Cloud-based infrastructure has one big clear security problem: by virtue of being in the cloud, it's exposed to the public internet. Application, data, and other assets stored in the cloud are vulnerable in a different way than if they were behind a central firewall. That creates more opportunities for attackers to look for weak spots and vulnerabilities.
Cloud infrastructure, whether on-premises, on public infrastructure, or in some hybrid form, also enables a different kind of application deployment, using containers, microservices, and serverless functions. That means that traditional approaches to monitoring application security are no longer enough.
"With serverless, something can run for microseconds and then be done," said John Gray, CTO at Infiniti Consulting Group. "How do you trace that? How do you monitor that? That's where some of the new application monitoring tools have really taken off."
The SIEM Challenge
The ephemeral nature of cloud infrastructure also makes some types of logging obsolete, or at least requires a change in approach. For example, as part of moving their infrastructure to the cloud, some companies are also looking at moving their security information and event management software to the cloud as well.
SIEMs require a lot of storage, said Ali Golshan, co-founder and CTO at cloud security vendor StackRox, so moving them and similar functions to the cloud can make them cheaper and easier to run. But just moving a SIEM to the cloud isn't enough to handle the new cloud cybersecurity landscape.
This starts with understanding that not as much historic data needs to be stored with cloud deployments, because a lot of the historic data quickly becomes obsolete, Golshan said. Meanwhile, companies need to be able to track what's happening in containers, microservers, and serverless cloud functions.
"In this world, you're not really operating on historic snapshots," he said. "If you have a traditional environment, you still want to have a SIEM. But you can't lift-and-shift a traditional SIEM to the new cloud-based world."
However, if you have a SIEM to handle your traditional, on-premises infrastructure, there's an extra benefit to running in the cloud, beyond the cost savings, said Adam Kujawa, director of Malwarebytes Labs at cybersecurity vendor Malwarebytes.
"If you have a SIEM on a local network and you're breached, an attacker may be able to break into the system and modify the logs," he said. "But if it's separate from your network, that's something that would be harder for the attacker to do. That's an additional layer of security."
You can take that approach even further, using different cloud providers for different aspects of security.
"It’s becoming a practice to keep your data with a cloud provider and all controls and encryption keys at another cloud provider separately," said Pravin Kothari, CEO at CipherCloud, a cloud security vendor.
The People Challenge
It takes time for the people in charge of data center cybersecurity to get their heads around the new way of running infrastructure.
"Previously, there was a pretty well-known set of tools to use for on-prem monitoring and people got good with them," said Infiniti Consulting's Gray.
So it's not a surprise that when it comes to securing cloud infrastructure, the most popular strategy is to train existing staff, according to a recent survey by the CyberEdge Group research firm.
The next most popular strategy, selected by 40% of the survey respondents, is to hire new security staff who are dedicated to cloud security. Another 36% plan to augment their staff with external consultants and contractors, while 33% plan to use a third-party security services provider. Only 24% said they plan to use cloud security software or cloud services from independent software vendors.
However, when data centers begin to migrate to the cloud they will still have their traditional infrastructure in place for a while, and without more staff, the same group of people will be responsible for not only learning the new cloud-based systems but also for managing security in both locations.
"And then, AWS and Microsoft and Google -- the whole industry -- is pushing out changes to the cloud environment at a relentless pace," said Gray. "That makes it difficult for organizations to know what to pick. Six months later there's some newer, easier to use version or a totally different service. That makes people’s lives more difficult."
But there's a big silver lining to migrating to the cloud, he added, on top of the cost savings and greater flexibility.
"It gives you the opportunity to start fresh, to build a data center from scratch," he said. "It allows you to be in a much cleaner situation if you do it right -- if you take the time to build it that way. And you can separate out infrastructure much easier in the cloud, so you can isolate environments."
That means that down the line, cloud environments have the potential to be more easily managed and less vulnerable to attack than traditional infrastructure.
"The cloud can absolutely be more secure than on-prem," he said.
For example, clouds make it easier to automate the process of spinning up containers and launching services. If done right, that means that data centers can ensure that all the right controls are always in place.
"But if you mess the automation up, it can destroy your environment," Gray added.