How AI can simplify cloud security management

Organizations are increasingly migrating their infrastructure to the cloud, with COVID-19 accelerating cloud adoption across various industries. Gartner predicts that by 2025, enterprises will spend more on cloud computing than on traditional IT.

Migrating to a cloud ecosystem has many benefits for organizations. However, this migration also increases security risks that cannot be addressed by traditional security mechanisms.

Let’s take a look at why security risks are increasing and how AI can help us overcome them.

1. Hasty migration leads to unintentional security gaps during deployment

Cloud adoption has accelerated across almost every industry since the pandemic. One of the key requirements that arose was the need to quickly support remote working options. Moving to cloud seemed like the natural choice for a requirement like this. However, the rush to get things operational resulted in weak configurations and insufficient security controls.

Traditional IT infrastructure has tested and proven security configurations. Cloud controls on the other hand are evolving as the technology evolves, and there is limited guidance on robust security controls.
AI can be leveraged to perform dynamic checks across the various moving parts to identify misconfigurations. It can also be used for vulnerability management and access management.

2. Cloud technologies increase the attack surface for threat actors

Although moving to the cloud gives organizations more flexibility as compared to traditional data centers, very few organizations use it for their entire infrastructure. Many organizations use a hybrid approach, distributing their workloads between cloud and on-premises or a multi-cloud approach that distributes workloads between multiple cloud service providers.

According to a Gartner survey, 81% of organizations use at least two cloud service providers. This means that multiple technologies work together to create a unified ecosystem. However, this very aspect also increases the attack surface available to threat actors. Additionally, extensive use of application programming interfaces (APIs) —a critical component of cloud services — contributes to the increased attack surface.

This larger attack surface directly amplifies the workload for cybersecurity professionals, especially as we are facing a global shortage of skilled cybersecurity professionals. AI is capable of processing large volumes of data in a short period of time and can therefore be leveraged to augment the analysis performed by cybersecurity professionals. The result is not only comprehensive coverage for an increased attack surface, but also an overall increase in the efficiency of security processes.

3. Cloud technologies are evolving rapidly, resulting in unknown security threats

Cloud computing has introduced new technologies, such as serverless, containers and microservices, which are not seen in traditional IT technologies. These technologies provide an advantage in terms of scalability, flexibility and cost. Like any new technology, however, they can also inadvertently introduce new vulnerabilities and/or weaknesses. Due to a lack of knowledge about these technologies and their vulnerabilities, it is difficult to protect against these threats through traditional security mechanisms.

AI is already being used to varying degrees for anomaly detection. However, it can truly display its potential in a cloud scenario. While supervised learning can be used to detect known threats, unsupervised learning can enable the detection of unknown threats, including potential zero-day attacks. It can also be used to learn the normal behavior of users and systems in order to create a baseline, which can be used to detect any deviations.

Embracing challenges in the multi-cloud universe

One of the key challenges faced by organizations adopting a multi-cloud environment is the shared responsibility conundrum — or who is responsible for what — between the cloud service provider and the cloud customer. Ensuring that this model is understood by the customer is of paramount importance for the adoption of a multi-cloud environment and will avoid any misunderstanding when in operation mode.

In the architecture depicted in figure 1, we can see that the security of the cloud is the responsibility of the cloud provider, whereas security in the cloud is the responsibility of the customer. Depending on the types of cloud service models — IaaS, PaaS, or SaaS — customers may have to introduce another level of protection for their applications and systems. They may also need to find different ways to protect each of their diverse cloud environments, as this is not uniform across CSPs. It is this very diversity that causes its complexity.

AI not only helps you detect threats faster and more efficiently, but can also help you respond to threats more quickly. AI can be used to determine potential remedial actions and present them to a human analyst. The actions performed by the human analyst can then be used as a training dataset to enable a machine to mimic human decision making and perform remedial actions when threats are identified.

Share this article

About the author

Harshvardhan Parmar

Global Head of Data Science, Managed Detection and Response (MDR), Atos

Harshvardhan currently heads the Data Science division for Managed Detection and Response (MDR) at Atos. His work involves establishing the vision, mission of using data science to detect advanced cybersecurity threats and overseeing the creation of various Artificial Intelligence (AI) models and algorithms used in AIsaac – Atos’s next-gen AI platform used for delivering MDR service.

Harshvardhan has been working in cybersecurity for 13 years, during which he has directly serviced large enterprises and Fortune 500 customers across US, Europe, and Asia Pacific. He currently holds 2 U.S. patents in AI & Cybersecurity. He is also a Certified Information Systems Auditor.