cybersecurity is not only helpful for the business, but will also protect employees in their personal lives. Understanding the risks, and identifying potential malicious behaviors, enforces awareness across the business. A healthy level of paranoia can be useful to ensure credentials are not entered into fake websites, or socially engineered influences don’t impact the actions of our people.
We all want to be productive and get work done, so we need to balance these controls with the impact on daily work routines. We also need to engage the business to help identify the weakest areas of security and agree on the most suitable controls to implement. Being too heavy-handed will cause people to try to work around the controls, but going in too softly will increase the risk of attackers gaining access and causing huge productivity loss.
