Why you need a multi-layered strategy to secure the cloud [Q&A]
Recent cyber attacks have seen not just the usual monetary motives but also the rise of espionage attempts with attacks on government officials.
So how can organizations, both public and private sector, protect their most valuable assets? We spoke to Glenn Luft, VP of engineering at Archive360, to find out.
BN: Do organizations now have to assume that breaches are a matter of 'when' not 'if'?
GL: Public or private sector organizations in all regions, regardless of size or industry, are becoming more attractive targets for malicious parties seeking data that can somehow be monetized, or otherwise benefit unauthorized parties. That's why it's a wise move to assume that a breach is inevitable. It also represents a safe business philosophy. Even if there's no attack, a comprehensive security strategy can pay rich dividends in ensuring regulatory compliance and streamlining business processes that boost productivity.
BN: Why is it important to adopt a multi-layered defensive strategy?
GL: The scale and sophistication of recent attacks on various organizations leveraging Microsoft technologies demonstrates the need for multi-layered defenses. While these vary widely, it might start by acknowledging that not all data is the same; the most sensitive information needs to be identified, isolated and granted special protection. It's particularly important to ensure that if (or when) this data is breached, it is encrypted in such a way as to make it fundamentally useless to the hacker.
In our role, when organizations tell us they have critical data in mission critical applications, databases, mail servers, file and object repositories, or in particular SaaS systems, there's a paramount need to classify and extract that data, and store it in isolated and secure systems with strong audit controls. The secure data governance system when managing critical data must be even more secure, often requiring uniquely layered network segmentation and isolation. Location is a factor too: The multiple layers of security also run in customer environment that are often in different regions -- an attack on one doesn't compromise the entire network or even a single piece of protected data. All this goes far beyond the defensive capabilities of the average SaaS application.
BN: Isn't this going to introduce additional complexity for security teams?
GL: The typical cloud configuration is already complex; if it isn't, it's surely vulnerable. Also consider the complexity of the recent attack on customers relying on Microsoft technology -- more than 25 organizations in different continents, many with highly sophisticate infrastructures protecting very sensitive data, were simultaneously breached.
A multi-layered defense may add complexity to the security discipline, but the benefits are undeniable and proven. If the data is worth protecting, then the effort is justified.
BN: What role does AI have to play in defending against attacks?
GL: AI and machine learning may be leveraged today for vulnerability assessments, risk audit, and live detection and alerting of unusual activities. The first and best proactive approach is to identify and classify the data and secure it appropriately. Security professionals can leverage machine learning tools to scan data streams and identify and secure critical assets, such as with additional security controls or unique encryption keys. The keys can be stored in data center elsewhere.
The second proactive step that we see our customers taking is to audit themselves, often with third parties. Tools are created and adapted to specific customer environments to audit their secure systems with new scan and detection approaches. Reactively, as the system understands and stores system data and end user usage patterns, audit tools are trained to detect and differentiate low- to high-risk anomalies. A simple low alert risk might be of a user accessing data from a different location; a medium to high risk would be of data being published in a new manner to internal and external audiences. And if there is breach detected, customers now leverage a range of AI tools to sift through the stored, indexed and classified volumes of data with meaningful issue identification, and highlight issues for management review and decisions.
Photo Credit: arka38/Shutterstock