Prioritize Network Monitoring, Vigilance with CISA’s Cloud Security Technical Reference Architecture

Last year, Executive Order 14028 was signed to help with, “Improving the Nation’s Cybersecurity” and directed the Cybersecurity and Infrastructure Security Agency (CISA) to create a cloud-security technical reference architecture (TRA) to help with recommendations for cloud migration and data protection for agencies and organizations.

The TRA is meant to provide guidance to agencies on best practices to migrate network systems to the cloud.

CISA also encourages federal program and project managers involved in cloud migration to review and implement the Cloud Security Technical Reference Architecture.

As more organizations move to the cloud, it furthers the necessity of assessing networks and cybersecurity monitoring in the cloud.

Access our webinar on cloud security “Cloudy Day: Cybersecurity Storm Clouds are Brewing” to learn more about the complications of cloud environments and the need for continuous monitoring.

Cloud-based networks are on the rise and are a popular choice for new deployments. They are, however, just as vulnerable as on-premise solutions to cyber attacks. Ultimately, a network can be safe or vulnerable depending on the way it is configured.

So what does vulnerability look like in the cloud?

Cloud computing technology is constantly going to evolve, which makes IT operations more complex, and restructuring may lead to unintentional security gaps. Misconfigurations of cloud-related systems and other assets can create the potential for breaches and other data leaks. A common area where vulnerabilities arise in the cloud is when there is a lack of visibility into cloud operations, which makes regulation and compliance more difficult. Any type of employee access also has the potential to add risk and vulnerabilities in to cloud environments.

Further, applications in the cloud accumulate vulnerabilities just like any on-prem application would. Successful exploitation of these vulnerabilities can create a unique kind of foothold in a cloud-based environment, including the Siloscape exploit of March, 2021, in which the initial takeover of a single Kubernetes container led to the compromise of an entire cluster. Tracing and monitoring these kinds of attacks present a unique security challenge to organizations employing cloud architecture.

You should continue to conduct vulnerability assessments in cloud environments for the same reason you conduct them in on-promise networks. It provides details of where your network is protected and properly configured and where it remains vulnerable.

We have seen plenty of examples where the cloud is vulnerable to cyber attacks, including Russia’s Sunburst in late 2020.

• Cloud computing technology is complex and constantly evolving, making IT operations more complex. Restructuring can create unintentional security gaps.
• Misconfiguration of Cloud-related systems, tools and other assets creates an environment for breaches and data leaks.

A vulnerability assessment in the cloud can help reduce the risk of potential misconfiguration, as well as improve your resilience. It can also help with discovering a more optimal network architecture.

Visualization of the threat landscape in the cloud is incredibly important as limited visibility of cloud operations can make regulation and compliance much more difficult when it comes to cloud security. With remote or hybrid work, more access that often can be unsecure adds increased risk into cloud environments.

A major component to visibility into your network is taking inventory of the devices connected to your network, especially when it comes to those devices being connected remotely through a cloud environment.

If you don’t know what exists on your network, you can’t protect it from being a vulnerability to your network. It would not be an overstatement to say that confirming full visibility is one of the top priorities to take action on when it comes to working towards building a secure cloud environment.

Once a clear map of the network has been established, implementing a continuous monitoring solution becomes the next critical step to help keep data encrypted, keep access controls in place, and effectively monitor all traffic and ongoing threats. Continuous monitoring provides the ability to detect threats and mitigate any potential impacts from them.

One of CISA’s top recommendations for strong cloud cyber posture is continuous network monitoring.

Continuous monitoring is an essential part of vigilance against any cyber threat, whether it’s against an on-premise or cloud-based network.

Monitoring is just one, albeit an important one, part of maintaining vigilance against potential cyber attacks. Employees of any organization, especially outside of IT or network admins, are part of the front line defense against cyber threats. Often, a large majority of cyber actors gaining access to a network comes from phishing and other forms of social engineering attacks that target the staff of the organization.

Training employees to recognize phishing emails and helping them have applicable cyber hygiene skills from identifying potential threats, maintaining strong password habits, and more, can reduce the potential of your network being infiltrated.

The TRA provides good details on cloud service models, and deployment types and defines shared responsibility when it comes to migrating to a cloud environment. It emphasizes the importance of having a strategy to migrate to the cloud and even makes a case for the possible benefits of setting up a zero trust model.

The effort and the steps to security seem complex and steep but consider the alternative: studies from IBM showed that the average data breach cost in 2021 was $4.24 million, which was a 10% rise from figures in 2019.

The cost of a hybrid cloud data breach was $3.61 million in 2021, just under the cost of the average breach. That is another factor in more cloud migrations, and cloud security is necessary in order to reduce the frequency of data breaches and their impact. Cloud security spending is expected to continue to grow through 2022 into the billions compared to previous years due to that importance. Preemptive spending on security far outweighs the risks of paying the total cost of a cyber attack in terms of dollars and your reputation.

Reach out to SecuLore today about network monitoring security in the cloud with our new SecuLore™ OverWatch Cloud technology that provides visualization into your network. Data and reports are collected through monitoring, analyzed and delivered to you by a real SOC team with the expertise to cut through the noise and give you the important details you need.