When talking about cloud computing, some people think that having such is the ultimate answer to their IT. Some believe that if you throw your IT infrastructure to the cloud, all is set and good. Yes, cloud may be helpful for organisations today, especially during the pandemic. It gives you much better scalability and accessibility to various applications, and for the workforce, they are no longer limited to being in the confines of a physical office.
However, as Daniel Chu, Director of Systems Engineering at ExtraHop Networks said in an interview with CSA, there is a risk for moving in an evolving complex landscape.
"As much as we like to say how the cloud can help with security, we have to be very careful that the cloud is also an inherent risk because it's not something that most organisations have been doing for a long time," explained Daniel. He mentioned that the large-scale migration and utilisation of cloud may introduce blind spots in organisations that are implementing it.
For example, there are misconceptions in cybersecurity that may increase the risks and vulnerabilities for both businesses and users. One, there is this belief that providers will handle the security of the cloud, the infrastructure and the underlying components. However, the truth is customers are still in charge of the security in their software and applications.
There is also the concept of network security on the perimeter, where organisations rely on solutions like Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), firewalls and proxies to keep the bad guys out and the good guys in. "It's kind of like that castle mentality of "I have my castle. I have my moat. I'm already protected". But if you think about today corporate environments, especially with COVID, the whole concept of this perimeter has definitely kind of faded away," added Daniel.
He mentioned two recent factors that have played a role in eroding the whole concept of a perimeter: rising adoption of work-from-home setups instigated by the pandemic, as well as the introduction of IoT devices (such as IP cameras, smartphones, smart speakers and printers) into IT environments.
Remote Setup: A New Gateway for Vulnerabilities
When companies deploy IoT devices, it adds a certain amount of risk as they are not always brought in with security in mind. In many cases, without the knowledge of IT security teams. Daniel explained, "This whole concept of IoT devices is very critical because oftentimes, they are made and procured without the decision-making of the network enterprise security team. We had a customer before where the network security team realised that another team, the physical security team, bought a bunch of IoT IP cameras to monitor different places in their office and data centre."
In addition, remote work also resulted in the increasing reliance on personal devices and networks. "It used to be you had to have an approved laptop issued by the company in order for you to connect to the VPN to access your company's environment. But we have seen the case of easing up on that as well. As long as you have a laptop, as long you've installed this software to do a virus scan, out of necessity, we will let you remotely log in," he added.
It also doesn't help that the pandemic has compelled organisations to reduce some of their security measures due to cost issues, with remote working implementations already taking a huge chunk of their budgets.
Daniel explained that on-site security is something that everyone seems to be better at as they have been doing it for a long time. Remote working, however, is a challenge because organisations are typically not equipped for the majority of their workforce to work from home, and there are new paradigms that need to be in place to keep everyone secure.
"Your priority, regardless of what security investments you have made up to date, should be always on securing the access of your critical assets. Understanding where your critical assets are is definitely the most important in getting the visibility to detect and respond," advised Daniel.
Security vs Privacy
As companies enhance security measures through the use of advanced digital solutions that can monitor and keep track of more and more data, the question of privacy arises. When asked about this, Daniel said, "It's always a double-edged sword in many ways when it comes to security and privacy. Work in the office has to be monitored, but nowadays, people are using their own devices. We definitely see that kind of shift going on, and I would say that a lot of security solutions today do make a good balance between the two," explained Daniel.
According to Daniel, most cybersecurity solutions, including ExtraHop, are not about getting identifiable information or sensitive information. It is about getting the right security telemetry or metadata to help with the detection, response and visibility.
"So it may not necessarily be about what websites you're going to but how much traffic are you sending? What is the traffic pattern? Do we see someone tunnelling traffic and using you as a jump point? It's these more abstract metadata and telemetry that's been leveraged," said Daniel.
He added that this is a way to ensure a good balance between having the visibility for security and protecting your critical assets while still maintaining a user privacy.
Importance of Increasing Visibility and Being Proactive
Daniel believes that a lot of today's security practitioners focus too much on detection and response. While that is a good conversation to have, he believes that one of the more fundamental pieces of the puzzle is visibility.
He used the analogy of a surveillance camera that is only pointed at the corner of a room, recording in black and white with no audio – such is the limitation that organisations place on themselves if they only focus on one area of security, without visibility.
"I think security as a whole has been very reactive. It's always an anomaly happened or exploit attempt or alert happened and I react to that. By definition, that's the very reactive stance. But as we say in ExtraHop, being the hunter and not being the hunted means being proactive about security," Daniel stated, adding that.
To achieve that, organisations require a hundred per cent visibility to eliminate any blind spots. They need to detect threats faster, especially threats that will be missed by traditional security mechanisms. Finally, they need to act quickly to improve the response time of the security operation centre significantly.
Daniel said it starts by taking measures to enable visibility to your cybersecurity, which a company like ExtraHop can help through proactive hygiene reports and active threat hunting, among other things. "There are low-hanging fruits in organisations which may not be breached today, but if you're proactive about it, you can prevent those reactive alerts and exploits from happening."