Chief Innovation Officer at Orca Security.
As cloud computing evolves and expands, the cloud security industry has focused on a series of top issues, each taking turns at the top of the priority list. The risks of misconfigurations gave way to identity and access management (IAM) issues, which gave way to Kubernetes container security and eventually to application programming interface (API) security. The industry is constantly identifying new types of security issues, deeming them the most important until the next “hot topic” in security comes along and takes its place, often before the industry has finalized an effective way to fix the first.
However, a persistent problem is that many organizations have ignored the basics of security. Recent research from Orca Security has revealed troubling observations among organizations operating in the cloud, from high percentages of obsolete assets and vulnerable data to weak IAM controls and exposed Kubernetes API servers.
Individually, it may seem that each instance of a basic security issue, such as an unpatched server or a CVE vulnerability in an application, can be easily fixed. But in a multi-layered cloud enterprise with many stakeholders — many of whom may lack security expertise — these issues can develop into major issues that pile up unresolved.
Innovators in the cloud security industry can become frustrated by this trend, wondering why they keep developing new tools and solutions if they don't seem to be being used. However, the truth is that the cloud security industry needs to focus on the practical approach. It's not that there are too many issues, it's that there are too few fixes.
It doesn't come with alerts, it comes with fixes
The issues facing cloud infrastructures are real, of course, whether they're related to misconfigurations, vulnerabilities, data issues, or other issues. The industry has to address them, and innovative tools and solutions that identify problem areas are of great value. But organizations don't need thousands of additional alerts; they need help mitigating these issues. In fact, I can confidently say that I've never met a security leader who told me they didn't have enough alerts to fix.
As security service providers, we need to look at it in context. Prioritization should not be based solely on how severe a CVE vulnerability in an application is, for example, but on where that application sits within the stack and how critical it is to business production. We need to simplify treatment processes. This reduces the number of problems that the practitioner is prioritized to fix. But this is still usually not enough.
The goal should be to minimize those issues that need to be prioritized along with the amount of work required by practitioners to fix them. Risk recording should be a by-product of this, prioritized where possible in the course of the work to reduce the number of repairs. In short: Don't come with alerts, get the fixes and make those fixes easier to implement.
An important part of a practical approach to cloud security is leveraging the capabilities of artificial intelligence (AI) and recognizing its limitations. Take, for example, a self-driving car powered by artificial intelligence. It doesn't actually drive itself. It needs a human to supervise it, tell it where to go, and be ready to take over when necessary. But artificial intelligence is necessary to operate it, and its capabilities significantly reduce the workload of the human driver. We need to take the same approach to cloud security.
One way AI helps is by connecting production with enterprise developers. In many organizations, a large percentage of security engineers' work is devoted to identifying the source of a problem in the production environment and then finding the person responsible for fixing the problem. When multiplied in a cloud environment, identifying all of these issues can become a daunting task. The organizations reported that it took weeks to find all the items that needed repair.
AI's ability to quickly collect and analyze massive amounts of data can speed up this process while also beginning to address many problems. This can significantly reduce developers' work, freeing them to focus on more strategic projects.
Cloud security basics
The breadth and complexity of multi-cloud infrastructures creates an environment potentially rife with security vulnerabilities, configuration flaws, and, as our research shows, basic security negligence. It's important to identify vulnerabilities and areas that need to be addressed, but organizations need more than just alerts. The cloud security industry must realize that organizations need practical help in resolving issues as quickly and easily as possible.
we need to:
• Prioritize security alerts in the context of work.
• Focus on providing solutions, in addition to identifying problems.
The same tools, such as artificial intelligence, that are used to help identify and identify problems can be used to help deliver treatments. Some issues can be handled automatically. For others, security providers can reduce the amount of work required for repair. We can provide all the necessary data, identify who needs to be involved and prepare the first steps to be taken towards solving the problem.
By taking this approach, cloud security providers can effectively reduce the need for manual work, reduce the overall number of security issues, and ultimately make fixes easier. In the process, we can help improve the state of cloud security.
The Forbes Technology Council is an invitation-only community of world-class CIOs, CTOs, and CTOs. Am I eligible?
