Managing cloud cyber security

A padlock against a black computer screen.
(Image credit: Pixabay)

As cloud (opens in new tab) computing continues to reshape the business world, the need to ensure the security of this complex new environment is more important than ever. This comes with its own significant challenges. Increased cloud adoption is bringing increased exposure to cyber threats, leaving businesses vulnerable to ever-evolving forms of attack.

About the author

Scott Nicholson is CEO of Bridewell (opens in new tab).

With cyber threats showing no sign of slowing down, organizations cannot afford any gaps in their cloud infrastructure. Fortunately, there are concrete actions every company can take to strengthen their security stance. To find out more, TechRadar Pro spoke to Scott Nicholson, Co-CEO of Bridewell, a leading provider of end-to-end cybersecurity (opens in new tab) services.

Why is cloud cybersecurity so crucial?

Traditional cybersecurity was built around on-premises infrastructure to manage on-premises threats. But the landscape looks very different today. The rise of cloud computing has made the digital world more interconnected and accessible than ever before, as data (opens in new tab) and applications (opens in new tab) have moved outside the traditional perimeter. This change has rendered most legacy network security (opens in new tab) controls obsolete, so it is essential that cybersecurity methods evolve to keep pace with accelerated cloud adoption.

At the same time, these increasingly complex IT and networking (opens in new tab) infrastructures are bringing new opportunities for cyber criminals, due to the expanded attack surface. We need only look at recent news headlines to recognize the threats. The Russian-backed hackers behind the Sunburst cyber attack managed to exploit cloud vulnerabilities to pilfer emails and files from over 100 companies around the world. We are also seeing cloud-based systems, services and data being targeted by ransomcloud - attacks that take advantage of weaknesses or legitimate functionality in cloud resources to deploy malware (opens in new tab), encrypt data, and extort money from businesses.

To manage such a complex web of risks, companies need to review their own cloud security posture today and put in place measures to boost visibility, cyber maturity and resilience.

How can companies tackle the problem of skills gaps when it comes to cloud security?

There’s no denying that the skills gap is a growing challenge. Unfortunately, a lot of organizations started their cloud transformation journey on the back foot, implementing remote access tech without the skills needed to secure and manage cloud environments on an ongoing basis. This has led to a skills, transformation, and burnout cycle: IT teams are being asked to do more with less people to support transformation, heightening the risks of human error, data breaches, and the cycle getting underway again.

But there are ways that companies can break through the cloud security skills gap. Education is key to mitigating threats in the cloud, so all IT, security, and end users need to be fully informed and trained on a range of basic cyber hygiene practices and how these translate into cloud environments, covering areas such as controls testing, configuration hardening, network segmentation and incident response capabilities in the cloud.

Also, organizations shouldn’t be afraid to expand their talent pool by recruiting people from other backgrounds. Too many organizations focus purely on cyber talent and could be missing out on many great candidates with transferable skills. Here at Bridewell, we have taken on a lot of IT engineers and trained them up to be penetration testers and these are now some of our best people.

Companies also have the option to partner with a trusted managed security services provider with expertise in cloud security solutions. Outsourcing addresses the cyber security skills gap by providing ongoing expertise and support, which is very difficult to achieve in-house.

What challenges are preventing organizations from gaining the visibility needed to detect and respond to threats in the cloud?

There are a number of reasons why organizations may struggle to gain a detailed view of all activity in the cloud. In today’s diverse digital landscape, it’s common to see the convergence of traditional enterprise IT infrastructure with public cloud in a hybrid deployment. Businesses are also now integrating their operations with multiple cloud providers, which adds an extra layer of complexity. This means that some traditional security operations centers (SOCs) are having to juggle around 40 different tools to cover the cloud and every other possible vulnerability, each of which needs to be configured, supported, and monitored 24/7. This is a huge ask, and resources will be stretched further as OT and IT continues to converge.

Organizations can improve their cloud visibility today by having a multi-cloud security strategy and aiming to move towards having a full Extended Detection & Response (XDR) capability to help detect and respond to security threats in a more holistic and efficient manner.

How can companies better balance operational uptime and security requirements?

Of course, every organization wants to have effective security in place but without hindering and negatively impacting business operations. This is absolutely critical for some Operational Technology (OT), where it is performing critical functions that have a health and safety consequence.

Context in these scenarios is king. Understanding what risks are faced, the threat actors and the various methods in which a cyber attack could occur will enable informed decisions to be made regarding the application of cyber security controls and risk mitigation activity. Threat modelling is a very good methodology to structure and deliver this type of approach, which should include security professionals, engineering teams and any other key stakeholders.

There are also security technologies that provide non-intrusive network based detection capabilities to aide visibility, which is a great starting point for security improvements. Having a development environment or being able to replicate segments of an environment to test the application of security controls, will all aide understanding and decision making.

What does a proactive cyber security posture look like, and how can organizations achieve it?

Organizations with a proactive cyber security posture take the initiative to drive long-lasting security improvements from within, rather than waiting for the next big breach to happen. This involves moving away from traditional reactive security techniques - which focus simply on detection and notification of attacks – towards a more intelligent stance that gives a clear, holistic view of cyber security across IT, OT, cloud, and end user devices. As both cloud adoption and cloud security risks continue to grow, this proactive approach is critical to business continuity.

To build a proactive stance, businesses need to understand the threats they’re likely to face – past, present, and future. Threat intelligence is vital in enabling IT teams to quickly detect and respond to active threats in the cloud. With the right strategy, based on threat intelligence linked to managed detection and response (MDR) and supported by ethical hacking techniques to test defenses, companies can ensure they are fully armed in the face of evolving cloud-based threats.

Organizations that have a proactive cyber security posture also understand that attacks are inevitable, they focus on how quickly they can identify, detect and respond to those attacks in addition to compartmentalizing any successful attacks and having confidence in their ability to resume systems in a timely manner if negatively impacted.

We feature the best encryption software. (opens in new tab)

Scott Nicholson, Delivery Director at Bridewell Consulting.

He is an experienced Cyber Security and Privacy leader that has operated across public and private sector organisations globally.

Scott is Bridewell's Delivery Leader and brings a significant amount of experience within the information security and data privacy profession.

He also provides security leadership services and operates as Data Protection Officer (DPO) across a number of our key clients in different industries. He is also a Fellow of Information Privacy (FIP) with the IAPP and actively involved in driving privacy improvements in the industry.

He has delivered security and privacy solutions on a global scale within a number of sectors such as central government, police, financial services, retail, oil and gas and has also worked with a number of software development companies, cloud service providers and some of the largest hosting companies in the world.

He is responsible for the delivery and growth of our Cyber Security, Information Security and Assurance, Privacy, Penetration Testing and managed security services portfolio.

He has operated across a number of industries providing a vast mixture of leadership and hands on technical delivery of solutions to deliver compliance programmes such as ISO27001:2013, PCI DSS, NIST, Cyber Essentials Scheme, PSN, PSNP and CESG (now NCSC) guidance.

He is extremely passionate about cyber/information security and privacy, in particular when it comes to delivering a high quality service for Bridewell’s clients both when he is involved in delivery of a service himself or when he is overseeing members of the Bridewell team.

He has spoken at various security and privacy events across the UK, written a number of published articles on key concerns in the industry and was also part of an important cloud security publication in the Sunday Times