Can an organisation responsibly entrust their most sensitive data and workloads to a cloud service provider without losing visibility and control?
Must you risk trading security for convenience in a hybrid and multi-cloud environment?
These are the kind of questions that will crop up in mind when moving your assets to the flexibility and decentralised nature of a cloud environment.
As organisations move to the cloud, Diana Kelley, Microsoft’s Cyber Security Field CTO, told TechRadar Middle East, that they [organisations] don’t have the same kind of visibility they had on-premises but that does not mean they don’t have visibility.
Microsoft has two data centres in the UAE – one in Abu Dhabi and one in Dubai.
“You can tap all of your traffic on the network when you are in an on-premise environment but when you move to the cloud, you are on a shared environment,” she said.
With the right planning and cloud partner or partners, she said that even highly sensitive assets can be transitioned to the cloud in a secure and trusted manner without losing visibility and control.
“We give companies ways to get visibility into what is happening with their apps and data in the cloud in many different ways. One way is through Microsoft Graphs and Intelligent Security Graphs, these are trustful APIs that organisations can see their part in the cloud.
“Then, we have Azure Security Centre that does the inventory of the systems running in your tenancy and will tell you how many of those Linux or Windows, what is the patch level and what is the configuration levels are,” she said.
Moreover, she said that Azure Security Centre gives another layer of visibility such as compliance manager, which is integrated into the Azure and can report on the compliance status and “we also have Secure Score, where organisations can understand the current ranking of their configuration within Azure and compare that to similar organisations by size and protocol”.
But, she said that what is right for one organisation is different for other organisations.
“You can get visibility in the cloud but it is a different model from what was on on-prem. Within Office 365, you can know who touched the apps and which document in One Drive, who sent the document to whom and who was able to access the document, whether it is from inside or outside. There is a lot of rich reporting, audit and tools that are available now,” she said.
Reduce exposure to vulnerabilities
When asked whether a company can get 100% visibility, Kelley said that it all depends on each use case and “we work with each organisation to make sure they get the visibility they need. We are constantly improving our solutions based on customer needs”.
However, she said that companies can certainly do a significant amount to reduce their exposure to vulnerabilities and make their organisation fit by doing vulnerability test or run Secure Score to know where they stand and run multi-factor authentication to raise the bar for the attacker.
“If you can make it very expensive to attack your company, then, in most cases, the hacker will move on to the easier and softer targets. We work very hard with organisations to give them a view of what they can do to deploy securely. In Azure Blueprint, it gives guidelines for security in Azure and also has CIS Benchmarks that give companies a set of control that can be set within Azure to help them become fit,” she said.
The US company has deep data insights from the 6.5 trillion security signals that they analyse every day to track and analyse software vulnerabilities, exploits, malware, unwanted software, and attacker group methods and tactics.
“We have been able to catch every malicious activity in endpoint in milliseconds and block that in the cloud. There is so much data to reason over as we look at using machine learning (ML) and it has increased our pinpoint accuracy to reduce false positives and reduce the number of alerts and focus on true problems and potentially impactful activities that are going on within the organisation,” she said.
Machine learning is bearing fruit
Kelley said that ML is bearing fruit but one size doesn’t fit all and it is not perfect yet but without doubt, it is one of the linchpins.
“The threat model and the security architecture of the future need to be taken into account as we use ML and, at the same, hackers are also using ML. As the technology continues to develop and so the defences for the technology will also develop,” she said.
Machine learning and AI, she said will become a normal part of security strategies.
“We have 6.5tr data sitting right now and it helps to have ML and AI bots as additional advisors for hunting the bad guys but we strongly believe that ethics will come into play and also have responsible AI and seven components of ethical AI – fairness, reliability and safety, privacy and security, inclusivity, transparency, and accountability,” she said.
“If we don’t think about the ethics of AI, it is quite possible that things are going to be biased. We look at the diversity of the teams that are involved with the AI. There are security scientists but as we are designing the model, we can get lawyers, sociologists and privacy experts involved and how it will impact the person who is using it. We take it very seriously,” she said.
Designing an AI to be trustworthy, she said it requires creating solutions that reflect ethical principles that are deeply rooted in important and timeless values.
Hackers to go after IoT devices
The CTO expects to see more use of AI by the attackers and going after the IoT space.
She said that the bad guys are obsessed with data and there is no better source than the interconnected IoT devices.
So, she said that each IoT device should be protected and deployed in a highly secure manner but does not mean that it has to behind a firewall.
The beautiful thing about the cloud, she said is that organisations can see the activity around the world. “Instead of an attacker figuring out a technique that works in one country and then deploy that technique in multiple countries, we can see that techniques and pieces of malware and malcode [malicious code] and be able to send that information around the world very quickly,” she said.
The cloud is a great bit of “security wisdom” about attack techniques that are occurring and they can go and hunt for the culprits before they cause a serious amount of damage, she added.