Data Cloud Security: Rethinking Cloud Security Through the Lens of Data
Putting Data and Identity at the Heart of the Cloud Security Program
It’s safe to say that 2020 has been a pivotal year for cloud security. Like no other factor before, the global pandemic forced organizations to accelerate their digital transformation projects. Sometimes by choice, but often by necessity, more organizations embraced remote work and the vast cloud ecosystem that enables it.
Not surprisingly, with more companies adopting the cloud, the market has been strong for cloud security. Cloud Access Security Broker (CASB) vendors, for instance, enjoyed a whopping 30% growth rate in 2020, signaling a much stronger demand for cloud security in contrast with the overall enterprise IT spending. And yet, the state of security isn’t necessarily improving at an equally impressive rate: the cost of a data breach remains as high as ever, and the data breaches themselves continue to make headlines. Could it be that the approach we’ve been taking with cloud security continues to lag behind the reality of the threats?
We’re not the only organization to ponder that question. In their latest presentation, titled “You’ve Got Cloud Security All Wrong — Why Identity and Data Security Are Paramount in a Cloud World,” Gartner’s David Mahdi and Steve Riley looked at the issue in depth and pointed out the problem that we’ve also observed in too many organizations: enterprise IT is no longer a fortress, and yet too often it continues to be protected as if it were.
We see this “fortress thinking” in action almost daily. While much of their data has already left the premises of the physical location, organizations continue to invest in securing the perimeter. Users have already dispersed beyond physical office locations, but security teams continue to double down on network monitoring and protection. Traditional desktop computers have long been replaced by a myriad of mobile devices, accessories, and applications, but practitioners remain committed to legacy endpoint security technologies.
There’s no doubt that the cloud—just like any other innovation—introduces new challenges to security teams. However, cloud security is only complex if you think about it through the lens of old tools. If we go back to first principles, we’ll see that security has always been about ensuring that your data stays in the hands of the right users. In the on-premises world, the easiest way to protect those two was building a wall in front of them and monitoring every gateway.
Luckily, cloud security can be simpler than that. Instead of numerous layers of defenses, why not stick with our principles and focus on the people and data themselves? With proper Identity and Access Management (IAM) controls, organizations can check that the right person stands behind every action undertaken in their environment. And with the right data controls, they can observe each data access attempt and event, decide how valid it is, and notify security teams of unauthorized or anomalous behavior.
If you think this sounds too easy to be true, you’re right. Your sensitive data no longer lives in a single database—instead, it’s dispersed across tens and hundreds of databases, data pipelines, and warehouses. That renders native data controls too complex and too siloed to use at scale. Besides, the data is now accessed not only by specialized information workers, but also by data engineers, data scientists, contractors, applications, services, and other tools. This raises technological complexity.
This complexity points to the crux of the cloud security challenge: its two cornerstones—identity and data security—are mature individually, but siloed when working together. You will notice that this problem has largely been solved at the application and infrastructure layers: all the leading IAM solutions use the proven SAML/OIDC controls to deliver granular access to every possible asset. In the data cloud, however, the same SAML/OIDC controls no longer work in a uniform fashion. Besides, monitoring any activity at the data layer typically involves proxies or agents that inevitably introduce latency issues. So how do you deliver identity and security to your data in the cloud?
Not coincidentally, this is the problem that we focus on at Cyral. With Cyral, you can seamlessly integrate your identity management and data observability together. For a typical security practitioner, this means that, at any given time, they can observe any data access attempt on any repository and see the full user context. Any access attempt invokes an instant matching of the user with their IAM groups, a reference to a single source of policy rules, and the delivery of a password through a password storage solution. All data sources are monitored in real time, with no impact on performance, and a single, rich source of logs is available for audits, compliance, and forensics. Left behind are the shared credentials, multiple disconnected log sources, and data accesses that bypass security checks—in other words, all the things that tend to be exploited by the attackers.
The result? The right users have access to the right data, at the right time, to deliver the right business outcomes.
It’s been rewarding to see Gartner echo our views. We are convinced that combining identity and data is the future of cloud security. At Cyral, we have proven that it is possible, and look forward to seeing more organizations join the movement.