Corporations now store 60 per cent of their data in the private, public or hybrid cloud, according to a survey published by Statista in 2022. This figure has increased 30 per cent since 2015 as more enterprises shift their IT infrastructure and other critical assets from on-premises data centres to the cloud to capitalise on the productivity, efficiency, performance, accessibility and other benefits it offers. And this growth is set to continue in 2023 – Gartner, for example, forecasts that worldwide public cloud spending will rise 20.7 per cent from 2022 to hit $591.8 billion this year.
Although migrating to the cloud is advantageous for many reasons, it can also introduce new security challenges, according to Tony Velleca, CEO of advanced managed detection and response service provider (MDR) CyberProof.
“Chief information officers (CIOs) are driving cloud migrations, but they don’t typically consult with the chief information security officers (CISOs) to understand how this will impact the organisation’s security posture,” he says. “Often, this means they continue using the same legacy security solutions, which were only designed to protect assets stored in on-premises or local data centres and are therefore unable to safeguard anything stored in the cloud. This increases their exposure to attacks.”
Businesses are also operating an increasing number of endpoints in the public cloud, which has further expanded the potential attack surface.
“In the past, all of an enterprise’s critical assets were contained within their on-premises data centres or within their own IT network, so there were fewer gaps for hackers to breach,” says Velleca. “Today, we have a growing number of endpoints, including everything from computers and phones to connected internet of things (IoT) and operational technology devices, such as smart meters, self-driving cars, aircraft, sensors on equipment in hospitals or oil refineries, and more. Most of these endpoints are connected to applications that run in the public cloud, which has introduced new vulnerabilities and made it more difficult for businesses to secure their own assets.”
Predicting that the number of cyberattacks will continue to rise as more organisations transition to the cloud and the number of endpoints grows exponentially, Velleca advises businesses to rapidly re-evaluate their security operations centres (SOCs).
“Every organisation will inevitably be hacked at some point, so it’s vital that they can quickly block these attacks before they cause real operational, financial or reputational damage,” he says. “To do this, they should implement solutions that can continuously analyse threat data and rapidly trigger automated alerts or responses in the event of a breach. However, they must ensure they are implementing the right tools to protect the right assets.”
Velleca recommends that enterprises start by identifying the biggest operational threats and determine how they could negatively impact the business. Next, they should analyse their entire ecosystem to pinpoint any potential vulnerabilities that cybercriminals could exploit to cause those operational issues.
“The key to developing robust and highly effective security solutions is to think like a hacker,” he explains. “If businesses take a threat-centric approach and identify potential operational issues and the multiple ways criminals could breach their data or systems, they can proactively create specific detection and response playbooks for each scenario.”
CyberProof’s unique use case factory methodology can help enterprises to do this.
“We create custom use cases for individual organisations, taking into account the industries they operate in, the types of assets, applications and services they have, and more,” says Velleca. “Each use case outlines a specific attack scenario, highlighting how the breach could occur, the potential impact it could have, and which detection and response playbooks enterprises can use to minimise risk. We also develop automations and integrations to help businesses respond to incidents faster, and we continually create new use cases, detection rules and response playbooks to enable them to keep pace with the ever-evolving threat surface.”
In addition, Velleca advises that enterprises adopt cloud-native extended detection and response (XDR) solutions.
“These solutions can aggregate security data from across the entire IT environment, including the security information and event management system, applications, IoT and OT devices, and any other endpoints to help teams detect and respond to threats faster,” he says. “In future, we expect that XDR services will become verticalised to provide more targeted protection for organisations operating in different industries.”
Moving their SOCs to the cloud will not only help businesses to optimise asset protection; it will enable them to lower cybersecurity management costs too.
“Many of the security products that enterprises have been buying in recent years are already natively available in the cloud and include a whole range of new built-in tools, such as artificial intelligence, to help them better address security risks,” says Velleca. “Therefore, moving to the cloud can significantly strengthen their security posture, while also improving operational processes and lowering costs.”
Working with an MDR provider like CyberProof also helps enterprises to overcome another fundamental security challenge caused by cloud migrations: a lack of in-house experts with the knowledge and skills to address all the new and emerging cyberthreats.
“Many cybersecurity employees come from an infrastructure world where they were focused on setting up firewalls and other intrusion prevention systems to defend IT networks, but now most of this is handled in the cloud instead,” says Velleca. “Today, these employees need to be able to configure applications and devices with code and confidently work with with microservices, zero-trust frameworks and more. This requires them to build a fundamentally different skill set, one which is much more like that of a software developer.”
Upskilling current employees or hiring new staff is often prohibitively time-consuming and expensive, but partnering with an MDR provider like CyberProof gives organisations instant access to skilled experts who can deliver continuous threat hunting, detection, analysis and response services.
“We combine this human expertise with our CyberProof Defense Center, which is integrated with Microsoft Sentinel and Defender,” says Velleca. “This enables us to deliver 24/7 targeted threat hunting, threat intelligence analysis, extended endpoint detection and response, and other services to protect our customers’ assets.”
Given that many businesses are already well into their cloud transformation journeys and are now facing pressures caused by increasingly sophisticated hackers, the pandemic, geopolitical instability and an impending global recession, they must act fast to reap the benefits of managed XDR and other cybersecurity services.
“We’re in a unique time where several factors have come together to create an opportunity for CIOs and CISOs to finally align their priorities and create stronger, more flexible, resilient and intelligent cyber defence and response strategies,” says Velleca. “By doing this and investing in cloud-native solutions, they can drive real change and safeguard their organisations’ critical assets, while simultaneously reducing costs.”
This article was originally published in the Spring 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.