Research Assessment #8

Date:​ November 22, 2019

Subject:​ The relevance of cloud security

MLA Citation: ​Fritchen, Katie, et al. “Where Cloud Security Fits In Your Cybersecurity
Infrastructure.” ​Security Boulevard​, 3 Oct. 2019,
https://securityboulevard.com/2019/10/where-cloud-security-fits-in-your-cybersecurity-infrastru
cture/.

Analysis:
Cloud security is a product of the growth of the cybersecurity industry. With the growth of the IT
field, companies have been shifting their storage of information from databases to the cloud. This
shift in information introduced the need for cloud security in order to protect companies’
information. After this introduction, the article discussed the idea of multi-layered cybersecurity
infrastructure. The article emphasizes the benefits of this type of cybersecurity infrastructure,
which includes smooth integration and redundancy. After this, the article discusses the six
categories the layered infrastructure needs to cover: infrastructure security, identity and access
authentication, endpoint security, network security, cloud security and incident
management/response. Lastly, the article discusses how to incorporate cloud security into a
cybersecurity infrastructure. The article explains the process of doing so, which includes
configuring the various security settings and incorporating a cloud access security broker to add
a layer of protection to data stored in the cloud.

The most relevant concept of this article was that of multi-layered cybersecurity infrastructure.
This idea is the future of data security, as the additional layers of protection make it even harder
for data to be stolen. However, this infrastructure is a significantly more complicated to
implement than normal cybersecurity measures. As the cybersecurity field continues to develop,
more and more companies will begin to utilize this infrastructure. Therefore, understanding this
security structure will not only be beneficial to my current study, but it will be imperative to
future success in this field, as it is necessary to understand the infrastructure in order to fix
exposable weaknesses.

However, in order to understand infrastructure, I have to first understand the individual parts.
Infrastructure, authentication and network security are fields I am familiar with due to previous
experiences and research. That leaves three aspects I need to understand: endpoint security,
cloud security, and incident management. The article provides basic definitions for all three of
these subsets, such as endpoint security being the security of computers and laptops, but these
definitions are fairly limited. Hence, I need to continue researching these subsets of
cybersecurity in order to gain a solid understanding of the layered cybersecurity infrastructure.

The article concludes by discussing the incorporation of cloud security. Once again, this article
provides the basic ideas of incorporation, but does not go into detail about this process. These
lack of details prevented me from learning significantly more about cloud security incorporation
than just being introduced to the idea. Even though this idea of incorporation would probably not
have been significantly impacted my study, the lack of information prevented me from even
receiving a solid introduction to the idea.

Overall, this article provided relevant information regarding the layered cybersecurity
infrastructure. However, it proceeded to provide an extremely vague introduction to the layers
and the incorporation of them, which made the article significantly less impactful for my ISM
study than I hoped. Looking forward to the next research assessment, I need to look into articles
that discuss endpoint security, cloud security, and incident management in order to gain a solid
foundational understanding of the layered cybersecurity infrastructure.

Article:
Where Cloud Security Fits In Your Cybersecurity Infrastructure: A Multi-Layered
Cybersecurity Infrastructure Protects Data Both Inside and Outside Your Network

Everyone is aware that cybersecurity is critical for all types and sizes of organizations. But with
cloud computing being relatively new, many don’t fully understand where ​cloud security​ should
fit in their cybersecurity infrastructure.

The goal of each component, or layer, of your cybersecurity infrastructure is to protect against
malicious or improper use of your organization’s information systems and/or data. But each does
it in very different ways, based on the underlying technology of the system it’s designed to
protect. These systems often include databases, endpoints, networks, and cloud applications.

Let’s take an overview of a multi-layered cybersecurity infrastructure, and discuss where and
how cloud security fits into it.

What is a Multi-Layered Cybersecurity Infrastructure?

Multi-layered cybersecurity is an approach to network and ​data security​ that uses a number of
different components to achieve prevention, detection, remediation, and discovery objectives.
Your infrastructure is simply the tools, appliances, platforms, etc. that you use to maintain your
cybersecurity strategy​.

A multi-layered approach is considered a best practice for a couple of reasons. First, though there
has been a good amount of consolidation in the cybersecurity market, no one solution does
everything. Nor is there one solution that does everything very well. A multi-layered approach
allows IT and security teams the ability to integrate “best of the best” solutions to their
infrastructure’s various needs.

Second, a multi-layered approach builds redundancy, or checks and balances, into your
cybersecurity infrastructure. We tend to think of redundancy as a bad thing in everyday life, but
in IT security it is critical. By creating layers that overlap a little, yet work well together, your
cybersecurity infrastructure is better configured to prevent—or at least detect and
remediate—incidents.

If your organization has moved into the cloud—whether you’re all-in or just using some cloud
apps—cloud security needs to become another layer in your cybersecurity infrastructure.

Why? Because, simply put, there is no perimeter in the cloud. Traditional security solutions, such
as firewalls (even “next gen” firewalls), secure web gateways (SWG), and message transfer
agents (MTA) don’t protect cloud applications. They are built to protect your network perimeter,
not data stored in the cloud.

