Security for cloud and Saas - what does it involve?

Cloud and friends

Cloud, software-as-a-service, work-from-home, bring-your-own-device and naive users open up undreamt-of possibilities for criminals. Stolen trade secrets can be sold to competitors at a high price, ransom money can be extorted for paralyzed core systems, or unwelcome business can be torpedoed and permanently damaged. Geopolitical conflicts are not only fought militarily but also digitally. If a supplier's home country is on the wrong side of a conflict because it has a business relationship with the wrong side, the company itself quickly becomes a target and is indirectly drawn into the conflict: Digital warfare - digital warfare.

Germany is predestined for these invisible attacks due to its financially strong companies, its technology-heavy economy and its peace-loving people. The understanding of preventive security measures has faded into the background over the last 30 years following the collapse of the Iron Curtain. People have become accustomed to peaceful trade with the world. Self-protection or self-defense were felt to be unnecessary.

Loss of control

However, the technical opening of the corporate infrastructure is now forcing a rethink. Salesforce, ServiceNow, Microsoft 365, Workday, SAP S\4 HANA, AWS, Azure, Google Cloud and AI applications such as ChatGPT are unintentionally undermining the previous protection provided by firewalls, virus scanners and VPNs. A paradigm shift is necessary if you want to be protected. Infrastructure should no longer be seen as a necessary prerequisite for cyber security, as a company is no longer in control of it. Applications run everywhere, data is everywhere. Cloud and Software-as-a-Service are ubiquitous, "homeless" as it were. The cloud world is complex.

Data gold in the vault

Consequently, our protection efforts must be geared precisely to this new reality: It must be the data of companies must be secure and protected. Their use must be controlled and managed to prevent misuse and fraud. The infrastructure itself can no longer be the measure of all things. The focus has changed.

An effective security architecture comprises the following key points, which are hidden behind these new abbreviations and names. We will name a few providers to illustrate this:

• Identity and Access Management (IAM) - protection against identity theft (e.g. Octa, PingID)
• Secure Web Gateway (SWG) - protection against malware, phishing, espionage (e.g. Netskope, Palo Alto, Fortinet)
• Cloud Access Security Broker (CASB) - protection against unauthorized access to cloud applications and SaaS services (e.g. Netskope, Zscaler)
• Data loss prevention (DLP) - protection against unauthorized theft or use of data (e.g. Netskope, Forcepoint)
• Extended Detection and Response (XDR) - protection against all types of attacks on end devices and services (e.g. Crowdstrike, Sentinel One)

These five components - to which others can be added if required, such as Cloud Security Posture Management (CSPM) for APIs, containerized or serverless applications - should be linked via automated orchestration so that the administration of this solution is reduced to a minimum. An attack happens quickly, so action must be taken immediately. The best way to do this - in fact, the only way to do it - is automatically: Security Orchestration, Automation, and Response (SOAR) is the right term for this.

Patterns of success

These system components are flanked by architectural principles such as Zero Trust Network Access (ZTNA) or Secure Service Edge (SSE). Every access and every action is checked, authorized and logged, because the "enemy" on the World Wide Web can hide behind any "mask" - even that of an employee or service provider. Security Information and Event Management (SIEM) solutions make anomalies and attacks transparent and provide indicators for appropriate measures.

Of course, existing security systems such as firewalls, virus protection solutions or VPNs are integrated. Not everything needs to be replaced. However, it is essential to be aware of the protection requirements of your data and applications in order to then implement a tailor-made security architecture with correspondingly effective and harmonized components. Otherwise you will only be spending money.

Automated defense

By automating the orchestration and implementation of measures, company managers and employees can go about their work with a clear conscience, without having to worry about the countless media reports on extortion, hacking and destruction by cyber criminals. This also keeps staff deployment and costs manageable.

If you ignore this risk with the motto "the cup will pass me by", you should have good liability insurance (D&O) and sufficient provisions for the event of damage. After all, it's not a question of whether a hacker will knock on someone's door. It's just a question of when, with what success and what consequences.

Don't let it get that far. The effort and costs are manageable and worthwhile; moreover, not everything has to be done at once. Or do you leave the house without locking up?

About Business Automatica GmbH:

Business Automatica reduces process costs by automating manual activities, increases the quality of data exchange in complex system architectures and connects on-premise systems with modern cloud and SaaS architectures. Business Automatica also offers automation solutions from the cloud that are geared towards cyber security.