Discover how security leaders are shifting their priorities to adopt more cloud-centric security approaches like improved identity and access management, increased visibility and prioritized risk management, and Zero Trust best practices.




istock 962731548

iStock/Just_Super

By Microsoft Security

The current uncertain economic climate is pushing security leaders to streamline operations and do more with fewer resources. As a result, many are looking to optimize their infrastructure using cloud-based solutions and integrated managed security services. This is largely because the public cloud offers advantages like strong foundational security, cost efficiency, and scalable computing.

These strengths make the public cloud a key resource in a time of tightening budgets. However, security leaders must also account for coverage gaps that can arise in the nexus between the public cloud, private cloud, and on-premises systems.

Keep reading to learn how security leaders are shifting their priorities to adopt more cloud-centric security approaches like improved identity and access management, increased visibility and prioritized risk management, and Zero Trust best practices. And for more insights, check out the full CISO Insider report.

Uplevel cloud management to be as secure as your cloud environment

The cloud has historically been seen as a tradeoff between greater risk exposure and greater cost efficiency. But that viewpoint is beginning to change. Today, many security leaders have embraced the cloud as the new normal—capitalizing on its cost efficiency, infinitely scalable resources, cutting-edge tooling, and reliable data protection in the face of talent shortages and tightening budgets.

However, cloud foundational security doesn’t always equate to data security. Data protection in the cloud is highly dependent on how cloud services are implemented alongside on-premises systems and homegrown technology. Risks can arise in the gaps between the cloud and the traditional organizational boundary, policies, and technologies used to secure the cloud. Misconfigurations are also a major concern, often leaving organizations exposed and dependent on security teams to identify and close the gaps.

By 2023, 75% of cloud security breaches will be caused by the inadequate management of identities, access, and privileges. As more security leaders become aware of the risks of cloud misconfiguration, the conversation around cloud security has shifted from “Is the cloud secure?” to “Am I using the cloud securely?”

To answer this question, organizations should approach cloud security from the ground up by tackling human errors like identity breaches and misconfigurations that can expose the organization to risk. Managing access through identity controls and implementing strong security hygiene can go a long way in closing these gaps. We also recommend implementing an end-to-end cloud-native application protection platform (CNAPP) strategy to automate threat protection and embed security from code to cloud, reducing your overall cloud attack surface.

Make visibility and prioritized risk management your cornerstones

The shift to cloud-centric IT not only exposes the organization to implementation gaps, but also to a proliferating array of networked assets like devices, apps, endpoints, and exposed cloud workloads. This has created a more porous environment. As a result, security teams have moved away from perimeter-based security in favor of a more security-posture-based approach that enables them to embrace their current borderless system.

Today, security leaders can manage their posture with technologies that deliver visibility and prioritized response. These tools help organizations map an asset inventory that covers the entire attack surface, spanning managed and unmanaged devices both within and outside of the organization’s network. Using these resources, CISOs can assess the security posture of each asset, as well as its role in the business to develop a prioritized risk model. And while this might sound overwhelming, there are a number of industry-proven frameworks and security innovations that put comprehensive posture management within reach.

When creating a comprehensive security posture, we recommend starting with visibility and ending with prioritized risk management. You can achieve visibility using a risk asset inventory that includes IT assets like networks and applications, databases, servers, cloud properties, IoT properties, as well as the data and IP assets stored on your digital infrastructure. From there, coordinate with data, IT, and security teams to analyze your risks under the lens of internal vulnerabilities and external threats. This enables you to prioritize security interventions based on current business needs. Finally, we recommend integrating your asset inventory, risk analysis, and business risk model into a comprehensive posture management strategy.

Lean on Zero Trust and security hygiene to help protect connected IoT and OT devices

The final piece of this puzzle is the convergence of Internet of Things (IoT) and Operational Technology (OT) devices. IoT devices often represent the weakest link in the digital estate because they are not managed, updated, or patched the same way traditional IT devices are. Once accessed, IoT devices are vulnerable to remote code executions. An attacker can gain control and exploit vulnerabilities to implant botnets or malware in an IoT device. At that point, the device can serve as an open door to the entire network.

OT devices pose an even more sinister risk, with many being critical to the operation of the organization. Today, over half of OT networks are connected to corporate IT (business) networks. Likewise, 56% of companies report having internet-connected devices on their OT network for scenarios like remote access. This connectivity exposes organizations to the risk of major disruption and downtime in the event of an attack.

OT devices can be easy targets, as they often involve brownfield or legacy equipment that isn’t secure by design, pre-dates modern security practices, and may have proprietary protocols that elude visibility by standard IT monitoring tools. Attackers tend to exploit these technologies by discovering exposed internet-facing systems, gaining access through employee login credentials, or exploiting the access granted to third-party suppliers and contractors. Unmonitored ICS protocols are one common entry point for OT-specific attacks.

To better manage IoT and OT security, we recommend using an IoT/OT-aware network detection and response (NDR) solution and a security information and event management (SIEM)/security orchestration and response (SOAR) solution to gain deeper visibility into IoT/OT devices on your network. This will enable you to monitor devices for anomalous or unauthorized behaviors, such as communication with unfamiliar hosts. You should also assume your OT and IT are converged and build Zero Trust protocols across the attack surface. You can further reduce your attack surface by eliminating unnecessary internet connections and open ports, restricting remote access by blocking ports, denying remote access, and using VPN services.

The cloud is quickly becoming a foundational piece of modern security, enabling security leaders to streamline their digital estate amid escalating threats and pressure to do more with fewer resources. By deploying a robust cloud security strategy in concert with comprehensive posture management and specific tactics designed to close gaps at the IoT/OT edge, organizations can get the most out of their cloud-centric model.

For more information on security best practices and emerging cyber threat insights, visit Microsoft Security Insider.

Copyright © 2023 IDG Communications, Inc.