Q&A with Jon Murchison, CEO and Founder, Blackpoint Cyber.
Q: What aspects of cloud infrastructure and services might make an organization vulnerable?
As in on-premises environments, every layer of the cloud stack can introduce potential risks. From the foundational cloud infrastructure, such as Kubernetes clusters, to the virtual machines like EC2 instances and the Docker containers running on those instances – each component requires thorough assessment. Additionally, cloud applications and the user access profiles tied to them can pose significant vulnerabilities.
Assessing cloud security means evaluating each layer individually and in relation to the entire stack. Modern security tools are evolving to provide comprehensive visibility, assessing risks holistically across the stack, and considering the context of these resources to deliver a more accurate understanding of overall security exposure and act accordingly to safeguard.
Q: Doesn’t the cloud provider worry about my protection? It is their cloud and not ours.
Cloud providers prioritize securing their infrastructure but operate under a shared responsibility model. This means both the provider and the customer have distinct security obligations. The cloud provider is responsible for securing the foundational infrastructure, such as physical data centers, servers and the network. However, customers are responsible for securing their own assets within that environment – this includes managing data, applications, configurations, identity and access controls, monitoring for threats and ensuring security patches are applied.
In other words, while the provider safeguards the cloud, customers are accountable for securing what they put into the cloud.
Q: Aren’t the default security settings provided by the cloud providers enough to protect against cyber threats?
Relying on default settings can leave you exposed to a variety of threats, because they might not address the unique intricacies of your environment. While default configurations offer basic protection, they are not designed to defend against sophisticated and evolving threats. To strengthen your security posture, it’s crucial to go beyond these defaults by customizing access controls, implementing detailed security policies, actively monitoring for suspicious activity and regularly patching vulnerable components within your cloud environment. A layered security strategy that addresses all potential entry points is essential for combating modern threat actors—this is known as defense in depth.
Q: If I use the security tools provided by the cloud provider, do I still need to implement my own security measures?
Yes, even with the security tools provided by your cloud provider, you still need to implement your own security measures. While the provider may offer tools for managing access and protecting your data, it’s your responsibility to configure those tools correctly – deciding who has access and ensuring policies are enforced. Additionally, you need to actively monitor for suspicious activity, train your team on security best practices and have a robust backup and recovery plan in place. The cloud provider equips you with valuable resources, but it’s up to you to secure your environment based on your organization’s specific needs.
Q: Isn’t MFA enough protection to protect my users and my data?
While Multi-Factor Authentication (MFA) is a critical security measure, it alone is not sufficient to fully protect your users and data. Threats such as adversary-in-the-middle attacks and session hijacking can still bypass MFA. To strengthen security, it’s important to adopt a multi-layered approach that goes beyond MFA. This includes implementing strong password policies, endpoint protection, continuous monitoring and regular security awareness training for employees. By combining these defenses, you can better protect against escalating threats.
Q: What role does identity have to play with cloud infrastructure?
Identity is one of the most critical components of your cloud security strategy. In many ways, it defines your attack surface – without users, many security risks wouldn’t exist. Managing who has access to what within the various layers of the cloud stack can be challenging due to its complexity. However, by carefully controlling access at each layer, from infrastructure to applications, you can enhance both security and flexibility. Identity management must be enforced across the entire cloud stack and throughout the deployment pipeline to ensure consistent, robust security.
Q: Is it important to monitor cloud applications used by cloud users?
Absolutely. Monitoring all applications, especially third-party ones, used by your organization’s cloud users is critical. Cloud environments make it easy for users to quickly deploy unapproved or ‘shadow IT’ applications without proper oversight. This can happen in seconds through cloud marketplaces, potentially introducing significant security risks. Users may unknowingly install these applications, bypassing security protocols and exposing the organization to vulnerabilities. Regular monitoring helps ensure that only approved, secure applications are in use, reducing potential threats.
Q: How can an organization assess its cybersecurity posture when using cloud applications?
Understanding your environment’s cybersecurity posture requires regular risk assessments to establish a security baseline. This means knowing which applications are in use, what data they handle, where that data is stored and how it is processed. Automating these assessments is crucial for scalability, especially given the sheer number of cloud applications in use today. By automating risk evaluations, organizations can continuously monitor and manage their security risks more efficiently, ensuring they stay ahead of potential threats.
Q: What do I really need to protect my cloud?
At Blackpoint Cyber, the SOC is observing a significant shift in the threat landscape, with a 10-to-1 ratio of cloud attacks versus on-premises attacks. This means that for every on-premises attack our team prevents, there are roughly ten attacks targeting client’s cloud environments. Based on that knowledge, our team recommends:
- Security Monitoring and Incident Response: The foundation of cloud security starts with constant visibility. Implement continuous monitoring to detect unusual or suspicious activity across your cloud environment. Pair this with a well-defined incident response plan, allowing your team to quickly react, contain, and recover from any security incidents that arise.
- Identity Controls: Managing who has access to your cloud resources is vital in preventing unauthorized access. Identity and Access Management (IAM) ensures that users, applications, and services have the appropriate level of access—no more than what they need to do their jobs. Key steps include implementing multi-factor authentication (MFA), enforcing role-based access control (RBAC), and regularly auditing access rights. Following the principle of least privilege reduces your attack surface and mitigates the risk of account compromise.
- Posture Management: Cloud security posture management (CSPM) ensures your cloud environment remains securely configured and compliant with industry standards. Regularly scan for misconfigurations, vulnerabilities, and compliance gaps that attackers could exploit. Using automated tools to detect and remediate issues in real time helps maintain a secure, resilient cloud environment. Proper posture management creates a strong defense baseline, ensuring that all cloud resources are properly configured and protected.
Q: How does one approach Compliance in the cloud?
Compliance in the cloud follows the same frameworks as traditional environments, such as GDPR, HIPAA and others. The key is to start with a thorough understanding of your cloud data – what type of data you have, where it’s stored, who has access to it, and whether the right people have the appropriate permissions. Once you have this foundational knowledge, it becomes much easier to align your cloud environment with the specific requirements of various compliance frameworks. This approach ensures that data privacy, security controls and access management meet regulatory standards from the start.