"We are not a target for cyber attacks", many companies still think these days. They are sure: with the existing on-premise infrastructure, attackers from outside have a hard time. However, according to the Microsoft Digital Defense Report 20221, increasing networking, digitalisation and not least the rapid developments in the field of artificial intelligence, which are also used by cyber criminals, are leading to increasingly complex approaches by attackers. In addition, the criminal cyber economy is becoming increasingly industrialised. As a result, attacks via the internet are an everyday threat to every company and can cause immense damage. Contrary to the widespread opinion that the cloud is much more susceptible to attacks here, in everyday corporate IT it is more likely to be gaps in the security measures and tools used and in the lifecycle management of IT resources that help ransomware attacks to succeed, for example.
Is on-premises more secure than the cloud?
The security of an on-premises environment can therefore be deceptive. Even though the total costs may be more manageable, the monthly costs over the entire life cycle can be calculated more transparently if the data is outsourced to the cloud. In addition, with on-prem environments, the companies themselves are responsible for keeping the software up to date and for security precautions. This is a real challenge in view of the current shortage of skilled workers. Outdated hardware and software, non-compliant security solutions or a rather neglected identity and rights management can quickly lead to security gaps. If the servers are located in-house, corporate IT must also take care of maintenance and updates itself.
Security through the on-boarding tools of cloud providers.
The situation is different with cloud solutions. Professional public cloud providers such as Amazon AWS, Google Cloud or Microsoft Azure offer integrated, comprehensive security and compliance controls that automatically and, above all, quickly close security gaps and actively combat threats. Tasks that conventional individual applications can hardly perform in total, or only with very high effort. The comprehensive security services of the cloud providers take action against all common attack scenarios and offer, among other things, reliable identity and access management that complies with current corporate guidelines. They explicitly control all authentications and authorisations using available data such as identity, location and its plausibility, device integrity, data classification, anomalies, service or workload. Authorisations restrict the security solutions integrated in the cloud via user access with JIT/JEA (Just-in-Time/Just-Enough-Access). They relate to risk-based, adaptive policies and information protection for the company's data and files. In all of this, the automatic rule is: Simply trust nothing and no one - also called "Zero Trust".
Everyone relies on Zero Trust.
Zero Trust is now part of all professional public clouds, revolutionising the approach to security. Until now, in an on-prem network, access to IT has tended to be restricted by the access itself, and various security applications supplement this with further controls. This makes companies unnecessarily inflexible. If the "human" factor is then added, cyber dangers quickly arise that can only be contained, but no longer combated in advance. Dynamic companies, on the other hand, need a conditional access framework whose policy engine covers both policy definition and policy enforcement. This is precisely the security framework that cloud providers offer - automatically and fully integrated.
A brief comparison.
Amazon Web Services, for example, deployed a set of AWS identity and network services with centralised zero-trust building blocks where compliance policies and access rights can be defined. Google calls its zero-trust model, which allows all employees to work securely from anywhere without a VPN connection, BeyondCorp. The unified platform for identity, access, application and endpoint management (IAM/EMM) is Cloud Identity. In the Microsoft Azure Cloud, on the other hand, company data is protected by a holistic approach and numerous integrated security solutions. The zero-trust concept behind this carefully checks every access to users, devices, systems or data and initially treats it as if it were coming from an insecure network. This is followed by a comprehensive, multi-stage check: in addition to explicitly checking all available data points, the security solution checks all policies and automatically always assumes that security breaches can occur at any time (assume-breach paradigm). Thus, the system detects threats immediately and stops them before any damage is done. The holistic, multi-layered security approach of Azure thus protects company systems in advance.
Range of security solutions ensures a secure cloud.
The example of Microsoft Azure also shows how high the security standards in the cloud have become in the meantime. For identity management, protection of devices, applications, emails and data, Microsoft 365 Defender for endpoints and Azure Defender for Azure workloads and resources as well as Azure Sentinel as a SIEM and SOAR system (Security Information and Event Management / Security Orchestration, Automation, and Response) offer uniform threat management. All of the solutions mentioned use an integrated user interface and a common data model and thus actively detect threats. In addition, Microsoft Cloud App Security protects the data stored in cloud applications and services. The app, which is also fully integrated into the security solution, helps to enforce security policies and secure the data in the applications used by employees. Whether office applications, IoT or identity management, the solutions detect and protect against threats and suspicious behaviour. Shadow IT and applications on the internet (Shadow SaaS) can also be managed securely with it.
Cloud security solutions are easy to manage.
For all of this, a company that has opted for a cloud solution such as Microsoft Azure only needs little internal security expertise, as the company's own policies can be implemented by an external IT security specialist. The rest is done by the automatisms of the cloud solution. Nevertheless, the automation and the defined playbooks do not relieve the company of the responsibility to soundly assess and process the qualified security advisories and alerts. The "background noise" of security alerts is significantly reduced and fewer highly qualified security resources are needed to process the events in the company. The entire cloud environment is thus ideally protected and provides stable workloads. The holistic approach of cloud providers helps keep all resources safe from attack and keep pace with the increasing professionalisation of cybercrime. Cloud providers such as Microsoft invest heavily in their resources and the security of their services to this end. If the security functions are set correctly and employees are sensitised to the topic, companies can always trust that devices, data and applications in the cloud are safe. And those who feel secure work more productively and efficiently.
[1] https://www.microsoft.com/de-de/security/business/microsoft-digital-defense-report-2022
