Any Corporation with a digital presence needs a Cybersecurity strategy in place so that it can protect its customer data, employee records and business information from the ever growing Cyber threats. Corporations in a hyper growth mode need to build new features and solve problems in a fast paced manner so that they can continue to gain customers. Cloud Service Providers (CSPs) and SaaS services have empowered entrepreneurs to launch new products and features fast, scale rapidly and expand globally at will. In this race for shipping the next cool feature, the CyberSecurity programs become after the fact efforts for many of these organizations. While it’s important to launch new products and features fast to gain more customers, it is also necessary for companies to mature their Cybersecurity programs rapidly. Nothing burns customer trust faster than a security breach.
There are two key challenges these companies face which deter them from operationalizing their cybersecurity programs rapidly.
- Prioritize what needs to be protected first.
- A scalable solution for ingesting and analyzing security data.
Prioritize what needs protection:
While there is no end to what needs to be protected in an Enterprise, the following approach can help bootstrap what needs to be protected first and how. The key question you should ask is what security risks are outstanding in your Enterprise environment? The way you can determine that is by identifying which information is critical for your business, if compromised can put your business at risk. What assets hackers can use as entry points to get to that information. For a Cloud first and SaaS first company the following is a list of assets that will require protection.
Cloud resources: Major CSPs like AWS, Azure and GCP operate in a shared ownership model. As a result, the owner of the Cloud infrastructure is responsible for keeping them secured by configuring the recommended security controls, running secured applications in them, patching compute instances when needed and managing access effectively. Cloud Security Posture Management solutions can help manage cloud resources effectively. These tools can provide 100% visibility to your cloud resource inventory, identify any security misconfigurations, detect vulnerabilities and alert on over-permissive access. In addition to monitoring, there needs to be an alerting and remediation mechanism which can mitigate security issues within a predefined SLA once they are detected.
Devices used to access corporate systems: Internal employees continue to be the primary entry point for major security breaches across the board. So it is necessary for any organization to manage the devices/endpoints used by the internal employees effectively. Using an MDM solution can help manage these endpoints/laptops. Having anti-virus and anti-malware tools running in them will help identify any virus or malware. It is necessary to scan these devices for any Software vulnerabilities and patch them as necessary. In addition to physical devices, teams might be using virtual endpoints like VDIs. They require similar security scrutiny as well.
SaaS services: SaaS services have become extremely popular for IT organizations to provide back office support to their Employees in a large gamut of use cases spanning across HR, Finance, Sales, Customer Support, Security and Engineering. SaaS services like Salesforce, Workday, Github, GSuite and Jira have become integral parts of day to day operations for many organizations. Key areas to address in this space are access provisioning and deprovisioning for employees, Privileged access management and Integration of these Apps with other critical Enterprise systems. Using SSO for access provisioning and deprovisioning can ensure employees don’t have access to these Apps post their departure. Implementing a Just in Time (JIT) access and limiting the number of admin users to bare minimum will ensure only the right folks have access when they need it. In addition, using a SaaS security posture management solution to detect whether SaaS applications are configured with the right security settings is necessary. Having a strong vendor risk management process and a security review process while onboarding these SaaS services is required as well.
Implement a scalable solution for ingesting and analyzing security data
Once we know what needs monitoring and which tools to use for monitoring, it is critical for the teams to determine how they can leverage the rich data generated by these tools. Enterprise Security teams should move away from the traditional methods and adopt modern scalable security data lake architecture for implementing the entire solution. Security data lake is the backbone for the security monitoring and alerting solution. Following are three critical features that a modern security data lake must provide.
Break Data Silos: No single tool can provide the security monitoring that an Enterprise Cybersecurity function needs. Hence, Corporations are bound to onboard multiple security tools to get the full picture of their security posture. This results in each tool creating a data silo for its own area in its own data store. Security Data Lake should enable these tools to store customer’s security data in the customer environment/data store in the format that the customer wants. This will facilitate the Enterprise teams to have their data in one place and in form the way they need without the need to move the data from the Vendor’s environment to the customer’s environment.
Low Data Ingestion Overhead: Traditionally, 3rd party security solutions store their customer data in their datastore and enable customers to ingest through API calls. This puts the burden on the Enterprise Security teams to build a mechanism to ingest data and then merge them to extract meaningful analytics every time they onboard a new security solution. As a result, data ingestion becomes a bottleneck before the tool can be fully functional. This problem can be eliminated if the security data lake can facilitate a 3rd party solution to store data in the customer’s data store directly. In addition, if the security data lake has an echo system of partner apps already in place, onboarding new solutions becomes extremely seamless for Enterprise Security teams.
Custom Analytics: Security data lake should facilitate Enterprise security analytics teams to build custom analytics with the data coming from multiple sources. This can be achieved if the data lake architecture supports data sharing between multiple tools in a seamless fashion. Enterprise security teams need their security metrics and dashboards in a single place instead of using multiple dashboards from multiple vendors.
Conclusion:
Enterprise Cybersecurity teams continue to struggle in keeping up with the fast paced environment of the engineering teams. Soit is important to use modern technologies and tools that provide a platform where the Cybersecurity teams can implement monitoring solutions in a much faster fashion than what they were able to do traditionally. Modern data cloud platforms like Snowflake, through its connected Apps model and secured data sharing mechanism has empowered InfoSec teams to implement effective Cybersecurity programs in a rapid fashion.