SysAdmin Day: The cloud, security and backup risks

[German]Today, July 29, is the International Day of the System Administrator, a day for all the IT professionals who do their best every day to somehow keep the IT systems running and secure against cyber threats. I assume that this morning on your desks a lot of gifts and attentions were unloaded, that the phone is not standing still, because people want to express their gratitude for your hard work. And your favorite users are coming into your office to say Merci. Today I want to take a look at cloud, security and backup for you. Have you got it all covered, of course – but there's no harm in doubling up.

Cloud-based security

I think a large percentage of the administrators reading along here on the blog are faced with managing cloud services on a daily basis, in addition to on-premises solutions. Organizations hope to become more efficient by adopting cloud technology. This is because operations are more scalable, and employees can be productive from any location and on any device.

Driver of this trend was also the Covid 19 pandemic, which forced companies to send some of their employees to the home office. Companies prioritized remote access tools such as virtual private networks (VPNs). But there is, of course, the issue of security, which becomes more complex with remote solutions and remains relevant in the cloud.

Security tools that purport to enforce zero trust are often deployed. The problem, however, is that these products only perform security checks at the time of access. The use of cloud solutions has turned security requirements on their head. While it used to be enough to lock everything down security-wise – i.e., applications, data and users had to stay within corporate boundaries, and only managed devices were allowed – this no longer applies with the cloud. Because by moving applications and data to the cloud, users can work from anywhere.

The administrator not only loses overview and control over applications and data in the cloud. The challenges also become more complex. On top of that, there's a persistent labor shortage in the cyber security space that requires streamlining existing operations rather than expanding them.

What happens when an account has been compromised by a phishing attack and the attacker starts downloading sensitive data? What happens when a critical vulnerability is discovered in an operating system endpoint? The challenge of verifying security at the point of access is that user and endpoint risk levels are constantly changing.

To guarantee remote work while protecting sensitive data, security must be cross-functional. For example, data loss prevention (DLP) provides deep insight into the type of data one owns, but is not typically managed by the same people who take care of cloud services. Zero Trust requires that all security tools work together to provide granular and dynamic access, which is why organizations are increasingly turning to cloud solutions.

What to look for in a cloud security platform

Sundaram Lakshmanan, CTO for SASE solutions at Lookout, has two components to look for in cloud security: risk awareness and content awareness. Enterprises, or IT leaders, need to understand a few key concepts when considering cloud platforms:

1. Risk awareness. You have to be aware of the risk level of your endpoints and users.
2. Content awareness. This is the consideration of the sensitivity level of the data someone is trying to access. Risk-based access mitigates the threats posed by users and endpoints. However, to ensure that access decisions are made efficiently, one should also look at the data itself.
3. Detailed actions. Understanding the data must also extend to granular policy enforcement to ensure productivity is not compromised. Zero-trust access decisions should not be based merely on binary numbers. Detailed measures such as watermarking, keyword highlighting, and restricting downloads are critical to ensure that any risk is avoided and data is protected at all times.
4. Proactive encryption. Data protection must also extend beyond the personal sphere of influence. One should consider proactive encryption technologies that take into account the sensitivity of the data to ensure that the most sensitive data can only be viewed by authorized users, even if it is shared offline.

Sounds great on paper, but putting it into practice is another story. This becomes a problem when historically there have been dedicated teams for different functions: Information Security, Network Security, Endpoint Security, etc. are tasked with these responsibilities. Experience shows that they move at different paces across different teams and departments in an organization. This can make it difficult to create a common vision or roadmap for security adoption. Sales and marketing teams, for example, often adopt cloud platforms much earlier than finance, HR or engineering departments.

In addition, IT teams are often burdened with supporting old solutions while already having to accompany new solutions in the cloud. This can lead to strain on the respective teams. The cloud and cloud applications are factors that are fundamentally changing the way enterprises do business:. Before security teams relearn the security controls deployed in the cloud, they must also understand the intricacies of cloud services and applications before they can protect them effectively. In summary, with data and users everywhere, organizations need to rethink how security is provided.

Backup risks looming in the cloud

And there's the second problem with the cloud: how do IT managers ensure their data is backed up in the cloud? After all, companies are responsible for the backup and recovery of their data in the cloud. Those who only rely on the limited options offered by the providers are at risk of risky gaps, as Dell Technologies explains in an overview. This is because most SaaS applications offer only very rudimentary options for data retention and recovery. Dell Technologies lists the five biggest risks for backup disasters in the cloud below:

1. Accidental deletion. Deleted data often ends up in the recycle bin, which is automatically emptied after a certain amount of time. So, for example, if an employee deletes a canceled sales project in Salesforce and wants to resume it later, it may already be too late to recover the data from the trash.
2. Malicious deletion. When an employee leaves the company, his or her account, for example in Microsoft 365, is usually locked. If he maliciously deleted information before leaving, the IT department cannot easily access the data to assess and undo damage. After all, the account archiving of departing employees does not include previously deleted data.
3. Ransomware attacks. The time frame for data retention are usually tight for SaaS applications. If a company falls victim to a ransomware attack that began outside this window, it has no chance to restore the affected data to an unencrypted state. In addition, no isolation of the retained data from the primary environment exists to prevent the ransomware from spreading to that data.
4. Compliance. The short retention periods make it difficult or impossible for organizations to meet internal and legal data archiving requirements. As a result, they risk compliance violations that can result in stiff fines or permanently damage their reputations.
5. Legal Hold and eDiscovery. Capabilities for retaining, identifying, and providing data as evidence in litigation are often very limited or non-existent in SaaS applications. There are also no integrations with dedicated third-party eDiscovery tools. Throttling limits on data transfers, daily limits on data exports, or volume limits on summary downloads further complicate eDiscovery processes.

If companies want to comprehensively secure their SaaS data against risks such as accidental and malicious deletion or ransomware and reliably meet compliance requirements, there is no way around using a dedicated backup solution, according to Dell Technologies. The classic approach would be to build and operate such a solution yourself. However, as is always the case with on-premises installations, this incurs considerable costs and effort for hardware, software and maintenance. Dedicated backup platforms in the cloud are therefore an attractive alternative.

Dell didn't unveil a specific product – but certainly has something in its portfolio. Yesterday, I also received a press release from SentinelOne announcing the SentinelOne App for Amazon Web Service (AWS) Elastic Disaster Recovery. The product integrates with AWS Elastic Disaster Recovery (DRS) to protect organizations from the devastating effects of ransomware. With this joint solution, affected organizations can initiate AWS Elastic Disaster Recovery directly from Singularity XDR and restore to the last known workload state within minutes to ensure business continuity and exceed recovery time objectives.

Bottom line: On one hand, it remains for me to note on SysAdmin Day that administrators and IT managers face significant and ever-changing challenges. The likelihood that work in this area will run out (e.g., due to moving to the cloud, "the provider does everything for us there") and administrators will become unemployed is not very likely in the coming years. So: Happy SysAdmin-Day!