Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
The Australian Signals Directorate (ASD) publishes guidance on implementing eight critical cyber mitigation strategies, which would be enough to fend off 85% of targeted cyber-attacks. The Auditor General has mandated compliance with these controls. How will government departments incorporate this into their cloud security strategy?
With the rapid move to cloud services, both public and hybrid, many Australian government departments, both at the Federal and local level, have opted to save money over dealing with the inevitable cloud security risks that cloud computing presents. Concerns about information control, data sovereignty and cyber security have emerged.
If organisations run their own security operations capability, a transition to the cloud can reduce their ability to detect and respond to security threats, since key information sources are not natively available. Furthermore, it’s impossible to show compliance with the ASD Essential Eight controls if you can’t gain access to the evidence. Let’s look at a few of the issues you’ll face with cloud computing and, especially, with your ability to demonstrate compliance.
The definition of compliance can change depending on which governing body regulates your industry, but for Australian Government departments it’s all about meeting the requirements of the Protective Security Policy Framework (PSPF) and ASD’s myriad advisories. The Auditor General has recently decided to test agencies and departments against the Essential Eight, therefore seeking evidence they are meeting the requirements of the following:
Implementing the ASD Essential Eight onsite, where you have complete control over the full infrastructure and application stack is one thing (and even then, it’s hard), but moving to the cloud means that there are entire computing subsystems that you are now blind to. Cyber security teams have built their capabilities on data collection and analytics tools, using Security Information and Event Management (SIEM) to collate and correlate threat data. Information feeds from operating systems, security systems and business applications are all important since they afford your sec ops team the entire security operating picture.
However, when you move to a cloud consumption model, especially with platform and software-as-a-service offerings, most of the useful log sources are no longer available. This loss of data means the security operations centre cannot correlate the most common security telemetry and threats which makes it impossible to detect and respond to an attack, and making it impossible to report on compliance.
Most SIEM manufacturers have created a version of their platform that works in the cloud. Often this is nothing more than an installation of their platform on a cloud server, so in essence it’s no different to what you had done before, albeit from your own datacentre. This doesn’t make the security operations team’s job any easier, since the underlying network and platform logs are not available, so they are still blind to a vast number of threats.
Instead, you need to look for a native SIEM solution that fully integrates with the cloud platform, whether that’s Microsoft Azure, AWS or some other vendor’s software-as-a-service offering. Native integration means the system collects security telemetry from the underlying systems and applications that you don’t naturally get access to. This will allow the security operations team to hunt for threats across the entire infrastructure stack, but will also allow the security management team to attest to compliance with the ASD Essential Eight, where reporting can be tailored against the maturity level of each Essential Eight control.
Government departments that have not adopted the cloud will soon be compelled to, due to budget constraints and ease of management. Until now, cloud security has been fraught with problems, especially relating to the loss of operational visibility. It’s necessary to evaluate any tools you look at for native integrations with your preferred cloud platform, to ensure you get back the visibility you’d otherwise lose.
Huntsman Security’s native integration with Microsoft’s Azure platform has given control back to the customer, with special reporting and compliance tools tailored to report on compliance to the ASD Essential Eight controls.
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.