Thinking sky-high in cloud security using AI (Guest blog from Exception)
Author: Mauricio Faoro, Cloud Engineer at Exception
Cybersecurity is a crucial aspect that should not be overlooked in the AI revolution. Together, they must be high on the agenda of Chief Information Security Officers (CISO), underlining the importance of delivering cybersecurity and best practices to protect data and applications hosted in the cloud.
AI offers significant potential to protect data and systems from cyber-attacks by preventing or reducing the costs and impacts of data breaches, maintaining regulatory compliance and mitigating evolving cyber threats.
Improve security posture with architectural guidelines
Unfortunately, there is no magic solution, and no single tool will defend all workloads of all cyber-attacks. However, there are some AI and machine learning powered services that can help improve security posture when combined with architectural guidelines such as the Zero Trust model.
AI-powered cloud security options include:
- AWS Guard Duty continuously monitors AWS accounts, instances, serverless and containers workloads, users, databases and storages for potential threats. They expose threats quickly using anomaly detection, Machine Learning (ML), behavioural modelling, and threat intelligence feeds from cloud providers and leading third parties.
- Amazon Detective simplifies investigation and helps security teams conduct faster and more effective investigations.
- Macie is a data security service that uses ML and pattern matching to discover and help protect sensitive data.
- Fraud Detector is a fully managed service using ML to enable customers to identify potentially fraudulent activities and catch more online fraud faster.
- CodeGuru Security is a static application security testing (SAST) tool that combines ML and automated reasoning to identify vulnerabilities in code, providing recommendation fixes
- Amazon Lookout for Metrics uses ML to detect and diagnose anomalies within business and operational data. It helps to reduce false positives, diagnose root causes and seamlessly integrate with databases and storage services
- DevOps Guru uses ML to detect abnormal operating patterns to identify operational issues before they impact customers
- SageMaker builds, deploys and trains enterprise’s own machine learning models.
Strength in numbers for a cyber-secure cloud environment
It is important to understand the division of responsibilities between cloud providers and customers when it comes to cloud security. AWS is responsible for securing the global infrastructure that runs its services, as well as the security of its own cloud services. This includes the security of hardware, software, networking and facilities.
AWS also offers security resources and tools to help its customers protect their data and applications. On the other hand, customers are responsible for making sure their cloud resources are secure. They also need to take measures to protect their data, including encrypting sensitive information both at rest and in transit. It is essential for customers to implement security controls for their applications, such as access control and input validation. Lastly, customers must monitor their cloud resources for any security threats and respond promptly to incidents.
AWS recommends that its customers adopt the Zero Trust model, which assumes that no user, device or workload can be inherently trusted. Instead, all access to resources is granted based on continuous verification of identity, risk assessment, and least privilege. However, moving towards Zero Trust should be done incrementally, with some level of flexibility to allow for innovation.
Conclusion – a securer cloud future using AI
Protecting applications and workloads from cyber-attacks is a never-ending challenge as new cyber-attacks emerge every day as new vulnerabilities are identified and exploited.
As cyber-attacks become more sophisticated, having a strong cybersecurity posture for your enterprise is critical. Cloud providers are offering a greater range of cloud services than ever that use AI and machine learning to help improve this posture.
Their list of services is constantly expanding, and we can expect AI to be integrated into more services in the future. By using AI, we can access a great number of services provided by cloud providers to help us defend against attacks.
However, it is equally crucial to remember the basics and follow security guidelines, in conjunction with the new tools and services. AI is here to assist us, directly or indirectly, in our fight against cyber-attacks.
techUK's Technology and Innovation newsletter
If you’d like to start receiving information about relevant events, news and initiatives via techUK’s monthly Tech Tracker Newsletter, please subscribe here and join the Technology and Innovation contact preference.
Cloud computing and the path to a more sustainable future
This techUK insights paper highlights the commitment of our members to a sustainable approach to cloud computing and sets out six core best practice principles for a greener future for the tech sector.