Cloud Computing architectures and environments have consistently been replacing legacy, on-premise IT infrastructures. This mass-scale move towards the Cloud has not only increased the footprint of cloud deployments but has also added complexity as a result of Hybrid and Multi-Cloud architectures.
On top of all this, the prevailing cybersecurity environment is far from tranquil. We currently find ourselves in a very hostile and volatile cybersecurity environment. Cyber threats, be it viruses, malware, phishing, ransomware, or more, are getting stealthier and more damaging with every passing day.
Last, but not least, we are increasingly witnessing “regulatory tightening” around Cloud Computing solutions and environments. When we sum up all these elements into one, what we are left with is a cyber security challenge of massive proportions. With so many disparate elements to secure, which could have different origins, things can get quite complex, really fast.
The roadmap, tools, and mechanisms that an organization or even a service provider adopts to secure present-day cloud environments can be dubbed “Cloud Detection and Response” or CDR. Even as we write this post, this is still an evolving subject and many organizations as well as professionals are still “getting their heads around this idea”.
In this post, we will try to outline the extremely important elements of an effective Cloud Detection and Response (CDR) mechanism, and how to achieve same.
What is Cloud Detection and Response (CDR)?
In terms of defining CDR itself, we can further divide this term, or discipline into two different areas, which are:-
- Establishing effective, timely, and accurate means for detecting as well as responding to potential cyber security threats or events targeted towards cloud environments.
- The term CDR also incorporates all those Cloud-based tools and mechanisms as well, which are providing any sort of assistance to organizations in the area of CDR.
Now, let us move toward the mechanisms that an organization needs to adopt, so it can resurrect an effective CDR mechanism for its cloud environment(s).
Outlining the Where, When, and How of CDR
This is the step where any deploying enterprise “takes stock” of its current situation, which includes answering questions like which sort of cloud environment the enterprise has, what are its specific threat vectors, and how the enterprise sees its cloud environment evolving in the near future.
Once this step has been accomplished, the enterprise will start prospecting for Cloud Detection and Response (CDR) providers/vendors. It is always good to have more than one option “on the table”, so an objective comparison can be made in terms of the capabilities and costs of each possible CDR solution.
Choosing the Optimal Approach
This is an area where it will all boil down to the specific industry, and needs of the enterprise that wants to deploy a CDR mechanism. There are two main ways of approaching this step, which include:-
- Setting up CDR mechanisms, such as logging and monitoring of information as well as data, at the Cloud Service Provider (CSP) level.
- A more granular approach to CDR would be to take all these logging and monitoring mechanisms right down to the level of each workload deployed in the Cloud.
It is quite obvious that the latter approach is both complex and resource intensive, but some sensitive workloads or processes might necessitate this approach. So far as most other cloud infrastructures are concerned, deploying a CDR mechanism at the Cloud Service Provider (CSP) tier should initially get the job done.
Sourcing the CDR Solution
Once the cloud environment has been mapped successfully, and the deployment tier has been defined, comes the equally crucial step of sourcing the CDR solution itself. This is yet another area where the deploying enterprise can choose the best alternative at hand.
The first option is to approach an entirely external entity, other than the Cloud Service Provider (CSP) itself. However, this external entity should specialize in CDR capabilities. The upside of choosing this option is that an entity that solely performs CDR functions should, on paper, be more capable than the option we are about to discuss below.
Another simpler course of action would be to reach out to your existing Cloud Service Provider (CSP), or Managed Services Provider (MSP), and seek its assistance to provide CDR capabilities as an “add-on” to the existing service stack. Now, the up-side of choosing this option would be that the existing CSP or MSP would have a much better understanding of the Cloud environment, making the CDR deployment easier and quicker.
However, choosing an “external set of eyes” could benefit the deploying enterprise by bringing in a whole new perspective to the existing cyber security, incident detection, and response mechanism. The final decision, however, should rest with the deploying enterprise, in light of its unique circumstances and limitations, if any.
Where Does Your Existing CSP or MSP Stand on its CDR Roadmap
Cloud Detection and Response (CDR) is something that CSPs and MSPs alike, are catching up to, really fast. So, it is quite possible that by the time your enterprise decides to “take the leap”, your existing CSP or MSP may already have something related to CDR in store for your enterprise.
However, there needs to be an objective comparison of choosing the CDR of your incumbent CSP or MSP, and going all out for an external CDR provider. We have already covered the pros and cons of each, in our previous point.
Integrating CDR with Your Mainstream Cloud Security
After all the above steps have been performed, including the choice of CDR provider, comes the conclusive, yet all-important aspect of integrating this CDR solution with your existing cloud security posture management solution or mechanism.
This step will immensely improve, rather than magnify your existing Cloud Security Posture Management by delivering even better visibility and insights on the cloud environment. The data and analytics of both, once combined, could un-lock entirely new areas of keeping the cloud deployment at bay from cyber threats that are lurking around.
Conclusion
There are no two opinions that Cloud Detection and Response (CDR) is still an evolving discipline. However, given the complex and stealthy nature of present-day cyber threats, there is no room for complacency.
No matter what course of action an enterprise adopts for CDR, this is something that needs to be given immediate attention. Contact ATSG dinCloud, which not only offers cutting edge Cloud Computing solutions but also offers advanced monitoring and analytics into your entire cloud environment via its Cloud orchestration and management portal, dinManage.