Programming Solutions

The public cloud continues to live up to the hype, with enterprises leveraging the power and efficiency of the cloud to the tune of $260.2 billion per year by 2020, according to Gartner. Security, once predicted to be the death knell of the public cloud in the large enterprise, has adapted to cloud challenges through the combined efforts of cloud app vendors and security vendors, along with the enterprise.

To their credit, major cloud vendors have invested heavily in security, with Microsoft alone investing more than $1 billion annually. At the same time, the venture capital community has invested hundreds of millions of dollars into cloud-focused security startups.

As the CMO of one such startup that was created to keep data safe in today’s dynamic, cloud-first world, I’ve seen the inner workings of cloud security firsthand.

Leveraging cloud vendors’ native security features and third-party solutions is critical because the lines of responsibility and accountability for cloud security are often blurred between the enterprise and the vendor. In many cases, responsibility will depend on the risk a breach poses to an organization’s reputation and who has the most to lose.

However, the “breaking news test” can serve as a framework to help determine who should be held accountable. Obviously, neither of these parties wants to see their name on the front page of a publication because of a breach. This is particularly true of app vendors because their livelihood is dependent upon ensuring their products are safe for customers to use.

So, if a breach occurs, identifying its root cause (e.g., DDoS attack, malicious insider, SQL injection, etc.) and determining which party would receive the majority of the bad press can reveal who is responsible for what. In the case of app vendors, they typically invest massive amounts of money into securing their underlying infrastructure — the portion of security for which they are responsible.

As such, company executives must better understand the security and compliance risks associated with data stored in — and accessible from — cloud applications, and who will take responsibility should the unthinkable happen.

So what responsibility does that leave for the enterprise?

While cloud app vendors need to ensure that their products are secure on the backend, they do not inspect how organizations’ employees are using the data that they store in the cloud. In other words, vendors do not monitor for suspicious user behaviors on their platforms. So, if an employee (or a hacker who has gained privileged credentials) downloads proprietary data or sensitive customer information from a cloud app and sells it on the dark web, it is the enterprise that will have its name appear on the front page of whatever publications cover the breach.

Similarly, if there is an unauthorized download of personally identifying information to an employee’s mobile device, and that device is lost or stolen, the enterprise will take the blame and foot the steep financial penalties for the resulting compliance failure. In both cases, the cloud app vendors do not have their business at stake, which means that it will be incumbent upon enterprises to know what information is under their jurisdiction and step up to fill in any potential security gaps.

Covering Cloud Bases: The Shared Responsibility Model

Ultimately, the responsibility for cloud security and compliance is shared by both the client and the cloud provider. While specific boundaries may vary from one app to the next, cloud providers primarily focus on protecting their services and the infrastructure that runs their services — including all hardware, software and networking — from attackers and unauthorized intruders.

The enterprise is responsible for security infrastructure that protects its data. This includes verifying user identity and protecting against credential theft, controlling access from risky contexts such as unmanaged devices and suspicious locations, ensuring that sensitive data is controlled and protected properly, and ensuring that cloud applications aren’t used as a delivery mechanism for malware and threats across the organization.

What’s Ahead: More Cloud, More Risk

Many organizations have started their cloud journey with major SaaS applications such as Office 365, Salesforce and Box. It’s common for those same organizations, once they have a taste of the economic and productivity benefits of the cloud, to start aggressively expanding their cloud footprint. According to our company’s research, there are a lot of industry- and function-specific applications moving to the cloud, as well as a systematic migration away from applications housed in corporate data centers and toward infrastructure as a service (IaaS) offerings like AWS, Google Cloud and Azure.

While the public-facing nature of these long-tail applications is similar to that of the major SaaS vendors, there is substantially less focus and budget dedicated to security. This means more responsibility on the part of the enterprise in the shared responsibility model. Greater scrutiny must be given to the care that the app vendor is giving to their part of the model, and enterprises need more restrictive controls in order to better protect corporate data.

Fortunately, this can be achieved rapidly with the latest . Shadow IT discovery tools evaluate apps by their native security features, regulatory compliance and more, while contextual access control can govern data access by users’ job functions, geographic locations, device types and even custom factors. There is no shortage of solutions that can help organizations protect their data.

