Infosys TechCompass

Cloud security

Trend 6: Zero trust gains preference in integrated cloud security

Enterprises are increasingly adopting the zero-trust approach to make a next-generation, cyber-resilient cloud environment. This approach follows the principles of “least privilege,” “assume breach,” “verify explicitly,” and multiple security controls. Important controls include the following:

  • Cloud security policies or guardrails on cloud resources at various layers. These include root, subscriptions, accounts, management groups, resource groups, and staging environments, to have better security and governance.
  • Attribute-based access control (ABAC) model that uses attributes, rather than roles, to grant user access. It can control access on a more detailed level and it helps maintain dynamic control of conditional access policies after the completion of first-factor authentication. Conditional access isn't intended to be an organization's first line of defense for scenarios like denial of service (DoS) attacks, but it can use signals from these events to determine access.
  • Microsegmentation for creating network zones in cloud environments to isolate workloads from one another and secure them individually against protection of east-west traffic. It reduces the network attack surface, improves breach compliance, and strengthens regulatory compliance.

An American multinational food company wanted to migrate its applications to Google Cloud Platform (GCP) with the utmost security. Infosys was selected as its cloud infrastructure and security partner. The company followed the zero-trust security architecture to implement end-to-end cloud security solutions for better cyber resilience and error-free cyber protection. The entire service included setting up cloud guardrails, access controls, network segmentation, data protection, and security logging.

Cloud security

Trend 7: Holistic security becomes prominent for a safe multicloud environment

Companies are using multiple clouds to meet business continuity and disaster management requirements. This enables them to use the bestsuited cloud services based on specific requirements. While cloud adoption has intensified, it is crucial to strategically work on minimizing associated cyber risks. Integrated cloud security platforms help organizations establish secure environments while working with multiple clouds. These platforms consist of various functionalities such as cloud security posture management (CSPM), cloud workload protection platform (CWPP), cloud infrastructure entitlement management (CIEM), vulnerability management, etc. This enables businesses to perform the following:

  • A shift-left approach to security, which ensures real-time management of cloud assets, inventory, cloud security posture, and vulnerability.
  • Unified threat management for multicloud assets, including, virtual machines (VMs), PaaS components, containers, and functions.
  • Periodic reviews of identity to ensure reconciliation.
  • Cloud microsegmentation to create network zones in cloud environments; this helps in isolating workloads based on their functionality and cyber criticality.

There is a caveat, though. Holistic security requires a highly talented workforce, but security experts are in short supply. Seven out of 10 software developers are expected to write secure code, but less than half receive adequate training. And the shortfall of security workers is projected to be 1.8 million this year alone. Even more, firms will have to do six things well to contend with the current climate for cybercrime. First, a security architecture review process should be set up for all systems that firms develop or procure from third parties. Second, they must also conduct threat modeling for complex projects. Third, every person in the organization must undergo security awareness training, particularly in multicloud authentication environments. Fourth, only security-tested, legally vetted open-source components should be used by development teams. Fifth, DevSecOps should be used in software deployment, fusing business, development, testing, infrastructure deployment, and operations. And sixth, and perhaps most important, the C-suite must be involved in the definition of “holistic secure-by-design” in the firm; to this end, the function of the chief information security officer should be empowered to make big decisions quickly.

A U.S.-based global technology company, which develops conversational commerce software, established an integrated cloud security platform. The platform can protect all cloud assets in the multicloud environment, identify misconfigurations, and secure containers and VMs to provide a compliance score. The solution has fortified the company's multicloud platform against cybersecurity risks while ensuring that it meets regulatory requirements.