Bringing Resilience to the Cloud With Zero Trust

Written by

When the cloud first went mainstream almost two decades ago, it was seen as a cutting-edge business enabler. Holding true to that promise, the cloud has become the backbone of modern business and its role as a principal data repository has never been more crucial.

A heavy reliance on the cloud, however, has stretched our attack surface far beyond imagination. Our recent research revealed that nearly half of all data breaches originate in the cloud. These breaches bring with them immense financial repercussions and significant losses in consumer trust, with organizations suffering an average loss of nearly $4.1 million per breach. In the UK last year alone, 46 percent of the businesses that were hit by a cloud breach reported losses over £405,250. 

So, it’s clear that as the attack surface posed by the cloud widens and expands, traditional cloud security practices are failing modern enterprises. Cloud usage is ubiquitous today, yet security teams are still struggling to get a grip on securing their hybrid and multi cloud environments – putting customers and other critical business stakeholders at risk.

Why is it that traditional security measures are failing in the cloud? And with so many operations now dependent on cloud, how can organizations build resilience where they’re currently most vulnerable?

The High Stakes of Cloud Security

Despite its prevalence over the past few years, there’s still misconceptions and confusion around ownership in the cloud. Companies that use different cloud systems and vendors to store their most valuable data often believe they’re offloading security responsibilities to the cloud service provider. But the reality is that the entity that stores, processes, or transmits the data is responsible for the protection of that information.

So, when a breach occurs, the accountability and consequences almost always come back to the business itself. Instead of thinking of the shared responsibility model in the context of the cloud, it’s best to consider it as an uneven handshake – where your organization is responsible for securing the data that you put into the cloud, while the cloud provider is responsible for maintaining the underlying infrastructure.

That’s why investing in robust cloud security is essential. It’s the responsibility of both parties to ensure the cloud is properly secured. Organizations that haven’t been prioritizing cloud security up until now are already behind the curve. First, there are the obvious stakes associated with neglecting the cloud, including putting financial and other sensitive business resources at risk. Plus, ongoing cloud adoption and migration efforts continue to heighten risks in the cloud.

“We know that today cyberattacks are inevitable, especially in the cloud.”

Breaches in the cloud don’t just threaten data, they jeopardize trust and revenue-generating operations as well. In fact, Illumio’s Cloud Security Index shows that 47 percent of UK security decision makers specify reputational damage and the loss of trust as the main consequence of a cloud breach.

With only 29 percent of UK businesses being primarily concerned with the loss of revenue-generating services, it’s clear that businesses are placing a higher premium on reputation damage than on immediate financial implications – suggesting that while revenue can be recouped, businesses believe restoring tarnished reputations presents a far more challenging endeavor.

We know that today cyberattacks are inevitable, especially in the cloud. So, the ability to contain cloud-based attacks, limit their impact, and keep critical assets safe and operations running – even while under attack – is mission critical.

Where Traditional Cloud Security Models Fall Short

Legacy systems like firewalls and intrusion detection solutions have proven that alone, they’re unable to cope with the dynamic and intricate nature of the modern cloud. And using static solutions to respond to today's prolific, innovative cloud-based attacks will never work.

While organizations may attempt to apply these outdated security paradigms to modern cloud environments, the cloud's agility and scalability demand equally adaptive measures. We saw that 95 percent of security decision-makers agree they need better visibility across cloud infrastructure and faster reaction times to breaches to bolster their resilience in the cloud.

Even more concerning, nearly 74 percent think their organization's security function is slowing down cloud adoption. In response, businesses are developing mission-critical applications in the cloud with virtually no advanced security precautions — a dangerous precedent, since business transformation and security implementation must go hand in hand for organizations to innovate and grow securely.  

Businesses must embrace a more dynamic security model for the cloud – coupled with real-time security solutions that provide visibility and don’t restrict efficiency – if they want to secure the cloud. This is where the Zero Trust framework can help.

Zero Trust Segmentation – Building Resilience in Cloud Security

It’s evident that organizations need a stronger operational framework that allows them to reduce risk and secure cloud resources in a more cost effective and proactive way, and that’s exactly what Zero Trust is designed to do.

The Zero Trust framework, which I designed as a Forrester analyst nearly a decade ago, is based on the premise that no user or asset is to be implicitly trusted. It also advocates for organizations to operate under the assumption that a breach has already occurred (or inevitably will occur) and therefore proactively limit access so that not every user, device, or application has carte blanche access to the entire network or enterprise. In essence, all users must be continuously verified to shrink the attack surface.

Zero Trust tools like Zero Trust Segmentation (also known as microsegmentation) play a vital role in helping organizations comply with and meet their Zero Trust objectives. Segmentation enables organizations to adapt quickly and effectively to the cloud's inherent complexities, providing dynamic and responsive security that matches the fluid nature of cloud-based operations. In compliance with the Zero Trust framework, segmentation is designed to help modern enterprises detect and quickly isolate critical assets within the cloud when compromised, reducing the attack surface and eliminating the risk of lateral movement.

As security leaders increasingly shift their focus to minimizing the 'blast radius' of an attack, 93 percent of IT and security leaders believe that segmenting critical assets is a necessary step to secure cloud-based projects.

Overall, as organizations continue to harness and operate in the cloud at scale, it’s clear that cloud security demands a radical rethinking of our security strategies, with Zero Trust leading the charge. It’s imperative for organizations looking to navigate the complexities of the cloud to be able to safeguard their most valuable assets as new threats evolve.

By implementing dynamic defenses like segmentation, organizations can ensure their move to the cloud does not compromise their security posture. Instead enhancing their ability to respond to and recover quickly from incidents, ensuring their next breach does not jeopardize their most critical assets, reputation, and trust.

What’s hot on Infosecurity Magazine?