Businesses, large and small, are embracing the Cloud. No matter which research company, vendor or expert you consult, everyone agrees that about four in every five enterprise workloads are either already in the Cloud or will be within the next few months. That means the best-practice security strategy you established just a year or two ago may no longer be fit for purpose.
What does a Cloud-ready security architecture look like? It starts by considering what risks you are trying to mitigate. Whether your business operates a hybrid model with a combination of Cloud and on-premises services or a fully Cloud-based operation, you need to be ready for today’s threats.
You need to be ready for a variety of web-based threats such as zero-day exploits, brute force attacks, trojans, phishing, ransomware, Distributed Denial of Service (DDoS) and compromised credentials. The old approach of traditional firewalls and perhaps an intrusion detection system is no longer the answer.
These issues are covered in an ebook from Versent called Blueprint for best practice of digital capabilities with AWS and f5.
A solid defence against today’s threats in our Cloud-dominated world requires a nuanced approach. This is why Versent says its experiences in helping hundreds of customers are so valuable. By applying a multi-layered approach, Versent says it’s possible to apply resources in an intelligent way.
Know your enemy
The adversaries you’re defending against typically fall into four main groups. Knowing which of these groups are your most likely attackers and understanding what assets they are most likely to target will help you funnel your resources in the most efficient and effective way possible.
- Cybercriminals are focussed on one key target: money. By either stealing or encrypting data through theft or ransomware attacks, they look for ways to monetise their activities. Your defence against them is philosophically simple: hit their return on investment. By making yourself a more difficult target, you change the economics of the attack, making it harder to profit from their activity.
- Insider threats fall into two groups. You may have a malicious insider who is seeking to steal data for their own profit or other motivations. Or, more commonly, staff members leak information — either by not following procedures correctly or through accidental error. The challenge here is that these are typically trusted people who have been granted some level of access by you.
- Hacktivists are trying to promote their own ideology. For example, web site defacements are typically carried out to promote a political or fanatical religious agenda — like a form of high-tech graffiti.
- Nation-state attackers are countries or political regimes with significant resources and patience. They are trying to further their own political or military interests. More recently, some nation-state attacks have been financially motivated as poorer nations seek to steal money from individuals and businesses in wealthier countries.
Finding the signals in the noise
Each of those different attackers has specific tools and techniques they favour. But there is significant overlap in how they work. For example, phishing is often used to try to steal login credentials by many attackers. Ransomware can be used by hacktivists to generate funds to support their cause, or by criminals to make money.
The first layer in your defensive strategy should use cheaper and less targeted defences that can quickly and efficiently eliminate crude attack types. For example, filtering email before it reaches inboxes can eliminate many phishing attacks before they reach users. Or honeypots can be established to lure potential attackers to areas on your network that contain data that looks attractive to attackers but is actually worthless. That enables you to slow them down and detect them so you can take further action. You can also block access from known bad IP addresses and web sites.
The second layer is more targeted. It involves numerous strategies that address the specific concerns you have. For example, setting application-specific policies on web application firewalls helps protect against attacks focussed on specific applications. Segmenting the network prevents an attacker from easily moving laterally from system to system should they get past your initial defences. You can throttle access to APIs (Application Programming Interfaces) so attackers can’t launch a DDoS attack.
All of these solutions can be deployed on the Cloud.
When systems were predominantly on-premises, your defence could take a ‘walls and moats’ approach with firewalls, creating a protective perimeter around systems. With the Cloud, you no longer have a single perimeter. You need a different approach that starts with filtering out the most common and easily anticipated attacks. Then you need to add the application and service-specific defences to protect your valuable data and system assets.
Download Managed Digital Security for more information
This article is published by Which-50’s Digital Intelligence Unit (DIU) on behalf of Versent. DIU Members pay to share their expertise and insights with Which-50’s audience of senior executives.