Reality has set in for organizations of all sizes - relevance and future revenues will require digital transformation and adoption of cloud services. Gartner predicts the public cloud services market to grow to $331.2 billion in revenue by 2022. A multitude of “as-a-service” solutions, on-demand scalable information technology, and the acceleration of DevOps, machine learning, and artificial intelligence are some of the major drivers.
While buzzwords like “cloud workloads” and “cloud computing” dominate the headlines, organizations are still struggling to understand the benefits and challenges of cloud security. How is my data protected in the cloud? Can the cloud provider do it better and cheaper than I can? Will their approach impact the security of my business? Will it impact my business operations?
When examining the security implications of the cloud, companies often struggle to weigh the risks vs benefits of “cloud-delivered” (also known as “cloud-enabled” or “cloud-native”) security products and services. This is due in large part to the historical concerns of “losing control” over data protection and access controls as companies migrate sensitive data and applications to the cloud. They have worried they can no longer maintain control of the physical infrastructure, specifically, the server room “down the hall.” Because the physical infrastructure is abstracted by the Cloud provider, cloud security must focus on protecting data in an infrastructure and environment-agnostic way.
Companies must shift their security mindset away from perimeter controls to data-centric controls by asking key questions:
By contrast, cloud-based security solutions are purpose-built to utilize the cloud to provide easy answers to the security questions above and go far beyond the traditional, perimeter-based approach of on-premise security solutions. These solutions are commonly called security-as-a-service (SECaaS). SECaaS solutions leverage the cloud, big data technologies, machine learning, and continuous streaming analytics to build real-time identification of indicators of compromise (IOCs) and malicious behaviors of compromise (BOCs) that better detect and stop the latest threats. This results in better, more accurate, more actionable, threat prevention. In addition to leveraging cloud computing, SECaaS solutions can help unify environment visibility, regardless of whether the protected assets reside in the cloud or on-prem.
While there are clear advantages to SECaaS security capabilities it’s important to ensure that customers understand how these solutions satisfy key business requirements for the data. One of the most common misunderstandings is knowing which data is collected and sent to cloud environments vs which data always remains on-premise. Many companies mistakenly believe that the sensitive data and files, which often reside on endpoints or applications, are transmitted to the cloud and become accessible to security solutions. This is not true, SECaaS providers purpose-build to only collect security-relevant metadata, vs corporate data, to feed their analytical process.
An easy way to understand the difference is SECaaS solutions are not interested in the actual content of the excel file. They are interested in the machine data that the excel file generates when being opened or used. To that end, major privacy regulations, including GDPR, make specific exclusions for cybersecurity-driven data collection. For example, GDPR contains a specific provision (known as Recital 49) which specifically includes “providers of security technologies and services” as an example of parties whose use of data does not constitute a digital privacy concern.
There are many SECaaS solutions available in the market today, from endpoint defense through DDoS mitigation. Let's examine endpoint defense, specifically next-generation anti-virus solutions (NGAV). These solutions and services play a critical role in protecting both on-prem and cloud-based endpoints. We’ll avoid describing NGAV or the differences between it and traditional AV as there is plenty of readily-accessible information that already does that. However, it is important to discuss how privacy and data security relate to cloud-based NGAV solutions.
Here’s a sample of a real-world alert from a NGAV solution. This alert was created based on potentially malicious indicators and behavior. While the solution does capture endpoint IP address and username, you will notice there is no sensitive information collected by the console relative to the alert generated from the activity on the endpoint. The content below is what will be stored in the cloud by the SECaaS solution and viewed by the analyst who has access to the console to investigate the threat. As discussed above, the analysts’ activities are always logged and can be reviewed in response to audit and privacy reporting requirements.
Milan Patel, Chief Client Officer, BlueVoyant
Milan Patel is Chief Client Officer of BlueVoyant’s Managed Security Service (MSS). BlueVoyant is an advanced threat intelligence and next-generation managed security services company. Milan leads the creation of the MSS business for the company. In his role as a senior member at BlueVoyant, Milan leads the sales organizations and is involved with all aspects of the MSS business to include partnerships, products, and client success. Milan is a frequent speaker at national and regional cybersecurity conferences and a routine presenter to C-suite and board members at companies spanning various industries and sizes.
Milan came to BlueVoyant from his role as a managing director in the Cyber Defense practice at K2 Intelligence leading managed services and incident response. Before K2 Intelligence, Milan was the CTO of the FBI Cyber Division in charge of technology strategy. As Supervisory Special Agent, Milan organized and co-led the Joint Requirements Team, facilitated by the White House National Security Council to draft implementation plan for President Obama’s Executive Order 13636.
Prior to that, Milan was one of the FBI’s most senior cyber agents and initiated and led numerous high profile, global cyber investigations. Milan was a member of the FBI’s elite SWAT team and was the recipient of the Federal Law Enforcement Officer of
the Year award.