Shifting security perspectives crucial to preventing next major government breach

In the wake of several major security breaches—SolarWinds, Colonial Pipeline and JBS to name a few—the pressure is on for cybersecurity strategies to evolve. A devastating security breach can happen at any moment, at the hands of any user.

Take the December 2020 SolarWinds breach, where an initial phishing and account compromise was followed by a supply chain hack in which 18,000 customers downloaded affected software. This breach was made possible due to an implicit trust placed by all those customers on a monitoring tool, in this case deployed to monitor Office 365 product performance, which allowed the attack to gather data and expand to a web of users.

Cloud-based technologies offer highly valuable tools to increase agency efficiency and mission effectiveness—and their use is continuing to expand. The Deltek Federal Cloud Computing Market 2020-2022 report predicts federal cloud investments will reach $7.8B by FY 2022.

But cloud-based tools like Office 365 can easily become another vulnerable target and vector if not secured properly. From a cybersecurity standpoint, most legacy on-prem security tools aren’t prepared for the fast-moving nature of the cloud and leave gaps that are easy for bad actors to exploit. However, the new tools designed for the cloud and delivered from the cloud, such as Cloud Access Security Broker (CASB) and Secure Access Service Edge (SASE), offer greater visibility into the entire cloud ecosystem and bring a new perspective that will allow agencies to securely take advantage of cloud benefits.

Protect your agency with security solutions designed for cloud

In order to protect sensitive citizen data and confidential military information in today’s IT environments, agencies need comprehensive cloud security solutions and monitoring practices that defend against sophisticated cybercriminals. This means cloud-oriented approaches such as CASB and SASE solutions for their comprehensive monitoring capabilities.

CASB performs critical monitoring of cloud-based apps by monitoring how apps are communicating and the risks they possess, as well as detecting anomalies, including abnormal behavior or privilege changes. Changes in cloud environments often happen in real time, so it’s essential that monitoring for anomalies that can indicate a breach following the same timeline.

On the other hand, SASE enforces security policies in a manner tailored to identity, context and ongoing risk assessments. As a result, SASE secures access to your organization’s cloud network regardless of the location of the devices requesting access.

Together these approaches allow users to safely use cloud services with a view into risks that evolve with updates in the cloud. Especially as telework and hybrid work remain a regular part of federal productivity, it’s important for organizations to track all network access.

Keep an eye on your entire ecosystem

It’s crucial to monitor connected applications that are frequently deployed from cloud marketplaces, or from customer networks, on to leading software-as-a-service (SaaS) platforms, such as Office 365.

Using connected applications is a common and necessary practice. Many agencies have software hosted in data centers that access these SaaS applications and other resources on the internet. There is implicit trust with these connected applications that once onboarded their activities are rarely ever monitored. This often creates security blind spots, especially when they start behaving abnormally. CASBs can help address this blind spot very effectively.

More than the technology: Shifting perspectives

Security best practices have not changed, but the way we approach and use them must adjust based on how we use the technology; the approach is just as important as the technology itself. Expanded use of cloud-based technologies provides convenience for access and storage, but also creates gaps in security.

Cloud environments are constantly changing, requiring security upgrades and monitoring that keep the same pace. Security upgrades should be constant and react to other updates made to a platform—an “always-on” mentality is crucial for constant awareness of what and who is on the network and how information is being used.

The stakes are high when it comes to cybersecurity at federal agencies. Cybercriminals will constantly adapt strategies to areas with the biggest gaps, and too often this is tied to a cloud application. Constant monitoring combined with a security approach designed in line with how the cloud operates can keep government data and systems safe from compromise.

Sundaram Lakshmanan is chief technology officer for SASE Products at Lookout.

Comments

Sign up for breaking news alerts