For adapting to new cloud security threats, look to “old” technology
With remote work and reliance on cloud computing here to stay, it’s no surprise how many headlines there are to address the growing cloud security concerns in our industry.
While there is a time and place for onboarding additional cloud security solutions, it can also be easy to fall prey to the shiny object syndrome surrounding emerging solutions that are created in response to new security threats. Before rushing to invest in a new solution, however, remember that matching additional solutions to emerging threats in a one-to-one game of whack-a-mole is not a sustainable strategy.
At conferences, I always find a host of companies selling “x is hard, we make it easy” point solutions, and often too many enterprises rushing to invest in them. These quick decisions are often poorly planned, sometimes unnecessary, and end up creating expensive and complex architectures that achieve the opposite of what is intended.
Why onboarding new cloud security tools isn’t always helpful
More security point solutions in your architecture equals more complexity. You will end up with many solutions to the same problem, creating inefficiency, cost, and risk. The more of that you have, the harder it is to figure out what’s going on, and the higher the likelihood that problems will slip through. You may already own the solution to the problem you are buying something new to solve!
Instead, plan security architectures around functional and non-functional requirements – and ensure you consider non-functional requirements around maintainability, impact to other services, maturity, and complexity (at the very least). Flexibility is key, given how rapidly threats emerge, and complexity is the enemy of flexibility. While there is a good argument to be made for point solutions, some sets of problems can be solved by simply using more of what you own today.
Use what you already have
DNS is an example of a multi-faceted technology that most enterprises overlook when seeking to secure their cloud and on-premises environments. DNS has historically been seen as a service that needs to be protected, as opposed to being part of the protection plan. The discourse is changing, however, with DNS being increasingly recognized as an essential part of an overall security architecture.
In fact, the NSA and CISA, and even Gartner most recently, have officially come around to strongly recommending it. Of course, organizations like BlueCat, Cisco, Farsight, and others, have been saying this (and creating solutions around it) for years. And for good reason.
Benefits of DNS for cloud security
DNS is a ubiquitous, lightweight protocol that in many senses is a proxy for the intent of any originating client’s activity. With DNS, one doesn’t know that a connection was made to a specific IP address, but certainly that there was an intent to make such a connection. There is tremendous value in DNS metadata as a signal, and tremendous power in DNS services as a control point.
In my work, DNS is often leveraged, in concert with SIEM solutions, to leverage the rich metadata, by storing raw query logs for forensic analysis. By leveraging DNS, enterprises often find they get more out of the remainder of their stack, and avoid needing to buy new items, too.
New tools are not always a bad idea, but organizations with finite budgets (that is, all of them) must focus on getting more of their existing technology stack before turning to new shiny objects. Having too many tools in a toolbox that doesn’t close isn’t a wise strategy. Often, simplifying has just as much ROI.