Skip to content
CTP is part of HPE Pointnext Services.   Explore our new services here →
  • The Doppler Report
Cloud TP Logo
  • Thought Leadership
  • Clients
  • Services
  • Careers
  • Contact Us

Cloud Technology Partners

CLOUD SERVICES

  • The Cloud Adoption Program
  • Application Migration
  • Software Development
  • Infrastructure Modernization
  • DevOps & Continuous Delivery
  • Cloud Security & Governance
  • Cloud Strategy Consulting

TECH DOMAIN

  • Amazon Web Services
  • Google Cloud Platform

ABOUT US

  • Company Overview
  • Leadership Team
  • Partners
  • News & Recognition
  • Announcements
  • Weekly Cloud Report
  • Client Case Studies
  • Events

CAREERS

  • Join Us
  • Job Opportunities
 Cloud Technology Partners
  • Doppler Home
  • Client Case Studies
  • Podcasts
  • Videos
  • White Papers
  • Quarterly
  • Events
  • Subscribe

Assume That You Have Already Been Breached

By adopting an Assume Breach approach to cloud security, organizations can simplify the decision-making process and improve the quality of their security posture.
Stuart Stent VP, Distinguished Architect
July 2, 2019 THE DOPPLER
Share this 
doppler_mail1

For more content like this, Get THE DOPPLER
email every Friday.
 
Subscribe here  chevron_right

Breached. Compromised. Infiltrated. Exposed. These are four words no CISO wants to see in their inbox. Looked at another way, however, they can be immensely valuable. How, you ask? By accepting these four words as the status quo and by assuming at all times that you have been breached (whether or not that is actually the case), decision-making becomes much simpler. Any decision made from the standpoint that the attacker is already inside your environment is straightforward, easily justified, simple to communicate and encourages a more secure posture; thus, using this concept as a decision-making tool can help companies get ahead of the game. To begin with, the reasoning behind technical security decisions can be rather opaque to non-security staff and is often put into the “because security said we have to” bucket. This in turn fosters the kind of negative sentiment often attributed to information security policies. But the concept of Assume Breach makes it very easy for both technical and non-technical staff to understand the “why” behind security leadership decisions and is an approach they can apply in their everyday work.

 

Read the stories
How these F500 organizations are ensuring security in their highly regulated industries.

 

Let’s take the example of a team deploying a new application in a public cloud environment that will use a RESTful API to communicate between microservices. Because these components are not directly exposed to the internet, the team asked to use the plaintext HTTP protocol instead of the more secure encrypted HTTPS protocol as it is easier to deploy and manage. While the normal discussion about this could be lengthy (and probably heated), the response to the team’s request becomes very clear if it is assumed an attacker has already breached the environment. Deploying this application with some form of encrypted transport becomes the only safe choice. Whether that takes the form of HTTPS, an encrypted service mesh or some other mechanism does not matter, as long as it is not plaintext and provides some form of authentication mechanism. While there may still be some initial pushback from the application team, once they understand the concepts used to make the decision, they are more likely to understand and accept it.

When applying the Assume Breach approach it is important to take a holistic view of the security landscape in question. In the example above, this decision would form part of a more comprehensive plan of attack, including controls relating to infrastructure protection, data protection (including encryption), identity and access management (IAM), Threat and Vulnerability Management tools, logging, monitoring and configuration management. The controls chosen also need to take into account the nature of the environment being protected.  For example, in a public cloud environment where we are adopting an Assume Breach mindset, it may be prudent to adopt a BeyondCorp or Zero Trust access model where we no longer trust that whole networks are secure, and instead use authentication mechanisms to determine the precise resources required by an entity requesting access.

Is always assuming a breach overly cautious? In 2018, a researcher ran a honeypot instance (see inset) on AWS, and published his results on Kaggle. Beyond the sheer range of attacks observed, there was one key metric that jumped out: there were an average of 99 attacks PER HOUR, not including those automatically absorbed by the AWS infrastructure. Considering that just one attack needs to be successful to wreak havoc, and that according to the 2018 Cost of a Data Breach Study by IBM Security the Mean Time to Identify (MTTI) a breach is 197 days, the idea that an environment might already be compromised is actually not that improbable. In this way, adopting an Assume Breach approach in your cloud security practice can not only simplify the decision-making processes, but can also be a prudent step that greatly improves the quality of your security posture.

Honeypot: In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site, but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, who are then blocked. This is similar to police sting operations, colloquially known as “baiting” a suspect. [source: https://en.wikipedia.org/wiki/Honeypot_(computing)]

Share this


Related articles

 

5 Steps to Building a Cloud-Ready Application Architecture

 

12 Step Guide for Data Governance in a Cloud-First World

By Joey Jablonski

 

All in on AWS

Related tags

Cloud Strategy   Security & Governance   Software & Technology

Stuart Stent

Full bio and recent posts »



Find what you're looking for.

Visit The Doppler topic pages through the links below.

PLATFORMS

AWS
CTP
Docker
Google
IBM
Kubernetes
Microsoft Azure
OpenStack
Oracle
Rackspace

BEST PRACTICES

App Dev
App Migration
Disaster Recovery
Change Management
Cloud Adoption
Cloud Economics
Cloud Strategy
Containers
Data Integration
DevOps
Digital Innovation
Hybrid Cloud
Managed Services
Security & Governance

SUBJECTS

Big Data
Blockchain
Cloud Careers
CloudOps
Drones
HPC
IoT
Machine Learning
Market Trends
Mobile
Predictive Maintenance
Private Cloud
Serverless Computing
Sustainable Computing
TCO / ROI
Technical "How To" Vendor Lock-In

INDUSTRIES

Agriculture
Energy & Utilities
Financial Services
Government
Healthcare
Manufacturing
Media & Publishing
Software & Technology
Telecom

EVENTS

CES
DockerCon
Google NEXT
Jenkins
re:Invent


 

Get The Doppler

Join 5,000+ IT professionals who get The Doppler for cloud computing news and best practices every week.

Subscribe here


Services

Cloud Adoption
Application Migration
Digital Innovation
Compliance
Cost Control
DevOps
IoT

Company

Overview
Leadership
Why CTP?
News
Events
Careers
Contact Us

The Doppler

Top Posts
White Papers
Podcasts
Videos
Case Studies
Quarterly
Subscribe

Connect

LinkedIn
Twitter
Google +
Facebook
Sound Cloud

CTP is hiring.

Cloud Technology Partners, a Hewlett Packard Enterprise company, is the premier cloud services and software company for enterprises moving to AWS, Google, Microsoft and other leading cloud platforms. We are hiring in sales, engineering, delivery and more. Visit our careers page to learn more.

CWC-blue-01

© 2010 - 2019 Cloud Technology Partners, Inc., a Hewlett Packard Enterprise company. All rights reserved. Here is our privacy policy CTP, CloudTP and Cloud with Confidence are registered trademarks of Cloud Technology Partners, Inc., or its subsidiaries in the United States and elsewhere.

Do Not Sell My Personal Information

  • Home
  • Cloud Adoption
  • Digital Innovation
  • Managed Cloud Controls
  • The Doppler Report
  • Clients
  • Partners
  • About CTP
  • Careers
  • Contact Us
  • Most Recent Posts
  • All Topics
  • Podcasts
  • Case Studies
  • Videos
  • Contact
Our privacy statement has been changed to provide you with additional information on how we use personal data and ensure compliance with new privacy and data protection laws.  
Please take time to read our new Privacy Statement.
Continue