The evolution of cybersecurity, and the role it has taken on given the growth that companies have experienced in exporting processes to the cloud, is essential today. Companies have embarked on the migration of their applications and services to the cloud. cloud environments. Some out of necessity because they did not have the environments ready to access via VPN or if they had them they were for a few users and not for the whole company. Others because they have realised that it really is a good and cost-saving solution if you know how to use it.
These changes will lead us to see attacks on these environments in the coming months, which, however much we try to say that they are secure (yes, they are), the insecurities come from elsewhere.
Companies should therefore reinforce aspects to which they have not paid much attention so far.
In the past, we followed the manufacturer's specifications or those of the department where we were told what was needed, we provisioned it and we dedicated ourselves to securing accesses, either through network control, user control or various permissions. For some time now, most companies have been working with virtualised environments and almost everything is provisioned with this technology, either in complete systems or by means of containers, so can this be directly uploaded to Cloud environments? The truth is yes, and this would be our first security mistake and we should ask ourselves the following questions:
Have we checked the security of the code?
In a home environment it is a problem, but in an environment with network access it is a serious problem. But of course, there are two scenarios here as well, if we don't own the code it is very difficult for them to let us verify whether the code is secure or not, so I would recommend moving to a SaaS service and thus delegate security and responsibility to the provider, but if we own the code this would be a good start before uploading something to the cloud, checking for possible security bugs, whether in the technology or the code itself is essential to avoid later scares.
FortiFy and BugScout are two good tools, the first one is expensive, so if your budget does not allow it, I would recommend the second one. Many people will say that Kuiwan has forgotten me, but I think that the first two are more powerful, but like everything else, it is debatable.
After knowing that our code is secure, we might ask ourselves, how have we deployed the environment? It is clear that having a good bastioning of our cloud environment, whether in a public or private network, is something we will have to constantly review in the same way that we used to check that our networks were secure.
Have we automated deployment?
One thing we should plan for is the automation of the deployment of our services, either to be able to have an elastic environment that grows or shrinks according to the needs of each moment (or is turned off/on because there are hours when the system is not used and now it is pay-per-use, remember that).
Something I consider essential would be to have immutable environments and to be able to quickly isolate an environment because we have detected an incident and there is a need to continue providing the service with a new deployment.
This is very interesting from a security point of view, as having the possibility to isolate an environment in which we have detected an incident will allow us to study the problem and solve it more efficiently in subsequent deployments.
Identity management in the evolution of cybersecurity
And finally, the identity management (IAM). In our internal services we were looking for a single sing-on where we normally relied on LDAP and Active Directory for authentication of the different systems and achieved the triple A (Authentication ? Authorisation ? Auditing). So now we should have the same thing, but in a cloud environment where we will have to combine and stop thinking about roles per person and think about 'where we access, how we access and what we access'.
A good IAM system should be able to integrate with the SaaS services we have contracted, as well as PaaS and IaaS systems, but it should also be able to integrate with our internal LDAP and Active Directory systems to achieve a single management of the different services we have available.
One last question about identity management, it is very complex and from my point of view it should not be approached as a single project, but as multiple projects that gradually integrate the different services, otherwise you can die trying.
I do not want to end these lines without reminding you that a fundamental part of the evolution of cybersecurity lies in controlling the logs, perhaps more now than ever, because as a good friend of mine once told me ?in the logs you will find the truth about your system? Integrating into a good SIEM, the logs of the cloud environments, will greatly help us to understand what is going on in our environment and to detect possible attacks or unauthorised access.
Therefore, given the role and evolution of cybersecurity, the profiles and services that will be most in demand in the coming months will be DEVSECOPS, cloud security architects and compliance officers to ensure that services do not breach or put systems at risk.
Reminder: new needs do not imply that we forget what we have been doing up to now until it completely stops providing the service and is de-supplied from our environment.
Article by José María Pulgar, CISO at Bosonit.