The 2020 SolarWinds cyber attack is widely considered one of the worst security incidents in recent years and — after the smoke clears (investigations are still ongoing) — will likely take the prize for the biggest cloud security failure in history.
With Microsoft, Cisco, Intel, NATO, the U.K. government, the U.S. government, the European Parliament, and thousands of other high-profile customers falling victim to the attackers, the incident illustrates how security failures in today’s integrated cloud environments can have such a devastating and widespread impact, catching even the most well-protected organizations off guard.
Cloud security failures on several levels ultimately led to the successful supply chain attack. Initially, cyber criminals were able to infiltrate SolarWinds’ internal systems by first compromising its Microsoft 365 email services and Azure cloud infrastructures. This ultimately led to attackers being able to move laterally through the cloud, accomplishing their mission to hide malware in SolarWinds software updates to customers.
Amazon Web Services (AWS) also came under fire for enabling the cyber criminals to utilize its infrastructure-as-a-service (IaaS) resources to carry out the attack. This reveals an interesting facet of cloud security that makes it unique from other cyber disciplines: with instantly provisioned and scalable IT resources, effective cloud security becomes not just a matter of protecting the business from being attacked — it’s also about not being used unwittingly to attack others.
Cloud Security Today
With the rise of software-defined networks (SDN), DevOps, and cloud automation platforms, the line between application and infrastructure security has been gradually blurring.
For this reason, cloud security is a unique discipline, as traditional security approaches fail to keep up with rapidly evolving agile environments and DevSecOps processes. Developers working in cloud-based environments frequently use containerization software, like Docker, for application portability as well as Kubernetes to orchestrate (e.g., spin up/down en masse) and cluster those containerized applications.
These environments specifically require cloud security solutions versus traditional security platforms designed to protect on-premises IT networks and assets.
Additionally, with many enterprises using a mix of public cloud-based infrastructure/apps and private cloud or on-premises IT assets, hybrid cloud security is also a rapidly growing space.
Cloud Security Market
The global cloud security market is worth $34.8 billion in 2021 and is expected to hit $67.6 billion by 2026, increasing during that period at a compound annual growth rate (CAGR) of 14.2%, according to ResearchAndMarkets.com.
The shift of the global workforce to the home office — and subsequently the public cloud — has resulted in a spike in cyber crime as malicious opportunists seek to prey on less-experienced internet and email users as well as enterprises as their IT and security staff are busy transitioning to a global remote workforce.
Benefits of Cloud Security
In the past, cloud security solutions were primarily designed to address the needs of cloud-native applications and/or virtual infrastructures.
Newer cloud-based offerings provide unified security management and orchestration for both on-premises networks and cloud infrastructures.
Not only does this streamline administration and allow for cloud-based management of on-premises IT resources, it also enables organizations to leverage the metered resources to quickly scale up protective measures against active cyber attacks or malware campaigns.
See more: Key Cybersecurity Trends 2021
Cloud Security Use Cases
Public cloud providers such as AWS, Google Cloud, and Microsoft Azure enable developers to quickly spin up the virtual infrastructure resources needed to build their applications on top of the cloud.
This makes modern software development arguably the most prominent use case in the cloud security space. Indeed, several vendors market products on the cloud application side of affairs — most notably cloud access security broker (CASB), container security, and zero-trust access solutions.
Secure access service edge (SASE) in particular has seen a dramatic increase in adoption during the global pandemic, mainly due to the massive shift toward working from home.
With employees using unmanaged devices to access corporate IT environments in droves, the limitations of legacy virtual private network (VPN) and traditional remote access quickly manifest themselves in poor application performance, availability issues, and the emergence of security gaps.
Use cases abound for general enterprises looking to leverage the cloud for providing remote workers a more secure, rapid response to corporate network resource demands.
Cloud Security Vendors
The following are 10 leading cloud security vendors, from cloud security monitoring services to security for hybrid cloud environments:
Halo, Cloud Passage’s flagship platform, improves the security of private/public/hybrid cloud deployments by automating cloud security and compliance controls.
Forcepoint develops secure access service edge (SASE) solutions, among others, as well as a cloud access security broker (CASB) solution: a cloud/on-premise hardware or software device that sits between users and cloud service providers to monitor for security issues.
Now a part of VMware, Carbon Black offers a cloud-native platform for endpoint protection. The solution features a wide array of features, from threat hunting to its next-generation antivirus (NGAV)—AI-powered malware detection/prevention..
CrowdStrike was the first to develop a cloud-native platform for endpoint protection and data breach detection. Other features include custom tailored threat intelligence and advanced malware detection.
Acqua focuses on security monitoring for cloud environments—virtual and serverless infrastructure, microservices, containers, and more.
Security behemoth Check Point made its entry in the cloud security arena with its CloudGuard platform for public cloud security. The solution provides threat protection and security intelligence for public cloud services such as Amazon Elastic Kubernetes Service and Amazon Elastic Container Service, to name a few.
Palo Alto Networks
The recent acquisitions of Twistlock and Puresec position Palo Alto Networks solidly in the container and serverless security space. Leading cloud-native app developers have already found these two vendors’ offerings indispensable; now, they’ve joined the cybersecurity giant’s lineup of leading solutions, from the cloud to the edge.
Qualys offers a platform for cloud security that includes cloud agents, scanners, sensors, SaaS connectors, and more for comprehensive visibility and insights regarding potential security gaps and vulnerabilities.
Zscaler is focused on developing cloud-native security solutions such as its Zscaler Internet Access—a security stack as-a-service delivered completely via the cloud, and Zscaler’s Private Access (ZPA), a cloud service that enforces zero-trust access for private applications in the public cloud or on-premise data center.
A leader in identity security, CyberArk is known for its Privileged Access Manager, designed specifically for mitigating account exploitation risk in AWS public cloud/hybrid environments.
Incidents like the SolarWinds data breach illustrate how integral cloud security is to the software ecosystems of today.
In an age of software as-a-service (SaaS), integrations, and APIs, enterprises must adopt a layered cloud security strategy leveraging some (or most) of vendor technologies.
Cloud security solutions must also be multi-faceted and capable on several levels: to protect the growing number of hybrid cloud deployments as well leverage AI/ML to counter increasingly sophisticated cyber attackers.
See more: Top Cloud Security Companies & Solutions