LOGO

solving the security challenges of public cloud

AVATAR Nick Lippis
Nick Lippis
April 24, 2021
Topics:Cloud Computingcloud infrastructurecloud servicescloud storageColumncomputer securitycybersecurityOpinionSecuritysecurity
solving the security challenges of public cloud

The Expanding Data Lake Market and Rising Security Concerns

Industry analysts forecast substantial growth in the data-lake market, projecting a value of $31.5 billion within the next six years. This anticipated expansion is causing considerable apprehension among larger organizations.

The increase in data lakes directly correlates with heightened consumption of public cloud services. Consequently, organizations are experiencing a dramatic surge in the volume of notifications, alerts, and security events they must manage.

The Alert Fatigue Crisis

A 2020 report by Dark Reading, referencing Sumo Logic’s research, revealed that approximately 56% of enterprises process over 1,000 security alerts daily. Furthermore, 70% of IT professionals have observed a doubling of alert volumes in the last five years.

Within the ONUG community, many organizations are now contending with event rates reaching one million events per second. This translates to tens of peta-events annually.

As digital transformation accelerates, this trend is expected to continue, leaving IT leaders seeking more effective methods for event management.

Challenges with Public Cloud Security

The absence of a standardized framework for public cloud security exacerbates these difficulties. Cloud consumers are compelled to increase spending on security infrastructure.

This includes investments in SIEMs, SOAR, security data lakes, associated tools, ongoing maintenance, and skilled personnel – resources that are often difficult to acquire.

Maintaining an “adequate” security posture requires significant financial and human capital.

The Need for Standardization

The growth of public cloud and the associated data volumes are undeniable. However, enterprise leaders shouldn’t be perpetually challenged by these issues.

Standardized operating procedures are commonplace in many areas of life, from school drop-offs to company vehicle checkouts. Yet, a comparable standardized approach for public cloud security remains elusive.

Given the fundamental role of the public cloud in modern society, this lack of standardization is a critical concern.

Introducing the Cloud Security Notification Framework (CSNF)

Recognizing this need, the ONUG Collaborative initiated the development of the Cloud Security Notification Framework (CSNF).

Security leaders from prominent organizations – including FedEx, Raytheon Technologies, Fidelity, Cigna, and Goldman Sachs – collaborated to establish this framework.

The primary objective of CSNF is to establish consistency in how cloud providers report security events, alerts, and alarms. This will provide end users with enhanced visibility and governance over their data.

Addressing Public Cloud Security Challenges

The following sections will provide a more detailed examination of the security challenges inherent in public cloud environments and how CSNF aims to resolve these issues through a unified, standardized approach.

Understanding the Surge in Public Cloud Security Alerts

Several critical factors are contributing to the growing frequency of security alerts within public cloud environments:

  • The accelerated pace of digital transformation, largely driven by the COVID-19 pandemic.
  • A broadened network perimeter resulting from the widespread adoption of remote work.
  • A notable escalation in the sophistication and variety of security attacks.

These initial two challenges are intrinsically linked. The abrupt shift to remote operations in March of the previous year, necessitated by office closures, fundamentally compromised the traditional security boundaries for many organizations.

Companies already accustomed to remote work models were less affected, however, larger enterprises quickly encountered significant vulnerabilities.

Many organizational leaders have conveyed that the need for operational continuity superseded security considerations during this period. Maintaining business functionality took precedence over robust governance protocols.

Effectively, each remote employee became a potential entry point into the company’s network. A lack of fundamental governance controls and insufficient employee training regarding threat identification – such as phishing – created substantial security gaps.

The FBI reported a dramatic increase in cybercrime complaints during 2020. Its cyber division received approximately 4,000 daily reports of security incidents, representing a 400% rise compared to pre-pandemic levels.

Furthermore, the increasing sophistication of cybercriminals presents a significant hurdle. According to a report by Dark Reading, 67% of IT leaders identify the constantly evolving nature of security threats as a primary challenge.

Attackers are employing increasingly clever tactics. Exploitation of vulnerabilities through phishing emails, IoT devices, and other vectors is becoming commonplace, allowing unauthorized access to organizational networks.

This necessitates continuous adaptation from IT teams, who must dedicate considerable time to distinguishing genuine threats from false positives.

The absence of a cohesive and standardized security framework will inevitably lead to an unmanageable escalation in incident volume.

The Role of the Cloud Security Notification Framework (CSNF)

The implementation of CSNF is poised to deliver advantages to both cloud service providers and the organizations utilizing their services. Traditional security platforms frequently encounter delays due to the time required to incorporate data originating from isolated systems. These systems include asset inventories, vulnerability scans, intrusion detection systems, and historical security alerts.

Such integration processes can be both costly and inefficient. However, a standardized framework like CSNF significantly streamlines the integration of historical notifications and enhances contextual awareness across the entire cloud ecosystem. This results in reduced expenditures and allows SecOps and DevSecOps teams to dedicate their efforts to more critical activities.

These activities include security posture evaluations, the development of innovative products, and the refinement of existing security solutions. Let's examine the specific benefits a standardized approach offers to each stakeholder:

  • End Users: CSNF facilitates smoother operations for enterprise cloud users, such as IT departments, by providing enhanced visibility and control over their data's security status. This heightened level of security, stemming from improved cloud governance, ultimately benefits all users.
  • Cloud Providers: Currently, a significant obstacle prevents enterprises from adopting additional services from certain cloud providers – the perceived complexity of security integration. CSNF removes this barrier by optimizing security resource allocation. Furthermore, improved cloud governance among end-users drives increased cloud adoption, boosting provider revenue and fostering confidence in data security.
  • Cloud Vendors: SaaS providers are experiencing escalating costs related to managing the growing volume of security notifications. A standardized framework would alleviate this burden, reducing the need for dedicated engineering resources. This allows vendors to redirect investment towards core operational improvements and product enhancements, like user interfaces and applications.

Through collaborative effort, all parties involved can effectively minimize the disruption caused by security alerts and establish a secure cloud environment for sustained operation.

The Current Status of CSNF

The Cloud Security Notification Framework (CSNF) is currently undergoing development. A collaborative effort among cloud users has been initiated to define the necessary specifications, and ongoing input from these users is shaping the prototype’s creation.

Currently, cloud service providers are focused on constructing the core element of CSNF: the Decorator. This component will function as an open-source service, translating security reports across multiple cloud environments.

Challenges and Priorities

The recent global pandemic has introduced significant shifts, including novel security concerns within public cloud deployments. A key objective is the reduction of superfluous IT alerts.

Prioritizing this reduction is crucial for maintaining robust governance and operational efficiency. It fosters a stronger security posture, minimizes the demand for additional resources, and facilitates greater cloud adoption.

ONUG's Role in Security

The Open Networking User Group (ONUG) is actively working to proactively address evolving security threats. This is particularly important in the context of accelerated digital transformation.

By staying ahead of potential security incidents, ONUG aims to ensure the industry remains resilient and protected in a dynamic technological landscape.