CrowdStrike exec explains why the cloud is a net-positive for cybersecurity

In recent years, cloud computing has established itself as one of the foundational technologies that provide modern enterprises with on-demand connectivity. Without it, the widespread transition to hybrid work would not have been possible during the COVID-19 pandemic. But what about cybersecurity in this new cloud-centric world?

The ease of direct connectivity has created new vulnerabilities for security teams to address, and many organizations are still catching up: 81% of organizations experience cloud-related security incidents in the past year.

But nonetheless, in a recent Q&A with VentureBeat, Amol Kulkarni, chief product and engineering officer at leading CNAPP vendor CrowdStrikeexplained that he believes the cloud, despite its complexity, will prove to be a net positive for security teams.

Cybersecurity in the cloud, from the POV of an industry leader

Kulkarni highlights the role technologies such as CNAPP and attack surface management tools can play in increasing the visibility of an organization’s risk exposure and mitigating vulnerabilities and misconfigurations across cloud, hybrid, and multicloud environments.

Below is an edited transcript of our interview.

VentureBeat: What do you see as the central cybersecurity challenge for organizations looking to secure their cloud environments in 2023?

Amol Kulkarni: Fundamentally, the modern adversary has become faster (Immediately average outbreak time of less than 30 minutes for 30% of attacks) [and] more sophisticated (with nation state actors using unique cloud attack tactics), and [is] increasingly focused on cloud environments (with a 288% growth in cloud workload attacks according to CrowdStrike threat data).

The central challenges for organizations seeking to respond to these modern threats facing cloud environments [are in] three main areas:

1. Lack of visibility

The dynamic nature of hybrid and multi-cloud environments creates complexity for security monitoring, opening the door for shadow IT. And since many organizations divide responsibilities between devops, security, and IT teams, blind spots can arise when attacks move laterally across environments, from the cloud to the endpoint.

Therefore, having a cloud-native Application Protection Platform (CNAPP) that can provide full visibility across all cloud resources becomes critical to quickly identify and stop breaches.

2. Increased costs and operational overhead

Using multiple cloud security tools instead of a CNAPP (which consolidates everything into a unified solution) can lead to fragmented approaches that increase cost and complexity.

Gartner even says so 99% cloud cover failures will be the customer’s fault due to errors such as cloud misconfigurations. When security and devops teams need to switch between cloud security tools, they often use multiple dashboards instead of a CNAPP solution with a unified dashboard.

3. Shared responsibility model

The shared responsibility model can be misunderstood, leading to the assumption that cloud workloads, as well as any applications, data, or activities associated with them, are fully protected by cloud service providers (CSPs).

This can lead organizations to unknowingly run workloads in the cloud that are not fully protected, making them vulnerable to attacks targeting the operating system, data or applications. Even securely configured workloads can be targeted at runtime because they are vulnerable to zero-day exploits.

VB: How is threat detection changing as more organizations embrace the cloud?

Kulkarni: As organizations migrate to hybrid cloud or multicloud environments, the way organizations think about threat detection must also evolve, especially when it comes to addressing threats across many cloud environments.

The threat landscape[s] in hybrid and multi-cloud environments are different, and the technology and IT environments are different. The cloud is highly dynamic, scalable and ephemeral. Thousands of workloads are created for multiple tasks, they are API-based and typically use identity and access management (IAM) roles to segregate workloads.

As such, threat detection in the cloud must address identity, security posture, compliance, misconfigurations, APIs, cloud infrastructure and workloads, including Kubernetes and containers.

VB: Do you have any suggestions for organizations struggling to close the cloud skills gap?

Kulkarni: The most effective way organizations can close the skills gap is through a consolidated platform approach that reduces operational and technical expertise. This can be further supplemented through managed services.

For example, a managed security service for the cloud can provide 24/7 expert security management, continuous human threat hunting, monitoring and response for cloud workloads. Think of it as an extension of your SOC team.

Address misconfigurations in the cloud

VB: How can CISOs and security leaders better manage cloud misconfigurations to improve cybersecurity?

Kulkarni: We recommend three main actions:

1. Ensure visibility in the cloud environment with a CNAPP solution that can represent the entire security posture of the organization, not just parts of it.
2. Enforce runtime protection to stop accidental or weaponized misconfigurations across all cloud environments. We believe this can only be achieved with a CNAPP solution that includes both agentless and agent-based protection to detect and remediate threats in real time.
3. Integrate security into the CI/CD lifecycle by shifting left to avoid code errors, such as critical applications running with vulnerabilities.

These steps allow CISOs to implement a robust set of best practices and policies that are also flexible enough to meet the needs of devops teams.

VB: Any comments on attack surface management?

Kulkarni: Organizations’ cloud footprint is expanding at an unprecedented rate and their attack surface is growing as a result. CrowdStrike Falcon Surface data shows that 30% of exposed assets in cloud environments have a severe vulnerability.

Based on the shared responsibility model, the responsibility to protect cloud data rests with the customer, not the cloud service provider. Common cloud security risks, such as incorrect IAM permissions, cloud misconfigurations, and cloud applications delivered outside of IT, can leave organizations vulnerable to attack.

External Attack Surface Management (EASM) enables organizations to safely migrate to the cloud while considering their entire ecosystem (subsidiaries, supply chains and third-party vendors).

EASM solutions can help organizations discover misconfigured cloud environments (staging, testing, development, etc.) and empower security teams to understand the associated risks. With a complete view of the remote infrastructure, an organization can quickly remediate vulnerabilities in the cloud and keep pace with the dynamic attack surface.

VB: Do you believe the cloud is a net positive or negative when it comes to enterprise security?

Kulkarni: Cloud as a whole is a net positive, with its ability to scale on demand and improve business outcomes for organizations facing resource constraints. Cloud with the right security can drive the future of business growth for organizations.

Top 3 to secure the cloud

VB: What are the top three technologies organizations need to secure the cloud?

Kulkarni: We recommend a CNAPP solution that is agent-based, agentless and includes:

• Cloud workload protection (CWP) including container and Kubernetes runtime protection, image assessment, CI/CD tools and frameworks, as well as real-time ability to identify and remediate threats throughout the application lifecycle. And when deployed through an agent sensor, more rich context and action can be taken more accurately and faster.
• Cloud Security Posture Management (CSPM) with an agentless approach that unifies visibility across multicloud and hybrid environments while detecting and remediating misconfigurations, vulnerabilities, and compliance issues.
• Cloud Infrastructure Entitlement Management (CIEM) that detects and prevents identity-based threats, enforces privileged credential checks, and provides one-click remediation testing for faster response. Coupled with an identity-based identity asset protection strategy, almost 80% of everything breaches can be softened.

VB: What’s next for CrowdStrike?

Kulkarni: As recognized CNAPP leaderwe are committed to delivering the best CNAPP solution in the market, which is delivered from the cloud native CrowdStrike Falcon platform. Expect continued innovation around new attack detections to meet the needs of DevOps and DevSecOps teams, while also investing in additional managed services for the cloud and extensive pre-built integrations with cloud service providers.