While adoption of cloud technologies continues its ascension, trust in the Cloud is a cyclical sentiment. Several recent large-scale breaches within cloud environments, effecting over 100 million customers in total, have shaken this trust and re-stoked the world’s unease over data privacy and security that has forever simmered closely beneath the Cloud’s lining. Prominent news site headlines and social media are even re-debating the question: have some of us gone too far and too fast to the Cloud?
But, questions over our embrace of the Cloud are certain to be short-lived.
Is the Cloud more secure than on-prem? It depends. And that question requires more breadth and depth than this blog is intended to cover. Native cloud security tools are maturing and improving, as is the growing vendor ecosystem providing cloud tools. With that said, many gaps remain.
In his most recent article for Forbes, The Importance Of Session Management: Critical Buying Needs For The Cloud, BeyondTrust CTO & CISO, Morey Haber, zeroes in on a missing or incomplete piece of many cloud environments– session management and monitoring. Here’s an excerpt:
“Session monitoring is a critical capability for cloud environments to ensure security, auditability, and accountability. It is the only method to observe, document, record and detect inappropriate behavior when access is always initiated remotely. While other techniques can monitor other protocols or API-based access to the cloud, only session monitoring can capture the real-time behavior of interactive users and their interactions. And, if the users know they are being recorded (or shoulder surfed electronically), the deterrent alone may be enough to curb some malicious behavior or even innocent snooping.”
To reiterate, session monitoring and management is an essential cybersecurity capability for cloud environments that natively, is either not provided, or provided only in an immature, rudimentary form that is far out-classed by the modern solutions provided by third-party vendors, such as BeyondTrust.
The best of the third-party solutions can enable organizations to monitor and manage sessions at the scale the cloud demands—meaning hundreds or thousands of concurrent sessions. With cloud session monitoring, all text on the screen and keystrokes are recorded (excluding passwords) and inspected in real-time for critical pattern matches. Automated workflows can enable your solution to pinpoint an anomalous session and terminate it, or pause/lock the session until a determination is made whether or not that activity is appropriate. BeyondTrust also provides a critical list out-of-the-box for governing database commands, lateral movement, sensitive operating system commands, and other suspicious behavior.
Aside from security, session monitoring and management is important to have for your cloud environment because regulatory compliance mandates are increasingly requiring that certain types of sessions—such as privileged sessions on sensitive systems, have full auditability (logging, activity monitoring, etc.). Session monitoring provides the future documentation needed to review, analyze and determine if the session was authorized, contained malicious behavior, and was appropriately conducted
Here’s an abridged list of some key ways BeyondTrust solutions can help secure your cloud environment:
- Manage privileged access and enforce least privilege. Also, enables you to leverage native access control lists to secure remote access sessions from being initiated from inappropriate sources and users
- Monitor and manage cloud sessions and privileged activities
- Perform file integrity monitoring to ensure files are not tampered with, and to identify and alert any rogue activities
- Manage cloud IAM accounts to ensure access and credential rotation is adhered to in accordance to security policies
- Manage access to business assets that leverage web-based management consoles, including for Amazon Web Services, Azure, Google Cloud, VMware vSphere, Citrix XenServer, Microsoft Hyper-V, Microsoft Azure, IBM Softlayer, and Rackspace.
- Inventory and assess Amazon®, GoGrid®, IBM®, Rackspace®, VMware® and other cloud environments to discover assets (including IoT) and identify, prioritize, and remediate misconfigurations and other vulnerabilities.
Recent, negative publicity around cloud-related security incidents will incite many organizations to take a healthy pause and (smartly) review their cloud security policies and technologies. However, organizations that correctly scope their cloud deployments and identify and address gaps with enterprise-class tools will continue to reap the many benefits of the Cloud.
For a more in-depth overview and technical dive into how session monitoring/management can uniquely prevent and mitigate breaches in the Cloud, check out Morey Haber’s Forbes article here.
Matt Miller, Senior Content Marketing Manager, BeyondTrust
Matt Miller is a Senior Content Marketing Manager at BeyondTrust. Prior to BeyondTrust, he developed and executed marketing strategies on cyber security and cloud technologies in roles at Accelerite (a business unit of Persistent Systems), WatchGuard Technologies, and Microsoft. Earlier in his career Matt held various roles in IR, marketing, and corporate communications in the biotech / biopharmaceutical industry. His experience and interests traverse cyber security, cloud / virtualization, IoT, economics, information governance, and risk management. He is also an avid homebrewer (working toward his Black Belt in beer) and writer.