Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Raj Mallempati, chief operating officer at CloudKnox
Security
The Biggest Cyber Threat to an Organization is Itself
It's a new year and a new decade, but security remains a primary
concern for enterprises across all industries. Hacker resilience only grows
stronger as the traditional security perimeter becomes more amorphous.
Identities are now the new perimeter, which means the insider threat is greater
than ever. And this threat is even more complex for organizations that operate
in hybrid- and multi-cloud environments.
With
this in mind, following are the top concerns for enterprises as we enter
2020.
Hackers will significantly increase the use of non-human
identities to maliciously access sensitive business data
2019 shined a spotlight on the (mis)use of non-human
identities-specifically machines, and access keys-to maliciously access
sensitive data. We saw it with the CapitalOne breach. Over the coming year,
we'll see a significant increase in the number of incidents where hackers will
use misconfigured, overprivileged non-human identities to maliciously access
sensitive and business-critical data. They will target these identities because
most of them have excessive high-risk privileges with no oversight.
All cloud-first enterprise organizations will use
automation to adopt and standardize on least privilege policies across their
enterprise cloud infrastructure platforms
There has been an exponential increase in the number and
complexity of managing identities and cloud resources in hybrid/multi-cloud
environments. The number of identities accessing the cloud infrastructure has
increased by 50x, driven by the increase in non-human identities needed for
automation. These identities can access more than 20,000 high-risk privileges
that can potentially impact the infrastructure adversely. Most identities only
use less than 1% of the privileges that have been granted.
This has transformed identities into over-privileged superpowers
with significant infrastructure risk exposure. The most effective way to
address this challenge is by automatically implementing a least privilege
policy framework with elevated privileges on demand based on dynamic usage. More companies will turn to automated
systems that continuously monitor and manage the privileges of all identities
across hybrid and multi-clouds to counter this challenge. In fact, in response
to the CapitalOne breach, AWS's CISO said that "if a customer properly implements
a ‘least privilege' policy, there is relatively little an actor has access to
once they are authenticated - significantly reducing the customer's risk."
Cloud data breaches will shine a spotlight on the shared
responsibility model
In 2020 and beyond, we anticipate that an increased number
of data breaches will result from organizations making the false assumption
that cloud service providers offer complete protection, which simply isn't true
under the shared responsibility model. The currently accepted model states that
the cloud provider is responsible for the security of the underlying cloud infrastructure, but it's an
enterprise's responsibility for the data and systems on top of that
infrastructure.
Most cloud
security incidents result from a combination of misconfigurations or inadequate
protections put in place by the enterprise, and too much complexity or a lack
of inherent security policies by the cloud infrastructure provider. As a result,
organizations will fail to identify the gaps that must be addressed within
their enterprise cloud infrastructure platforms. Organizations will find
themselves liable for more severe repercussions as government cyber-legislation
ascribes harsher consequences. This will increase the need for solutions to automatically provide visibility and control over every
action that every identity performs on every cloud resource.
The cloud security threat surface becomes more complex
Cloud infrastructure and security
operations teams are being asked to do the impossible: manage and secure
multiple, complex, and vastly different cloud platforms while keeping up with
the never-ending expansion of new machine and human identities, resources,
services and privileges. This requires organizations to implement a
strict threat mitigation strategy, plan and processes to continuously monitor
and assess all human and non-human identities' activities and behaviors in
order to quickly produce a forensic trail of all privileged identity activity
and resources impacted. Security teams will need the ability to continuously
monitor, swiftly identify and remediate incidents, while also being able to
deliver proof of compliance to auditors at any point in time.
##
About the Author
Raj Mallempati is the chief operating officer at
CloudKnox Security. Prior to joining CloudKnox, Raj was SVP of marketing at
Malwarebytes, VP of Global Marketing at MobileIron, VP of Product Marketing at
Riverbed Technology and Director of Marketing and Business Strategy at VMware.