Cybersecurity is not a one-man or a one-team job. While the security team may bear much of the responsibility, other teams play a significant role throughout the organization. For example, the work of the network team is critical to security, as they must properly configure and maintain network and IT devices like firewalls so that unwanted traffic is not permitted.
Unfortunately, these two teams often work under different budgets with different management priorities and technologies, leaving them working in silos – often to the harm of organizational security.
In recent years, organizations have moved more of their data to the cloud, and a third team has been brought into the mix. This team – the “cloud team” – is dedicated to working on everything related to the cloud. They introduce a new dimension to the problematic silos that hinder organizations from effectively safeguarding their data.
The cloud dilemma
Moving to the cloud is typically a smart decision. In addition to cost savings and enjoying the agile nature of deployment in the cloud, cloud providers cover a lot of the security responsibilities for their environment. However, even customers who augment the inherent security engines with a Cloud Security Posture Management (CSPM) solution, may struggle to secure their data and devices in the cloud. Commonly, two main areas are lacking in their overall cloud security solution:
1. Cloud Network Security:
Cloud teams are experts in the cloud, but not in network security. Thus, they do not know the best practices for managing the cloud security engines that regulate traffic in and out of the cloud, such as, Security Groups, native Cloud Firewalls and “on-prem” firewalls that are provided as VMs in the cloud. This means that most cloud security teams don’t know how to review and optimize rules or understand if they’re meeting compliance requirements. If security groups and firewalls aren’t configured properly and maintained continuously, doors could be left open for cyber attackers.
2. End-to-End Network Visibility:
Within every organization, there may be 100s of paths between two network endpoints. When you’re dealing with the cloud, you introduce even more such paths. Classical cloud security visibility is limited to whatever happens within the cloud boundaries. But, if you connect your cloud instances to your on-prem environment via an ExpressRoute or Direct-Connect, cloud teams are unable to see such connections and cannot monitor a very probable attack path.
Without an understanding of these two areas, your organization likely has gaps that leave it open to a cyber attack.
Securing the cloud
Let’s look at an example. Take a manufacturing OT environment that needs to connect to the cloud. Between endpoints at a manufacturing site and the EC2 (VM) in the cloud, there are a lot of steps and devices the data needs to travel through. Usually there’s a mix of physical and virtual firewalls, as well as security groups and gateways, that data would need to travel through.
Often, cloud teams don’t have knowledge outside of the cloud environment, so they turn to the security or network teams for further support.
But security teams are no longer responsible for firewall configurations (they’ve become commodities now) and network teams only know about the firewalls in the middle. They’re responsible for everything related to the network but they lack visibility – both firewalls in the cloud and of the end-to-end paths, which is critical to knowing where the security risks lie.
This gap in knowledge or coverage leaves a big hole that cybercriminals expose and take advantage of.
Removing the silos
While each team has a specific area of expertise, all three teams must work together to better protect the organization. The best way to break the silos is through a solution that brings all the data together. Unlike a CSPM tool, a continuous exposure management solution is a unified source of truth that the network, security, and cloud teams use. It enables all three teams to use the same data to communicate effectively and model end-to-end communication of data through the different silos.
With Skybox, data is collected and aggregated from infrastructure and cloud environments so that you see security, policy, and infrastructure data all in one solution. We provide a hybrid map of your attack surface that enables you to analyze potential attack paths, fine-tune security policies, and prioritize your defenses.
Learn how Skybox can help you remove silos and reduce risk:
