The 21st century has seen many significant technological advancements in the cross-section of digitalization, cybersecurity, and cloud security. As more valuable data is being stored and used to make data-driven decisions, its protection against internal misuse, malware vulnerability, and fraudulent external access is critical. Innovative cloud security solutions such as threat modeling and other SaaS solutions can help prepare your organization by identifying and preventing threats for key software and data center components of your IT landscape.
There are two primary options for hosting: on-premise servers or hosting in the cloud with a third-party vendor. Both have pros and cons entailing certain security and threat modeling activities.
On-Premise Vs. Cloud Hosting
Enterprises are under constant pressure to control costs and create sustainable operational and IT efficiencies. When evaluating the difference between on-premise vs. cloud hosting, it’s clear that cloud technologies offer significant up-front cost savings, reduce operational burdens, and unlock tangible scalability opportunities.
On-premise hosting solutions are costly to maintain and require significant time and attention from in-house IT teams. Because internal departments completely support on-premise systems, enterprises with on-premise hosting solutions are needed to allocate substantial resources to maintain them. Training costs are almost always a significant expense for on-premise environments, versus cloud hosting where there’s less strain on internal teams. It’s also much more difficult to customize and scale on-premise solutions as your organization grows and changes. The flexibility of cloud computing is paramount, allowing for ultimate control and agility as new challenges arise.
Many CISOs and CIOs fear that moving to a cloud environment will negatively impact the security of sensitive data, as there is quite a bit of misinformation or misunderstanding surrounding the capabilities of cloud computing. However, most cloud service providers offer incredibly high levels of security and sophistication. They will usually have a “shared responsibility” agreement, which means they are entirely responsible for the security of the cloud environment, while the client is responsible for security in the environment. AWS, for example, uses this model, which should be accounted for when creating any cloud threat model.
Leading Cloud Security Threats
According to more than 450 IT and cybersecurity professionals surveyed for the 2019 Oracle and KPMG Cloud Threat Report, nearly 50% of all respondents anticipate storing the majority of their organization’s data in the cloud by 2020. As more and more organizations move to cloud-based solutions, they become more vulnerable to threats that target the cloud’s porous attack surface. Cloud solutions are susceptible to common threats that include malware, ransomware and DDoS. Cybercriminals may also find ways to compromise information systems and impose data loss, including private or confidential information.
Cyber threats can cause tremendous damage to IT applications, systems and the organizations that maintain them. A data breach can disrupt business operations, cause reputation ruin and attract fines imposed by regulating bodies. It is more important than ever to understand attack surface vectors and strategically place security controls in place before your next data breach can occur.
Threat Modeling for Cloud Environments
Threat modeling is just as valuable for cloud environments as it is for on-premise hosting solutions. Just because you’re working with a third-party like AWS, Google or Microsoft, doesn’t mean your liability is not a factor. Under shared responsibility, your organization is still responsible for the content within the cloud environment. To limit your risk, prepare for sustainable security practices and protect your data, you should develop cloud threat models.
Developing a cloud threat model is not just a one-time activity. Any threat model should be living, breathing, documentation subject to change. This is even more true given the nature of cloud hosting. Because cloud threat modeling offers more flexibility and scalability, threat models developed for the cloud also need to be flexible and subject to change. For example, let’s say your cloud-hosted B2C application’s user base grows significantly due to successful sales and marketing initiatives. A threat model for an application with 10,000 users as opposed to 500 users is going to require a different level of depth and sophistication.
Cloud Workload Protection Platforms
Cloud Workload Protection Platforms provides data security to multi-cloud environments, including public clouds, private clouds, plus physical on-premise data centers. The ideal Cloud Workload Protection Platforms are automated, elastic, and provide workload visibility, addressing the multifaceted needs of the modern hybrid data center.
Cloud Workload Protection will provide you with insights on workload activity, measurements of system integrity and determination of security postures. A proper Cloud Workload Protection will also be proactive in protecting vulnerabilities and mitigating threats before they can spread on the cloud. Cloud Workload Protection will support adoption of emerging SDLC technology, such as containers and serverless, which are increasingly characteristic of hybrid cloud applications.
Cloud Access Security Brokers (CASB)
The purpose of Cloud Access Security Brokers is to provide a point where visibility, threat protection, security and compliance are enforced whenever resources are accessed through the cloud. CASB policy enforcement points can be on-premise or cloud based, and provide a granular level of visibility and control. For policy enforcement, a typical Cloud Access Security Broker will enable programmers to trigger certain processes such as alert, bypass, quarantine, encrypt, et al.
Cloud Access Security Brokers will intervene and ensure data loss prevention with any data that is transmitted to and from the cloud – regardless of the device or technology you are using. Cloud Access Security Brokers provide advanced threat protection. However, CASB has its shortcomings, including performance and usability issues. In order for an organization to implement CASB, security teams must fully understand how it can integrate with the IT infrastructure. CASB, while enabling additional security features, may require customization to integrate. In other words, it’s not always an out-of-the-box solution.
Security as a Service (SaaS) is becoming a valid way to secure the data you store on the cloud. SaaS is available without any on-premise hardware or software needed to provide security to cloud applications. Through SaaS, you get comprehensive security that is plug and play. SaaS offers a level of protection that is beyond what firewalls provide. It will protect users from malware, monitor installed applications and review user access to resources.
Security as a Solution platforms behave like other cloud solutions, in that vendors charge a monthly fee for apps, data and operations security. SaaS is cost-effective because the cloud vendor is responsible for managing security solution that can scale to handle peak data times. The obstacles that organizations face are plenty, and Security as a Solution can provide protection against: Advanced Persistent Threats (APT), Distributed Denial of Attacks and data loss, among others. There are some downsides to enlisting cloud SaaS vendors. For one thing, security teams have less controls over security measures. You are also at the mercy of customer support, instead of internal development teams.
IaaS and Paas Solutions
Infrastructure as a Solution and Platform as a Solutions provide the scalability and benefits of the cloud, enabling developers to overcome on-premise limitations. Faster time-to-market and the ability to shift focus on making application enhancements are some of the benefits to working with IaaS and SaaS.
However, as with on-premise, security teams must make efforts to protect information assets that are stored within IaaS and SaaS. For example, security of disc machines, virtual servers, data and networks must be enforced. One danger of using IaaS and SaaS is insider threats. In this case, employees purposefully seek to compromise the data from within.
Third-party contractors that are staffed as part of IaaS or SaaS solutions can also be viewed as potential insider threats. Perpetrators with inside access have the ability to tamper with or manipulate IT applications and infrastructure, even remotely. Insider threat bad actors may use social engineering to infiltrate IT systems. Examples include phishing, or convincing a security manager that s/he needs access to locked away servers.
The Future of Cloud Security Solutions
ThreatModeler is an automated threat modeling solution that strengthens an enterprise’s SDLC by identifying, predicting and defining threats across all applications and devices in the operational IT stack. This automated platform works with all types of computing environments.
To learn more about how your organization can identify security threats during the SDLC for faster, smarter, more secure application production, request a free evaluation of the ThreatModeler platform or contact us to speak with an application threat modeling expert today.