Asaf Lerner | Director of Product Management
As organizations increasingly migrate their data in the cloud and leveraging cloud-based apps and services, they are faced with new security risks and challenges. Access security to data in the cloud is a top concern for all organizations. Strong identity and authentication management is the cornerstone of mitigating threats in the cloud, such as unauthorized access, account compromise, and costly data breaches.
Don’t place all your eggs in a single basket
At the same time, cloud service providers have launched security solutions that promise to help businesses address these concerns. However, placing all your security eggs in a single basket is not such a good idea as it may sound. Adversaries can take advantage of threats and vulnerabilities in the cloud provider to easily move laterally undetected into your corporate infrastructure, exfiltrate or compromise data, and disrupt operations.
However, businesses can avoid these security gaps. The shared responsibility concept of cloud security is a great tool that organizations can leverage to examine other, alternate, neutral solutions to help them reduce the risks of selecting a native cloud security solution. Based on cloud security’s shared responsibility model, businesses can segregate their security duties from those of cloud service providers, bring their own security tools to avoid cyber threats, establish a strong access security posture and protect themselves against criminals targeting their corporate networks and data.
Considerations for selecting a neutral cloud access security solution
Before selecting a cloud neutral access security solution, organizations need to examine their operating and threat environment and consider the following:
1. Does the identity and access management (IAM) solution support a wide range of authentication techniques to create a barrier to your networks and data, should your cloud service provider get compromised?
2. Does the candidate neutral IAM solution meet your business needs and your regulatory framework? Pay special attention to data sovereignty and protection contractual clauses.
3. Does the access security solution allow you to secure diverse use cases and user authentication journeys centrally and flexibly?
4. Will the candidate access security platform increase your overall business resilience?
The 4 tangible benefits of deploying a cloud neutral access security solution
Why should organizations opt-in for a neutral cloud access security solution? Here are four tangible benefits to help you make a decision.
1. Be independent and avoid inheriting threats and attacks from the cloud provider.
If there is one lesson that we learned from the SolarWinds attack it is that the use of different methodologies or technologies, independent from the cloud service provider, can eliminate a considerable threat vector and introduce greater obstacles for adversaries. Considering that adversaries seek the easiest way to let themselves into corporate networks and move laterally undetected, placing an additional barrier and increasing the level of difficulty in doing so acts as a deterrent. Wrapping BYOS around the infrastructure and services offered by cloud service providers is a great security practice. You wouldn’t like your cloud provider to be your single point of failure, would you?
2. Control your own regulatory compliance regime.
The patchwork of privacy and data protection requirements is evolving and has a profound impact on how businesses should view data security. The Schrems II rule has created new challenges. For example, the Portuguese Data Protection Authority (CNPD) ordered the National Institute for Statistics to suspend the sending of personal data from the Portuguese Census 2021 to a cloud provider based in the United States. Businesses are required to adopt solutions that provide the required flexibility to operate under various jurisdictions. By segregating duties as well as opting for access security solutions that meet specific business use cases and compliance requirements, you can ensure that unwanted entities are unable to access your data and apps.
3. Control your own cloud security posture.
Although you can outsource your infrastructure and your data storage, you cannot outsource your security responsibilities in case of a data breach. It is always better to be in control and manage centrally and effectively your access security to your data. Reducing the reliance, and placing less trust on your cloud service provider, results in a reduced threat surface, and decreases potential of collateral damage because of exploited vulnerabilities on the cloud provider.
4. Avoid vendor lock-in
Opting for a cloud native security solution entails the danger of vendor lock in. Vendor lock in presents risks from a commercial, regulatory and threat perspective, which may increase the overall risk environment. In addition, native access security solutions may increase the complexity of your security controls, creating potential blind spots because of lack of interoperability across the multiple cloud platforms. As businesses are looking to reduce their exposure to business risks and increase resilience, segregation of duties is the best practice for strengthening their security and privacy posture.
If you want to learn why you should opt for selecting a cloud-neutral access security solution, like Thales SafeNet Trusted Access, I recommend you read the whitepaper "Owning your own Access Security".