undefined

By Rory McCune, Cloud Native Security Advocate at Aqua and Rory Alsop, Head of Cyber Security at Tesco Bank

The COVID-19 pandemichas caused numerous organisations across nearly all sectors to rapidly migrate to cloud native technologies as part of an accelerated digital transformation process. Cloud native technologies are always changing which can be daunting for organisations that are struggling to keep up. Adopting new processes and technologies comes with new security risks. For the financial services sector, the implications of these risk are significant.

Kubernetes and Docker have grown in popularity by DevOps teams as revealed by a recent Stack Overflow survey, which revealed that more than 55 per cent had implemented Docker within their teams. On the other hand, those currently using more traditional Linux containers will have more to catch up on, because despite the fact that they use existing technologies, these will need adapting.

Evaluating the risks

When considering implementing any cloud native technology there are five key risks that organisations should evaluate beforehand.As cloud based systems are increasingly adopted on an international scale the data regulations of each country must be taken into account. For example, in the UK GDPR regulations may have specific requirements that may not be applicable in other countries. Additionally, some countries require data to be stored in their geographical region so data sharing may not be possible.Those thinking of making the jump to cloud native need to take this into account.

Availability, confidentiality, andintegrity are straightforward concepts to identify within conventional models. However, with cloud native technologies, these boundaries and definitions are easily blurred – making the segregation of duties model a more complex task. Thisleaves access control functions and deploying protections for data assets much more difficult to define.

A real concern to the cloud native computing model is the level of internet exposure that is required. Even if done accidentally, a simple error in judgement can expose vital systems and information to potential cyberattacks. This, along with the rapid advancement of cyberattacks methods, means that reinforcing all security weaknesses and improving information asset management tools need to be addressed as soon as possible.

To ensure overall ease of use by all end users, many cloud native applications are developed with basic security capabilities. This leaves users with generic default settings that may be incapable of maintaining critical applications effectively. Instead, the focus should be towards enabling proper controls early on in development to reinforce these default settings.Organisations should first consider if their current security operations systems can be integrated with newer ones before investing in a conventional SaaS platform, as it may not have the integration points needed for security control and monitoring functions.

Mitigating the risks

Education is fundamental to appropriately mitigate the risks that come with transitioning to cloud native. Arming security teams, owners, and system developers with the knowledge to correctly react and adjust their tactics is the best way to guarantee the safe and proper use of the technology. Combining this approach with CNAPP (or cloud native application protection platforms) is what organisations will need to develop the suitable controls that can accommodate the design and development of current cloud native applications.

Additionally, altering the management of secret information (credentials and API keys) as applications are distributed to ephemeral containers should be done before the transition to cloud native to prevent any credentials from being stolen which could possibly result in changes within the system. Though there are definite hurdles to overcome caused by this paradigm shift, there are also a number of valuable advantages which may help to make the role of security teams a little simpler.

One way to achieve this is by storing away all information within a computing environment and moving to “infrastructure as code”.This is where systems and the applications within them are defined in an encrypted language. This method allows for practices such as static analysis to recognise vulnerabilities through re-evaluating the data to and allocate it to a control database.

Implementing an “immutable infrastructure” can also be used to reinforce cloud native computing security measures. This infrastructure is designed to be frequently replaced by system administrators rather than being altered on a case-by-case basis.By using this system, it becomes easier to identify a lateral movement attack within an environment.

Conclusion

The rate and global adoption of cloud native technologies is due to bring with it new changes for the financial services sector to keep up with. Cybersecurity and ITOps teams must be proactive in keeping with these constant changes so that they are in the best position possible to benefit from the changes. By modifying their systems and procedures to meet these oncoming waves of change is the best way to handle all the risks that come along with it.