Keeping cybersecurity simple in the cloud
By Elastic
Cloud holds the promise of flexibility and scalability. But how can governments tackle threats in the cloud? Elastic discusses.
“It really unleashes the potential in terms of innovation, time to market, costs, quality, [and] reliability,” he added. Governments worldwide are turning to cloud to save money, innovate faster, and be free from the hassle of maintaining in-house infrastructure.
But as with any technology, security is a concern. Elastic discusses how governments can tackle cloud security and tap into its vast potential.
Investment in cloud
The Singapore government earmarked over $870 million worth of contracts in 2020 to increase the number of systems on the cloud, to improve its services.
The redeveloped Inland Revenue Interactive Network, for instance, will be hosted on the government commercial cloud, which will provide valuable benefits such as enabling taxpayers to complete their tax obligations in a single sitting.
PUB, Singapore’s National Water Agency, will also host its smart water meter programme on the commercial cloud. The meters will allow the agency to monitor water usage remotely to identify potential leaks and help citizens track their consumption patterns.
Visibility over data in the cloud
As governments switch to the cloud, they must know where sensitive data lives. Storing data across multiple private and public cloud platforms can make it difficult for security teams to understand how the different platforms relate to each other or have visibility over who has access to what data.
Sensitive data should also be encrypted all the time - whether in transmission or in storage. Access controls, such as multi-factor authentication and privileged access management, should also be implemented to ensure only authorised users can access data.
Using a centrally deployed security information and event management (SIEM) solution will also enable organisations to bake security into every level, regardless of infrastructure changes.
For example, Elastic SIEM aggregates disparate sources of data, such as logs and metrics, to give a holistic view of an organisation’s environment. Analysts can visualise data in pie charts or graphs to easily spot anomalies - then use Elasticsearch to effortlessly search across multiple platforms and locate that specific dataset.
Organisations that have taken this approach include The Communications-Electronics Research, Development and Engineering Center / Army Research Laboratory, a cyber defense entity within the US Department of Defense. The government agency has used Elastic Cloud Enterprise to enhance anomaly detection and threat hunting.
Rapid detection and response
According to Aqua Security's 2020 Cloud Native Threat Report, attacks against cloud systems jumped by 250 per cent from the previous year.
With a surge in cyber attacks and constantly-evolving attack techniques, organisations should automate responses to common types of attacks. That would free up analysts to identify the root cause of a breach or understand new attack vectors.
To address this challenge, Elastic Security is embedded with prebuilt rules and out-of-the-box machine learning capabilities to detect anomalies and advanced threats. Analysts can carry out automated case management actions to quickly gather information and decide on the appropriate responses.
Upskill your workers
Humans are often the weakest link in an organisation’s cyber defence. As the uptake of cloud accelerates, agencies must carry out cloud training programmes to educate employees on cyber best practices.
To this end, Singapore is training 30,000 civil servants on using data within Apex, a self-service API platform underpinned by the government's cloud-based data architecture.
With the right security tools and employee training, cloud security can be kept simple. Governments can then easily leverage the potential of cloud to enhance citizen experiences.