Cloud cybersecurity

Security in the energy cloud and how to get a handle on it

The cloud brings new challenges for utility cyber security that require asset visibility, integration of data sources and automated security processes.
Published: Thu 11 Jul 2019

The cloud is considered key to support utilities in their digital transformation as they evolve their business to meet the demands of a decentralised energy system with distributed energy resources. However, as companies are increasingly transitioning their data storage and analytics and other aspects of their business to cloud platforms and adopting software-as-a-service (SaaS), security issues must be top of mind with new challenges that need to be addressed.

A new study from security software company Symantec, based on a survey of 1,250 decision makers worldwide, sets out some of these in what is a fast shifting security landscape. According to Symantec, one of the biggest takeaways from the study is that almost all the companies are storing data in more than one environment, including private and public clouds and by over two-thirds, on-premises. As such, visibility across applications and workloads is difficult to achieve.

A related issue on visibility is that most organisations were unaware of and are underestimating the amount of cloud use and its growth rate. For example, the average organisation believed its employees were using around 450 cloud applications but Symantec’s own data points to a usage four times larger. With this underestimation coupled with a rapid growth rate, with cloud app deployment increasing 16% over the past year and expected to reach 21% over the next, companies face a mounting challenge to secure their migration to the cloud.

Another finding was that companies are struggling to adapt their security culture and behaviour to the increasing cloud use and most are not using best practices as outlined by the Centre for Internet Security. Because of this immaturity, the scale and complexity of cloud attacks is often being underestimated. The survey found denial-of-service attacks and cloud malware injections to be the most commonly investigated cloud security incidents, but Symantec’s own data indicates that unauthorised access threats account for the bulk of such incidents. Indeed, account takeover in particular is a pervasive but under-rated problem due to the impact of shadow IT on visibility into cloud infrastructure. Without a lens into such activity, organisations are at a disadvantage for identifying and remediating them, states the report.

Addressing cloud security

While these indicate the extent of the challenges, the key question is how they can be addressed and Symantec offers four recommendations for users to keep their cloud assets secure.

One, get risky apps, data and users under control. SaaS apps are readily available but many have inadequate built-in security. Another issue is that cloud files containing sensitive data are commonly overshared. Organisations should enlist advanced automation and analytics services to help identify and prioritise risky behaviours, identify malicious users and escalate crucial security alerts. For example, artificial intelligence and machine-learning technology can accelerate analysis of the detection and of targeted attacks.

Two, contain risks from misconfigured servers, malware and unauthorised access with a consistent approach to discovering, monitoring and remediation. Security tools designed for cloud workloads including cloud access security brokers, workload protection and security posture management can deliver visibility and security across myriad cloud services.

Three, keep the bad guys out. According to Symantec, 16% of outbound web traffic may come from compromised servers, directed to known command-and-control domains that control bots or other malware attacks. With employees accessing websites from anywhere and bringing massive amounts of devices into the enterprise ecosystem, it is critical to implement total endpoint security to protect devices, apps and networks against malware, ransomware and other emerging threats.

Four, don’t ignore the threat from inside. Cloud incidents that result from insider threats – either purposeful, inadvertent or through compromised credentials – are a major concern for half of the companies and a fifth of them said the problem was increasing in intensity. Investment in training programmes and other initiatives is crucial to getting users up to speed on new protocols to change risky behaviour. Simultaneously, organisations need to find or cultivate new security talent. Changing the company culture to support a shared security model also can be the most important part of the process.

Tim Albrecht, global practice lead, Cloud Service Providers at Symantec, sums these up: “The cloud can be secure, but to have a chance, security teams need to have three factors built into their process and platform: Visibility into their assets in the cloud, integration with a variety of information sources on threats and the automation necessary to apply policy and speed response.”