Check out all the on-demand sessions from the Intelligent Security Summit here.
In recent years, cloud computing has proven itself as one of the fundamental technologies empowering modern enterprises with on-demand connectivity. Without it, the widespread move toward hybrid work wouldn’t have been possible during the COVID-19 pandemic. Yet what about cybersecurity in this new cloud-centric world?
The convenience of instant connectivity has created new vulnerabilities for security teams to confront, and many organizations are still playing catchup, with 81% of organizations experiencing cloud-related security incidents in the past year.
Yet in spite of this, in a recent Q&A with VentureBeat, Amol Kulkarni, chief product and engineering officer at leading CNAPP vendor CrowdStrike, explained that he believes that in spite of its complexity, the cloud will prove to be a net-positive for security teams.
Cybersecurity in the cloud, from an industry leader’s P.O.V.
Kulkarni highlights the role that technologies like CNAPP and attack surface management tools can play in increasing visibility over an organization’s risk posture and mitigating vulnerabilities and misconfigurations across cloud, hybrid and multicloud environments.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Following is an edited transcript of our interview.
VentureBeat: What do you see as the central cybersecurity challenge for organizations looking to secure their cloud environments in 2023?
Amol Kulkarni: Fundamentally, the modern adversary has become faster (with an average breakout time of less than 30 minutes for 30% of attacks) [and] more sophisticated (with nation-state actors using unique cloud attack tactics), and [is] increasingly targeting cloud environments (with a 288% growth in cloud workload attacks according to CrowdStrike threat data).
The central challenges for organizations seeking to respond to these modern threats facing cloud environments [are in] three key areas:
1. Lack of visibility
The dynamic nature of hybrid and multicloud environments creates complexity for security monitoring, which opens the door for shadow IT. And since many organizations split responsibilities between devops, security and IT teams, blind spots can originate when attacks move laterally across environments from cloud to endpoint.
That’s why having a cloud native application protection platform (CNAPP) that can provide complete visibility into all cloud resources becomes critical to identifying and stopping breaches quickly.
2. Increased costs and operational overhead
When multiple cloud security tools are used instead of a CNAPP (which consolidates everything into a unified solution), it can lead to fragmented approaches that increase costs and complexity.
In fact, Gartner states that 99% of cloud failures will be the customer’s fault due to mistakes like cloud misconfigurations. When security and devops teams have to pivot between cloud security tools, they’re often using multiple dashboards instead of a CNAPP solution with a unified dashboard.
3. Shared responsibility model
The shared responsibility model can be misunderstood, leading to the assumption that cloud workloads — as well as any applications, data or activity associated with them — are fully protected by cloud service providers (CSPs).
This can result in organizations unknowingly running workloads in the cloud that are not fully protected, making them vulnerable to attacks that target the operating system, data or applications. Even securely configured workloads can become a target at runtime, as they are vulnerable to zero-day exploits.
VB: How is threat detection changing as more organizations embrace cloud adoption?
Kulkarni: As organizations migrate to hybrid cloud or multicloud environments, how organizations think about threat detection must evolve as well — especially when addressing threats across many cloud environments.
The threat landscape[s] in hybrid and multicloud environments are different, and the technology and IT environments are different. The cloud is highly dynamic, scalable and ephemeral. Thousands of workloads are created for multiple tasks, they’re API-based and typically use identity and access management (IAM) roles to separate workloads.
As such, threat detection in the cloud must cover identity, security posture, compliance, misconfigurations, APIs, cloud infrastructure and workloads, including Kubernetes and containers.
VB: Do you have any suggestions for organizations that are struggling to fill the cloud skills gap?
Kulkarni: The most effective way that organizations can address the skills gap is through a consolidated, platform approach that reduces operational and technical expertise. This can be further supplemented through managed services.
For example, a managed security service for cloud can deliver 24/7 expert security management, continuous human threat hunting, monitoring, and response for cloud workloads. Think of it as an extension of your SOC team.
Tackling cloud misconfigurations
VB: How can CISOs and security leaders better manage cloud misconfigurations to improve cybersecurity?
Kulkarni: We recommend three key actions:
- Establish visibility in the cloud environment with a CNAPP solution that can represent the organization’s entire security posture, not just pieces of it.
- Enforce runtime protection to stop accidental or weaponized misconfigurations in all cloud environments. We believe that can only be achieved with a CNAPP solution that includes both agentless and agent-based protection to detect and remediate threats in real time.
- Incorporate security into the CI/CD lifecycle by shifting left to prevent errors in code, such as critical applications running with vulnerabilities.
With these steps, CISOs can implement a robust set of best practices and policies that are also agile enough to meet the needs of devops teams.
VB: Any comments on attack surface management?
Kulkarni: The cloud footprint for organizations is expanding at an unprecedented rate and their attack surface is growing because of it. CrowdStrike Falcon Surface data shows that 30% of exposed assets on cloud environments have a severe vulnerability.
Based on the shared responsibility model, the onus to protect cloud data falls on the customer, not the cloud service provider. Common cloud security risks like improper IAM permissions, cloud misconfigurations and cloud applications provisioned outside of IT can make organizations vulnerable to attack.
External attack surface management (EASM) allows organizations to migrate safely to the cloud, while accounting for their entire ecosystem (subsidiaries, supply chains and third-party vendors).
EASM solutions can help organizations uncover misconfigured cloud environments (staging, testing, development, etc.) and enable security teams to understand their associated risks. With a complete view of its external infrastructure, an organization can quickly resolve cloud vulnerabilities while keeping pace with its dynamic attack surface.
VB: Do you believe the cloud is a net-positive or negative when it comes to enterprise security?
Kulkarni: Cloud is a net-positive as a whole, with its ability to scale on demand and improve business outcomes for organizations that are dealing with resource constraints. Cloud with the right security in place can power the future of business growth for organizations.
Top 3 to secure the cloud
VB: What are the top three technologies organizations need to secure the cloud?
Kulkarni: We recommend a CNAPP solution that’s agent-based and agentless, and incorporates:
- Cloud workload protection (CWP) that includes runtime protection of containers and Kubernetes, image assessment, CI/CD tools and frameworks, as well as real-time ability to identify and remediate threats across the application lifecycle. And when deployed via an agent sensor, more rich context and action can be taken more accurately and quickly.
- Cloud security posture management (CSPM) with an agentless approach that unifies visibility across multicloud and hybrid environments, while detecting and remediating misconfigurations, vulnerabilities and compliance issues.
- Cloud infrastructure entitlement management (CIEM) that detects and prevents identity-based threats, enforces privileged credential controls and provides one-click remediation testing for accelerated response. When combined with an identity-based protection strategy for identity assets, nearly 80% of all breaches can be mitigated.
VB: What’s next for CrowdStrike?
Kulkarni: As a recognised CNAPP leader, we are committed to delivering the best CNAPP solution in the market, which is delivered from the cloud-native CrowdStrike Falcon platform. Expect continued innovations around new attack detections to meet the needs of DevOps and DevSecOps teams, while also investing in additional managed services for cloud and expanded pre-built integrations with cloud service providers.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.