The bottom line is that enterprises need to keep the shared responsibility model for cloud security in mind. That means verifying that the cloud vendor is doing its job while building in-house processes and leveraging security tools to ensure the enterprise is keeping up their end of the bargain. Such an approach will help your organization enjoy the business benefits of the cloud while keeping your name out of the breaking news headlines.

Article provided by PartnerOn and forbes.com.

We’ve all done it before — searched for how-to instructions on something we feel like we should be able to do ourselves. Whether it’s how to tie a bow tie, how to change your oil, or how to repair a TV, people are constantly looking to do things themselves. There are activities that are beyond our actual ability to do, but can you blame any of us for trying? No, we have the information, resources, and always the desire to save money. That being said, one of the things that is likely beyond DIY abilities is combating cyberattacks for your business.

There are what feels like an uncountable amount of cybersecurity services that are created to help the wide variety of companies protect the personal and financial information of their customer. These services are best supported by cybersecurity companies but far too often business owners and managers look to buy the tools and attempt to do it themselves. The problem is, can you really learn everything you need to about things like Security information and event management (SIEM) and then manage to fight off hackers?

SIEM Systems Need Constant Management

As you may already know, depending on the SIEM system, there are different kinds of emphasis for the different services. No matter if the SIEM tool is made by Intel, IBM or Fortinet, the overall goal of being notified of attackers is the same, however, one may have a larger range of coverage for devices and log types while another may have a specific log manager that picks up different readings. Whatever it may be, the system will collect information and present an analysis on the servers, but to optimize your security, there should be someone managing the system the entire time.

Look at it this way, let’s say you want to build a shed in your backyard to protect some equipment and toys from the rain, snow or sun, and you have a hammer, plenty of nails, wood, and a few other tools. Unfortunately, nothing will get done if you don’t pick up the hammer. While it is great that you have the necessary tools and supplies, you will never build a shed to protect/shelter your equipment and toys if no one is utilizing the tools. It is the same with these SIEM services, or tools — without a full-time individual, ideally from a professional cybersecurity company, you are at risk of missing critical notifications and real threats.

Why Cybersecurity is not a DIY Product

Now, if you don’t necessarily think this is the case and you feel confident that you’ll be able to check up on the program every now and again, you might want to reconsider. If you didn’t already know, there were 668 million breaches in the U.S. just last year alone (the year before, there were over 1.5 billion breaches); this means that over 668 million times confidential information was exposed without authority. Also, 38 percent of the world’s cyberattacks are targeted at the United States. While it is a law to secure your customers’ information, these numbers alone are enough reason to understand the necessity to invest in a solid cybersecurity company’s services. So, with a constant attack from unseen sources, are you really all that confident that you’ll be able to manage it all yourself?

Let’s again assume you are adamant in doing this all yourself, are you proficient in programming Java or C/C++? Do you understand web application technologies? Linux Operation Systems? Telephony Technologies (Analog and IP)? Okay, well…maybe you don’t but you can learn, right? If that is the case, are you planning on learning on the fly from a couple of YouTube videos? It’s not that we want to discourage you from learning, but it’s just a matter of being realistic. Trying to install a SIEM program and then following a manual to figure out how to make everything work is about as easy as putting a 4th grader, who is now able to read decently well, into a college-level biology and expect them to do well. the information is right in front of them, but can you really expect that? The answer is obvious.

Maybe we aren’t giving you enough credit and you actually do understand all of these things — if that is the case, good for you for sticking with this blog and reading all the way to here — but can you handle reading all the analyzed data for every device for your entire company every day? That’s where the benefit of hiring a cybersecurity company to manage the entire SIEM system for you comes into play. Not only will you have a service that is linked to your server, but you will also have a team of professionals constantly reviewing your system for dangerous activity. With just the SIEM tool at your disposition, you may be alerted when a breach is detected but what will you do from there? A team like this, will not only notify you but also provide you with a solution.

The wisest thing you will do when you are looking to increase your company’s cybersecurity is to not only purchase one of the many tools that are on the market, but make sure you also have a cybersecurity company on your side providing you with all the readings solutions you need. Need help? Contact us today!