Traditionally, managing risk for on-premise environments was done by putting sensitive information behind firewalls to protect and minimize risk of intrusion and data exfiltration. But today, nearly all organizations are moving towards a Hybrid Cloud. The Marriott data breach revealed in February 2020 leveraged legitimate insider credentials. The detection was more than a month after the breach occurred. However, malicious activities can happen accidentally by setting up the VMs and AWS resources to allow public access to any IP. According to Gartner, "through 2025, 99% of cloud security failures will be the customer's fault." Due to the shared responsibility model, most cloud providers require for use organizations can potentially increase the attack surface if not planning for security, compliance and risk mitigation as key pillars of migration and hybrid use.
While the cloud providers have evolved their toolsets, but still fall short of organizing all the requisite information to detect anomaly and threats. Organizations are simultaneously attempting to use traditional, on-premise tools like SIEM, IAM, and CASB that also fall short of security and compliance objectives because there is no business context that filters past high-risk, low value alters. Not all risk is equal. There are numerous where traditional tools are incapable of injecting business logic, so high-value targets (resources and data with business and compliance relevance) are never prioritized.
Data visualization has increasingly become a necessity of deciphering through complex relationships between a vast network and numerous access possibilities. Each cloud provider, with the intent of flexibility, has enabled numerous methods of securing resources. Accounts, Groups, Policies, Roles, and more recently, Active Directory accounts and groups are managed in silos. They typically require heavy scripting to gain visibility into who and what has access to your VMs, EC2, S3, Serverless and Container resources.