Because almost every company today is using a hybrid infrastructure of cloud computing and on-premises architecture, it’s not surprising that the lines between the two are blurring. And that’s especially the case regarding how companies approach security in a hybrid world. In fact, nearly two-thirds of organizations are using the same security approach for their on-premises and cloud networks.
“We don’t want to treat cloud security in a silo, but we don’t want to ‘copy and paste’ our security approach from on-premises to cloud,” said Will Silverstone, senior security consultant, Mandiant, during a session at Google Next23.
These blurred lines and applying on-premises security practices for cloud environments can create more risk because there are differences in the infrastructures that must be considered.
Pillars of Cloud Security
There are three main pillars when thinking about cloud security, said Omar ElAhdan, principal security consultant, Google Cloud—Mandiant, who shared the stage with Silverstone. Each pillar’s security challenges can impact on-premises environments when the infrastructures and security controls are closely linked. Addressing this starts with understanding each pillar and the challenges they present.
Pillar One: Understand the hybrid environment
Misconfigurations are one of the biggest challenges in the cloud environment. When you deploy critical infrastructure that can control your on-premises environment into your cloud environment, explained Silverstone, the security of your on-premises and the security of cloud environments become tied to one another. Misconfigurations within the cloud can endanger the security of your on-premises environment and vice versa. Another challenge in the hybrid environment is privilege escalation and lateral movement between each environment, which allows an attacker who is compromising one environment to attack the other.
Pillar Two: Secure your identities
According to Google’s Threat Horizon Report, more than 60% of compromises in Q1 2023 involved credential issues. This directly corresponds to the struggle organizations have in securing identities in cloud environments. The main challenges are a lack of identity tiering and separation, an excessive scope of privileged identities,and weak MFA, according to the report. “It’s not just the MFA method that we’re enforcing,” said ElAhdan. Organizations often overlook the operational aspects of MFA—where users can register devices or how many devices a user can have.
Pillar Three: Reduce your attack surface
The goal is to see your overall attack surface the same way threat actors see it. A challenge to that level of visibility is the expanse of the overall attack surface because it isn’t just network-focused when the cloud is involved. Your attack surface will also include identities, user credentials and privileges that threat actors can infiltrate and use to launch attacks.
Incidents Are Not Linear
When the lines between on-premises and cloud become blurred, the default may be to see attacks and threats as linear, moving straight from one device or network to another. It doesn’t work that way. Attacks are dynamic in nature, ElAhdan pointed out, and encompass multiple levels across your infrastructure and organization.
“Your security program and initiatives should comprehensively encompass on-premises, cloud environments and every integration,” said ElAhdan.
Understanding these three pillars of cloud security and the challenges of each can help you better security hybrid infrastructure environments.
Recent Articles By Author
