The cloud, safe by default? Cipher dismantles some myths around cloud services
Jorge Hurtado, vice president for the EMEA division of Prosegur's cybersecurity company, thoroughly analyses the cloud environment and introduces Cipher's weapons for cloud services: Waldo, CipherResponse and CipherScore
Cloud services are a reality. More and more companies are moving their infrastructures to the cloud. But we only know the tip of the iceberg about clouding. Jorge Hurtado, VP for EMEA of Cipher, Prosegur's cybersecurity business unit, X-rays cloud computing and dismantles the myths around security in the cloud.
Moving to the cloud does not mean security or that you are automatically more protected than ever. As IBM's 2020 data breach cost report states: incidents in the cloud are the second most costly and amount to $267,469 per breach in the cloud. One of the most common causes of these breaches is the lack of a correct configuration in cloud environments. That is why it is critical to lay the foundation for transitioning to the cloud, including, of course, monitoring and detecting native threats in this environment.
And to have the necessary security services. Cipher's three sides are Waldo, CipherResponse and CipherScore. From analytics to early vulnerability warnings, they all cover the essential parameters to create a completely secure cloud environment away from the various threats to our customers' data.
Waldo is our automated, cloud-native, microservices architecture-based analyst that enables an orchestration and automation framework to handle incidents effectively, avoiding human error and reducing average response time – an essential parameter to avoid the disastrous consequences of an incident.
In the event of a security incident, Waldo will scan its knowledge base to learn how to classify it and give clear instructions to our SOC analysts so they can mitigate the risk as soon as possible. Waldo also provides analysts with the contextual information needed to make incident management more effective. Finally, in some cases, Waldo itself will take over the response and act automatically.
CipherResponse is the early warning and response service for security incidents that originate from emails. This service allows our customers to identify and prevent possible threats. It features a very simple operation model: An email considered suspicious is sent, with a phishing threat or containing some malicious element. The CipherResponse button allows you to review the email, while always respecting the privacy of the data contained in the cloud. CipherResponse identifies the user, checks it and lets the user know whether or not the content is malicious. In addition, all of this button's features go through the cloud, enabling full scalability. This allows us to receive tens of thousands of requests per second and makes it easier for us to deploy it in our customers' location is in a matter of hours.
However, it is as important to have services that respond to an attack as services that prevent such threats. CipherScore's strength is preparation (and it can be combined with our team of SOC analysts). This security incident management technology allows us to detect potential vulnerabilities in our customers' infrastructures. At the customer's request, Cipher forms a team dedicated to early vulnerability mitigation, before these are exploited by criminal networks.
A key part of all services is our Threat Intelligence department, geared towards analysing the TTPs (Tactical Techniques and Procedures) used by attackers to move around the infrastructure. Having determined their "Modus Operandi", the Threat Hunting begins, to detect any sign that there has been a malicious presence in the environment.
In the face of any incident, it is essential to reconstruct the steps taken by the attacker. This is called forensic analysis of the cloud and the affected systems. It allows us to reconstruct the incident's timeline, determine the actions to be taken and expel the attackers from the infrastructure.
Some myths about the cloud
Settling all our services up in the cloud does not ensure their complete availability. Even if an app is available, this does not mean it is going to work all the time. Just as important is to ensure data integrity and confidentiality, taking into account the many cloud operating models offered by the different providers, in addition to the more than possible existence of multiple "clouds" in one infrastructure (the so-called "multicloud" model).
Therefore, before launching into a "cloudification" project, we should lay solid foundations and cybersecurity controls from the design, including the monitoring strategy for assets in this new environment. Examples such as the two incidents involving OVH, one of the largest cloud service providers, attest to this. On 10 March, its data centre suffered a fire because its structural design was possibly not well-thought out. They had another warning on 21 March.
Finally, there is not only "cloud" security. We should also talk about security "from" the cloud. Apart from securing the assets transferred to these new environments, we should note the potential of cloud environments as a security tool in and of themselves, due to their distinctive characteristics of ubiquity, scalability and elasticity, and their ability to provide security solutions for cloud, on-premise and hybrid environments.
In this context, it is essential to find a new "rara avis" in the digital talent landscape – the cloud cybersecurity architect, undoubtedly a white blackbird in a market where the professional deficit is in the millions.