Five mental shifts we must make to achieve security beyond perimeters
Data centers aren’t exactly going extinct, but given the massive shift to public clouds, you need to make some significant adjustments if your mindset doesn’t already include or understand the cloud. The problem is that not every organization knows how to prepare for and embrace the cloud-driven future. It can take some major mental adjustments to shift mindset from on-prem environments based on the data center, which has a clear and definable perimeter, to the nebulous world of the cloud.
To help you get your mind out of the data center, beyond the perimeter, and into the cloud, we suggest you consider the five mental shifts outlined below.
The threat landscape is evolving
There was a time when keeping an eye on your network perimeter was sufficient to catch most threats. Today, that’s not the case. The 2017 Threat Landscape Survey from SANS found that endpoints and end users are now the front line of the battle against online threats. These are the most frequent targets for attackers who want to weasel into your organization’s network.
Among the most common threats this past year were phishing and ransomware, both of which can often skirt traditional perimeter-based security solutions like firewalls and antivirus. Zero-day exploits, while less common, are a good example of how the most advanced threats laugh in the face of perimeter-based security. In light of this reality, understanding how the landscape has changed (and how it will continue to change) is the first key to better protecting your organization against the modern threat landscape.
Detection must precede prevention
In the cloud, where you don’t have a defined perimeter to monitor closely like you would with a data center, detection matters more than prevention. Prevention was the name of the game with static, on-prem environments, but today it’s not a viable strategy.
The reality is that threats of all sorts — from insider misuse to nation-state attacks to more mundane varieties of cybercrime — evolve quickly, as I mentioned above. At some point, they will inevitably slip past your defenses. For this reason, prevention alone is a head-in-the-sand strategy.
If your security strategy is focused on detection, however, you’ll know when a breach happens, and you can take steps to stop the attack in its tracks. None of this is to say that you shouldn’t employ basic preventive measures — like making sure your environments are configured correctly. But if your entire strategy is prevention, you’ll regret that in the cloud.
Real-time visibility matters
It follows that you can’t let detection lag significantly behind any incident that takes place. Ideally, you want to adopt an integrated and comprehensive intrusion detection platform (IDP) that solves the fundamental problem of not having sufficient visibility into your cloud environment. This way, you can be alerted in real time (or near real time) about risk behaviors, rather than after those behaviors have led to a breach.
Types of behaviors you want the ability to catch in real time include:
- Access to development and production environments
- Logins under root
- User privilege escalation.
A strong host-based IDP will help you answer the key questions of who, what, when, and where, so that risky behavior can be addressed and mitigated quickly. This is the best way to ensure that you don’t become the next headline or casualty in the cyberthreat landscape.
Point solutions can’t cut it
As you might imagine, point solutions are not an ideal way to address the shifting threat landscape. Oftentimes they don’t focus enough on detection, and even when they do, they require a lot of manual effort to connect the data from disparate point solutions and piece together the bigger picture. This means you can’t respond at the speed at which threats proliferate today.
It’s never been more important to invest in security tools that provide a complete, 360-degree view of your systems and that can quickly (ideally automatically) correlate data points when a threat arises. As mentioned previously, an IDP or other platform that provides real-time visibility is the best way to ensure that you can always stay one step ahead of attackers.
Security is a team sport
There was a time when it made sense to have a single point person or a small team in charge of security. These folks would be brought in right at the end of the development cycle, before a product headed off to market. They would tsk-tsk about any policies, standards, or regulations that had not been met, and implement patches where needed.
This doesn’t work anymore, for a number of reasons, but particularly because continuous development and continuous integration methodologies don’t allow for the time lag that this approach requires. Anytime security lengthens the product release cycle, it becomes the enemy, because it undercuts speed — the primary reason for moving to the cloud!
For today’s business velocity, you must integrate your security practices throughout the product development lifecycle. This means that security can’t just be a function of the security team. Your Development and Ops pros need to know how it works and what it means for their jobs, and they must be able to apply best practices with a minimum of hand holding. This is the idea behind the discipline of SecOps, and it’s the key to ensuring that security is a business enabler, not a roadblock.
Five shifts, one mindset
The five shifts described above may take some time to make, especially if your organization has been on-prem and in the data center for a long time. But they are well worth making because they will enable your business to take advantage of all the benefits the cloud has to offer without sacrificing security at the altar of speed.
When you learn to prioritize detection, seek out visibility, and approach security like a team sport, you enable your entire organization to stay competitive in today’s high-velocity landscape. That outcome is well worth the effort it will take to shift your mindset from the data center to a cloud-specific security paradigm.