A topic in cybersecurity that isn’t getting enough attention, but is critically important, is toil in the cloud. This toil is crippling organizations and cloud security analysts today. We discussed in our first blog post how difficult it is on cloud security teams to understand, investigate and remediate issues in the cloud. Today we’re going to be discussing the outsized impact this toil is having, what’s driving the toil, and why cloud security teams desperately need a new capability to help automate the investigation, root cause analysis, and root solutions across the SDLC.
Too few talented workers
Let’s start with the alarming fact about the talent gap in cyber security today—according to (ISC)² Cybersecurity Workforce Study, there are over 3.4 million cybersecurity job openings that can’t be filled. That’s not a theoretical challenge—it represents real, crucial roles that need to be filled today to address the gap in our defenses against cybercrime that, according to Cybercrime Magazine, is predicted to cost the world an astounding $10.5 trillion annually by 2025.
In addition to the talent gap, the industry has a historically high turnover rate, which is the direct result of:
- The talent shortage — teams too small to address the risks
- Detection tools which are creating more work and not doing enough to help analysts finish their job
- Work that is mind-numbing given the preponderance of cloud data silos
- Persistent automation gaps in the areas of work prioritization, root cause analysis, and remediation planning
Peel back another layer and you’ll find an even grimmer picture in the world of cloud security. Many seasoned security professionals, who honed their skills in the era of on-premise solutions, are suddenly finding themselves tossed into the unfamiliar waters of cloud security—a space that operates quite differently from a traditional data center and on-premise world.
Too many urgent tasks
Imagine this: you’re a cloud security analyst. Your day-to-day job involves responding to an incessant barrage of cloud security issues, like a firefighter who never gets a break. But unlike a firefighter, you’re often missing critical information you need to address these issues effectively. The necessary security data across the Software Development Life Cycle is typically out of your reach, leaving you to make educated guesses rather than informed decisions. The job is demanding, stressful, and frequently feels like a “mission impossible.”
This is easy to see when you consider the 10 critical sub-tasks that need to be performed for each cloud security issue:
- Aggregate similar findings: Bring together the best data from available detection tools
- Analyze related findings across the SDLC: Each detection tool only tells part of the full story, so someone needs to make cohesive sense of it all
- Analyze asset context: Who owns this? Which application? Is this in production? When was this asset deployed? How is it configured?
- Validate the issue: How confident are we that this is a true positive?
- Identify root cause: What ultimately caused this? When did that happen and by whom? Why? How do we make sure this does not happen again?
- Risk and business impact analysis: What is the likely consequence of inaction? What dependencies are there and how will that affect our business?
- Urgency analysis: In context of our environment, the nature of this specific issue, and the conditions of the specific assets involved, how important is it that we act now?
- Solutions tradeoff: What are the possible solutions to this specific issue? How does each one fare in terms of risk-reduction and effort required?
- Root solution prioritization: Identifying the remediation target and steps that reduce the most overall cloud risk with the least amount of effort for the organization, ultimately addressing lots of issues at once
- Remediation Assignment: Creating tickets with developer-ready remediation steps and assigning it to the right owner or team
Given how much time each of these analyses take and the fact that oftentimes the data required is siloed, most of these jobs are skipped and ad-hoc decisions are made.
A force multiplier is needed
It’s clear that we need a force multiplier in the cloud security industry.
Most companies have a wealth of security detection data at their disposal, thanks to native services from AWS, Azure, GCP and numerous third-party tools in the CNAPP, CSPM, and CWPP space. The issue has now morphed from “we don’t have the right detection in the cloud” to “we’re drowning in detection data, and we can’t figure out quickly which issues need our immediate attention, the root cause of the issue, and the best path to remediation.”
To make matters worse, we can’t simply hire our way out of the problem, as evidenced by the talent shortage highlighted by the (ISC)² 2022 report.
So, what’s the solution? Cloud security analysts need an automated capability that can amplify their efforts tenfold. We need a capability that can prioritize cloud security issues based on environmental and tool context across the Software Development Life Cycle. We need a means to trace issues back to their roots with minimal manual analysis. And most importantly, we need to be able to prioritize remediation actions that focus on reducing risk and resolving issues with the least effort. That’s where Longbow comes in…
Having this capability in your toolkit turns cloud security teams into heroes. It enables them to keep pace with rapid development cycles and function as real business and technology enablers. The implementation of these capabilities is the key to a more efficient, effective future. In today’s race against time, we’re not just combating potential threats—we’re fighting to prevent crises that could bring entire systems to their knees.
Let’s empower our cloud security teams and lift them out of the toil of the status quo. Let’s provide them with the force multiplier they need to address these challenges head-on, because they’re not just heroes—we need them to be superheroes.
- (ISC)² Cybersecurity 2022 Workforce Study (https://www.isc2.org/Research/Workforce-Study)
- Cybercrime Magazine (https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/)
CPO and Co-founder of Longbow Security