Cloud Computing Is Not New | Why Secure It Now?

Cloud computing has seen a number of iterations since its inception within the Nineteen Sixties and has empowered modern-day enterprises, changing into integral to operations and the way options are delivered. While the event of cloud computing spanned the final sixty odd years, at what cut-off date did companies begin factoring in its safety?

This put up examines a timeline of contributing elements which have led to the security issues many hybrid and cloud-based organizations are dealing with at present. While assaults on the rising cloud floor will proceed to evolve, organizations can learn to put up the precise defenses to start out safeguarding some of the business-critical platforms in use at present.

How Cloud Computing Came to Be

Slowly getting into a post-pandemic world, extra companies than ever are making the transfer from solely on-prem environments to both cloud or hybrid ones. Use of the cloud is unprecedented and our reliance on it has change into a profitable goal for opportunistic attackers.

While cloud computing is seemingly ubiquitous now, its precursor dates again to the Nineteen Fifties and 60s. Of navy origins, a mainframe was first developed to attach laptop terminals throughout an inside matrix to decrease the price of shopping for and sustaining particular person terminals. Developing a know-how to supply shared entry to a single useful resource turned the ancestor of cloud computing as a technical idea.

The Nineteen Seventies noticed many extra developments in working methods, storage, and networking. By this time, a number of working methods might be run in an remoted setting, altering the best way operators interacted with knowledge. Moving away from punch playing cards and teletype printers, they may work together with display terminals that linked to the mainframe laptop for a devoted community.

By the Nineteen Nineties, the adoption for non-local storage know-how exploded consistent with the arrival of the World Wide Web. Huge (by then requirements) numbers of private computer systems have been linked, know-how turned extra extensively inexpensive, and corporations started to supply purposes over the web, paving the best way for the inception of Software-as-a-service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS).

Though accessible bandwidth was paltry at first, companies started to embrace the online and the infrastructure internet hosting business was born. The want for knowledge facilities boomed and lots of companies started to depend on shared internet hosting and devoted servers to run their operations. In the 90s, the time period “cloud” was used to explain this new, digital setting and a race was about to start between know-how giants reminiscent of Google, Microsoft, and Amazon.

The Tech Giants Enter the Race

In the early 2000s, everybody was accessing the cloud, together with governments, monetary establishments, healthcare suppliers, and extra. This was the cultural shift that catalyzed a tech-giant arms race with the tip purpose of gaining extra market share within the cloud supplier house.

First to hit the scene was Amazon Web Services (AWS) with the launch of their public cloud in 2002. The public cloud was a boon to a era of small to mid-sized companies, assuaging their burdens of pricey server upkeep and upfront investments on {hardware} computing sources whereas serving to them resolve problems with effectivity and scalability.

The rising success of AWS spurred Microsoft and Google into motion. Google responded by launching Google Docs providers, and later, Microsoft with their Azure infrastructure and Office 365 packages. Every tech large introduced distinctive choices to the desk and every continued within the race to change into the brand new normal for cloud providers.

The Afterthought: What About Security?

Security turned an afterthought within the race to develop new options and declare house within the cloud supplier market, most clearly demonstrated by the sheer quantity and only-increasing severity of cyberattacks on the cloud surface.

Features that make cloud providers helpful to companies are the identical options which can be typically focused for malicious use by risk actors. Cloud providers, whereas providing vital advances in scaling and effectivity, are significantly inclined to misconfigurations, insider threats, supply chain attacks, and Active Directory-related weaknesses. Consider the next statistics from the 2022 Thales Cloud Security Report:

• Multi-cloud adoption has accelerated with 72% of organizations utilizing a number of IaaS suppliers versus the 57% recorded in 2021.
• Almost two-third of companies retailer as much as 66% of their firm’s vital knowledge of their cloud.
• 45% of companies have skilled a cloud-based knowledge breach prior to now 12 months, rising from 40% the 12 months earlier than.
• 51% of IT professions share widespread issues concerning the rising complexity of cloud providers and agree that it’s extra advanced to handle privateness and knowledge safety within the cloud.

While companies and finish customers benefitted from the tech large’s race to change into the brand new cloud supplier normal, risk actors famous the rising recognition and reliance on this know-how and started to capitalize on it. Each of the tech giants had claimed that their cloud merchandise have been safe whereas, in actuality, they have been nonetheless attempting to resolve the issue because it got here. Microsoft later started to push their Azure Sentinel providers, Amazon AWS acquired numerous safety companies, and Google launched Chronicle, their safety arm which later merged into Google Cloud.

