Taking a closer look at the unique security risks facing companies in this era of cloud computing, we spoke to Glasswall’s very own Matt Cavey, Director of Cloud Architecture, about challenges, compliance and integrating CDR.
Q - What are the most common cybersecurity challenges that companies encounter in the cloud environment?
A - I think the cloud environment is a very rapidly evolving domain and one of the biggest challenges is keeping up to date with the expansion. How do you keep up with that expansion from a visibility and control perspective? Within the cloud – particularly a misconfigured cloud environment - access could be gained at the very centre and result in the kind of data breaches we have seen over the last few years.
The ease at which the cloud can be utilised has to be matched with the control, observability, and protection, otherwise gaps will emerge.
Q - How does the cloud introduce unique security risks compared to traditional on-premises infrastructure?
A - The most obvious difference is that in the cloud, much of the infrastructure is shared, rather than having physical control. Being in the cloud, its threat exposure could come from anywhere. It is no longer good enough to rely on securing the perimeter of an organisation because it is no longer just a server room in a single location. While the cloud vendor will handle large amounts of this risk on your behalf, organizations need to ensure proper configuration management and follow best practices to reduce the risk of misconfigurations.
We are starting to see effective implementation of clear boundaries in cloud infrastructure, in a similar way air-gapped server rooms used to provide. These trust boundaries are where Glasswall’s products come into play – by getting files to flow from low trust to high CDR provides an effective means of crossing into more secure environments. Our upcoming new product offering, Constellations, directly targets this use case by helping organisations process large quantities of files across trust boundaries.
Q - How do compliance and regulatory requirements impact cybersecurity practices in the cloud, and what challenges do they pose?
In my experience, the biggest challenge when it comes to compliance is interpreting the regulatory requirements in order to successfully implement them in a dynamic cloud environment – which often wasn’t the intended environment when the controls were created. If you misinterpret them, you risk falling foul of compliance – but if you interpret them too literally, then your organisation is going to struggle to function effectively. There are so many layers to cyber security and compliance is often achieved through the clever application of multiple layers, whilst allowing normal business operations to continue.
If your regulatory compliance comes at a cost to productivity, you will find employees tend to try to find ways to make their lives easier by relaxing rules or punching holes in security to avoid controls.
An example here would be access control. My background is software development and in the past (in on-premises locations), developers were given elevated permissions so that it wouldn’t impact their operational effectiveness. When a company tries to implement controls to comply with regulations, and operational barriers are encountered, the instant reaction is to elevate permissions permanently. However, a compromise of implementing JIT access controls would allow compliance with regulations with minimal impact on operational effectiveness.
Q - What considerations should organizations keep in mind when integrating Content Disarm and Reconstruction (CDR) into their cloud infrastructure?
A - CDR provides a very robust line of defence against file-based threats and you can be very absolute – if the file has been regenerated to the strictest policy, it can be trusted.
But real-world environments are not usually that absolute, so when it comes to integrating CDR what you must do is understand and manage your risk.
This risk is within the file – for example – is there active content in the file that is required for your organisation to operate? Does everyone in the organisation need it – or just a few? You can use policy settings to manage this risk and remove active content for only users that require it.
But risk is also outside the file; for example, does your document workflow have niche document types that Glasswall doesn’t yet support, do you block them? Or do they still need to enter the organisation? This is where CDR can be used as a complementary solution to sandboxing and antivirus software. CDR provides fast zero-day protection against a wide range of document types. Sandboxing of a file has a cost and adds much more latency to document workflow than CDR, and antivirus being signature-based means that it lacks the zero-day protection that CDR offers. But by using each technology to its strength – fast zero-day protection of most files by use of CDR, in conjunction with other techniques whilst remaining operationally effective is the best way to manage risk.
Q - How does the rapid pace of cloud technology evolution affect companies' ability to maintain strong cybersecurity measures?
Cloud technology is constantly evolving, therefore the security setup of your organization must follow suit to avoid a skill gap forming. It requires specialized knowledge to configure and manage the security controls provided by cloud service providers, and losing touch with the latest and most secure methods increases the risk of not being secure. This can be through misconfiguration, falling behind on patch management, or having vulnerable components within the environment.
Q - Can you explain the challenges associated with securing cloud-based APIs and integrations?
This is quite a deep question; it would be easy to just talk about authentication and whilst that is one part of it, it alone doesn’t make an API secure.
With an API call, you have data in transit that needs securing, so SSL/TLS should be used to secure that data during transmission.
I mentioned authentication which can be as simple as an API Key or using established frameworks such as OAuth 2.0. The client credentials flow closely coupled with authentication is authorization, making sure clients of an API can only access what they are permitted. These credentials are going to be needed by the integration to the API so keeping those secure is an integration challenge.
An API call is clearly communicating to a service, so the security of that infrastructure is in scope, especially if the data being handled is sensitive as well as any 3rd party services it uses.
The APIs in the CDR Platform have to provide answers to all these challenges. APIs and integrations need to be built with secure design principles, regular security assessments, and threat modelling to ensure that the challenge is being met.