Once unauthorized access is able to break into your perimeter, none of these devices are going to
protect the information stored in your organization’s ​cloud applications​. Or, worse yet, if
someone ​within​ your organization is using information inappropriately (either intentionally or
accidentally), these devices won’t detect that kind of behavior at all.

This is why ​zero trust security​ is becoming a popular approach to cybersecurity. Zero trust
security puts checks and balances into place that trusts no one, whether it’s seemingly an
authorized account or not.

Your Layered Cybersecurity Infrastructure

While a multi-layered cybersecurity infrastructure approach is preferred, it can also get ​out of
hand​. The dizzying array of different products and vendors available makes it all a bit
overwhelming. This is why it’s important to have a strategy that outlines the specific needs of
your organization and the information you store.

Your cybersecurity infrastructure should cover the following six categories.

Infrastructure security refers to securing the critical infrastructure underlying your entire IT
system. Your approach to infrastructure security depends heavily on how your environment is
configured. For example, if you have a lot of data assets stored on-premise, in servers, your
infrastructure security approach will look one way. If your organization has migrated most or all
of your data to the cloud, it will look very different.

With cloud computing, the majority of infrastructure security is outsourced to the vendor.
Meanwhile, on-prem infrastructures require internal staff or a managed service provider to
maintain infrastructure stability and security.

2. Identity and Access Authentication

Also often referred to as ​identity and access management (IAM)​, this layer of your cybersecurity
infrastructure is like the lock on your front door. When a user tries to access their account, they
need to authenticate that they are who they say they are, and should be granted access. This
doesn’t just refer to platform or application logins. It also includes phone and laptop passwords,
network access, etc.

3. Endpoint Security

Endpoint security​, or endpoint protection, covers the devices that are used to access your
organization’s network. Endpoints include things like computers, laptops, smartphones, tablets,
and servers.

4. Network Security

Network security protects the underlying connections and interactions between all endpoints
connected to the network. Network security is the layer of your cybersecurity infrastructure that
most of us think about when we think about cybersecurity. It is where your firewalls, SWGs,
MTAs, etc. are organized in the infrastructure.
Some cybersecurity infrastructure models separate network security and perimeter security. This
isn’t wrong. But my argument here is that network security ​mostly​ focuses on defending the
perimeter. While there are differences, network and perimeter technologies have largely
consolidated over the years.

5. Cloud Security

Cloud security​ protects information stored, accessed, and shared in the cloud. It is very different
from network security, mainly due to the fact that the cloud is ​outside of​ your network. This
placement renders network security basically useless.

For the most part, this information is being stored, accessed, and shared in cloud applications,
such as ​Google G Suite​ and ​Microsoft Office 365​. There are a number of benefits to working in
the cloud with reputable application vendors. As mentioned previously, it allows IT teams to
outsource infrastructure security and maintenance to these vendors (which, most likely, have far
more resources to hire top talent and maintain large teams).

They also tend to build great ​native cloud security controls​. These controls help system admins
properly configure authentication and security settings. Because, while the vendor is responsible
for the infrastructure security layer of their own cybersecurity infrastructure, they are not
responsible for the service level security. Securing and monitoring access to information stored
in cloud applications is the responsibility of the customer (a.k.a. you!)

6. Incident Management & Response

Finally, you will need to integrate an incident management and response layer into your
multi-layer cybersecurity infrastructure. If (or, more likely, ​when)​ an incident occurs, you’ll need
a plan and process for responding to it. Depending on the scale and/or seriousness of the
incident, the attack vector, and the industry you are in, your processes may need to look a little
different.

Incident management and response processes generally include the following steps:
1. Detection & analysis
2. Containment, remediation, & discovery
3. Reporting & communication

How To Incorporate Cloud Security

Next, you will want to incorporate the 5 ​cloud application security best practices​ into your
processes and your tech stack. These best practices include:

1. Don’t ignore due diligence in cloud app selection & sanctioning

Finally, circling back to our earlier discussion about layering and redundancy, it may be a good
idea for you to look into a 3rd party ​cloud application security​ platform. Commonly referred to
as a ​cloud access security broker​ (or ​CASB​), a CASB can provide several benefits to your
cybersecurity tech stack. It can provide an additive layer of protection to your data stored in the
cloud, providing more security than exists with the apps native functions. ​CASB​ also pull all
your cloud application security monitoring, auditing, and policies into one dashboard. This
makes monitoring and incident response much easier for IT teams, because they don’t have to
spend time logging into multiple different platforms and navigating different UIs to find the
information they are looking for.

Cloud security is a critical layer of cybersecurity for any organization that is storing, accessing,
and/or sharing information in the cloud. Relying on network security controls to protect the
cloud layer is risky at best. The good news is that incorporating cloud security into your
cybersecurity infrastructure isn’t complicated (nor does it need to be expensive).

The biggest problem I see right now is awareness. Many people are not fully aware of the unique
cloud security threats they are exposing their data to. Others simply don’t realize that their
network security tools don’t have them covered—until it’s too late. But now you know!