Shared Responsibility and Security within the Cloud

Though every of those tech giants and different cloud service suppliers have tried their hand at including cloud security to their product choices, this strategy has launched main dangers to companies because it narrows all the things right down to dependance on a single vendor.

Selling productiveness, collaboration, and now safety has elevated the percentages in favor of risk actors who want just one profitable assault vector to have an effect on all capabilities of the cloud service supplier.

Some cloud distributors themselves have acknowledged that their duty for safety can not prolong past securing their very own infrastructure and that cloud clients should handle securing what they put within the cloud. This mannequin of shared responsibility means cloud clients are chargeable for managing the operatings methods, software software program and utilities on their cloud situations. The cloud buyer additionally should safe the community configuration of every cloud occasion in addition to the info and property they retailer within the cloud.

As extra organizations make the shift over to hybrid and cloud environments and perceive the necessity to personal the safety of their cloud situations, safety professionals are on the lookout for extra superior technique of conserving their cloud workloads secure from cyber threats. Other than adopting primary cybersecurity greatest practices, cloud safety additionally emcompasses safety measures for serverless workloads and Kubernetes, containers, and digital machines too.

Successful cloud security strategies require professionals to have a look at their enterprise setting and perceive the dangers from throughout all elements of the entire. This is why enterprises are more and more turning to prolonged detection and response options to safe their clouds.

The Emergence of XDR to Secure the Cloud

Choosing the precise safety resolution for the cloud is a process made up of a number of elements. The proper resolution should be straightforward to handle, scalable, and in a position to defend in opposition to advanced and novel cloud-related threats. An end-to-end cloud safety resolution ought to fulfill the next key necessities:

• Automated Detection & Response – Threat actors rely on one factor most throughout their assault – time. The extra time they’ve, the upper their charge of success is in assembly their purpose. This makes detection and response velocity paramount to the protection of an setting. Before actors can set up a foothold and harm the cloud, having a quick detection time makes all of the distinction.
• Visibility for Assets & Configurations – Clouds are standard with organizations due to their potential to scale as much as rising knowledge volumes over time. However, lack of visibility and misconfiguration can depart cloud workloads uncovered to potential weaknesses. Having deep visibility in a cloud might help get rid of pointless dangers and restrict the extent of publicity.
• Integration with Existing Tech Stack – While infrastructure distributors do maintain some duty in offering safety, many safety professionals will introduce a separate safety resolution to their tech stack for superior safety. It is significant this safety resolution is appropriate with different instruments and software program in order that knowledge flows seamlessly between all platforms.

The idea of an open XDR (eXtended Detection and Response) platform supplies superior safety protection the place conventional single-point options don’t. Single-point options are those who resolve just one downside at a time. In distinction, an open XDR platform can combine present options, analyze incoming data, obtain alerts in real-time, and robotically ship responses as wanted.

A totally-integrated, open XDR leverages the ability of artificial intelligence (AI) and machine learning (ML) in opposition to risk actors concentrating on the cloud surface. By deciphering assault indicators and autonomously prioritizing alerts and safety incidents, AI and ML supplies for an tailored response based mostly on the precise traits of the attacker. Behavioral AI and ML have the potential to detect unknown cloud-based threats reminiscent of zero-day exploits and indicators of compromise which can be just like novel ransomware strains.

Summary

Cloud computing has undergone almost seven many years of transformation. Starting from the primary mainframe computer systems of the Nineteen Fifties, then accelerating through the race for tech giants to change into the subsequent normal in cloud provision, cloud know-how is now ever-prevalent in all vital sectors, fashionable workspaces, and our properties.

Cloud safety might have been uncared for through the unprecedented developments of the early 2000s, however it has been pushed to the forefront of each cloud-related dialogue now. As organizations proceed to undertake novel developments in cloud applied sciences, safety options want to have the ability to consider threat throughout your complete cloud floor in addition to any digital entities linked to it.

SentinelOne’s Singularity™ Cloud ensures organizations get the precise safety in place to proceed working of their cloud infrastructures safely. Contact us at present or book a demo to see how we might help enhance your cloud defenses and fuse autonomous risk looking, EDR functionality, and safety collectively to suit your enterprise.