A new adage is emerging in the cloud security world that context is the new perimeter.
If you believe this, and there is every reason to believe it, then it begs the question – Where is this context?
Why has the shift to the cloud made context so much more important?
To answer this question, it is worth stepping back to look at the broader changes behind the shift to the cloud.
The Business is driving cloud adoption
As digital transformation has accelerated across industries, businesses have adopted cloud at a rapid pace.
- SaaS Explosion – Whether it is Hubspot for marketing or Github for engineering, business users have adopted such services without IT projects to drive them. Unsanctioned apps, anyone?
- Cloud Workloads – Platforms such as AWS, Azure & GCP have brought an agility to business while IT and Security play catch up.
- API Economy – Connecting applications such as Salesforce and MailChimp together has become a matter of a few clicks. Increasingly, these are clicked by business users.
In the emerging technological landscape, cloud adoption is being led by the business user.
The Business is doing cloud configuration
Increasingly, configuration and management is also being done by the business user. Configuration includes such things as
- Accounts – who has access
- Access settings – what can be accessed
- API integrations – machine identities.
This federated acquisition and configuration creates an interesting challenge for security teams. Security teams lack context.
The Business has context
IT and Security teams are almost always fully engaged in managing global services such as Office 365, SPAM filtering, end-point configuration, etc. However, when it comes to business applications, this is almost never the case.
It is the inbound marketing lead who knows why a specific user who is absent from the corporate directory, has access to tools such as Hubspot and Mailchimp. It is the engineering project lead who knows why a certain IAM role in AWS is configured with a cross-account policy to read data. It is the customer success engineer who knows that an API integration into Zendesk is necessary for customer data exports to be analyzed for customer satisfaction.
When it comes to the cloud, business teams have context.
Securing the new perimeter
A foundational principle of Zilla Security is that in a cloud first world, individuals outside of security teams play a significant role in security and compliance. Business users are not trained in security but care just as much about protecting the applications and data they use on a day-to-day basis.
Securing this new perimeter requires regular collaboration between IT & security teams and the business users they serve. Processes such as periodic access reviews and security reviews engage the business and provide a strong foundation for this collaboration. Automation can make these processes simple so that only critical changes take valuable time from the business user.
Context is the new perimeter and securing this perimeter is everyone’s responsibility. Tools like Zilla can help.