Trevin Edgeworth, Red Team Practice Director at Bishop Fox, discusses why investments in Red Teams are essential for organisations to secure cloud migration.
Companies across all industries are looking to cloud migration to unlock potential. Still, it can also open and expose a host of technology and business vulnerabilities that attackers are only too happy to exploit. With new systems to integrate, new vendors to trust and new solutions for staff to understand, an organisational threat surface can grow exponentially with a migration to the cloud.
It’s no secret that cloud migration also is a mammoth task. It takes a considerable amount of financial investment and human resources. The amount of stakeholders and financial interests creates a dynamic environment that lends itself to chaos, which is perhaps why more than 80% of migrations fail to deliver on time and go over budget.
This can be devastating for any business if the future of its operations gets stuck in limbo. While unpreparedness or mismanagement might only lead to nuisance delays toward full migration, a data breach could shatter the trust between a business and its customers. Suddenly, your cloud investment is all for nothing or worse.
Historically, much of cloud security was following ‘best practices’ regarding controls and defensive technology based on previous incidents and threat intelligence. However, organisations are becoming increasingly proactive by employing Red Teams as part of an ‘offensive security’ strategy. It puts businesses one step ahead of attackers by identifying gaps within their security posture before attackers even know they exist.
What is offensive security?
Offensive security is a significant step beyond a traditional, reactive approach to network defence. Instead, it goes on the attack to proactively hunt for security weaknesses that could be leveraged in an actual breach scenario. In essence, offensive security addresses prevention instead of the cure because rather than using tools that identify breaches after the event, it interrogates the attack surface to test for flaws so that gaps in your environment can be discovered, remediated and, most importantly, learned from.
A cornerstone of Offensive Security programs, Red Teams are teams of experienced, expert security consultants trained in the latest attacker Tactics, Techniques and Procedures (TTPs), and these are the people that will be interrogating your attack surface via the same approaches as real adversaries.
The benefit of using Red Teams is that this insider knowledge of attackers’ favoured tricks allows for the most accurate, real-world emulation of attacks on your network, with none of the negative consequences of a real breach.
Additionally, attackers only expose weaknesses and gaps in security posture along the path to compromise. While these teams expose weakness, they also can provide value in a comprehensive accounting of all actions attempted and where an organisation’s controls were effective and resisted compromise.
You might think that this sounds like your current penetration testing operation, but it’s essential to recognise the difference. Point-in-time pen testing typically focuses on one specific technology or part of your attack surface. If delivered irregularly at various points throughout the year, the view of your risk posture will only be as good as the narrow scope of its focus and when the last test was conducted. This view will quickly become outdated and won’t progress in line with your business’ cloud evolution.
Red Teams take an objective-based approach; they have a goal, and to achieve it, depending on the scope of engagement, they can thoroughly explore and interrogate any part of your attack surface and multiple scenarios – from network to physical and social/human-based paths. This investigation will also be done continuously throughout the year so businesses more frequently have an up-to-date assessment of their security posture that is alive to environmental changes.
Why Red Teams are essential for a secure cloud migration
A 2023 survey from Ponemon found that migration to the cloud influenced 41% of businesses to adopt offensive security testing. Moreover, of all companies surveyed, 64% said they are employing Red Teams in their offensive security operation, and 56% said they plan to increase investments in Red Teams in the next two to two years.
Employing Red Teams during cloud migration is gaining popularity because it brings experts to assess a business’ security posture at every step. Any uncertainty regarding a new cloud solution and its impact on your attack surface can be addressed at each transition stage. It gives businesses a comprehensive, continuous view of their new cloud environment so that they understand why a breach could happen through the lens of an attacker, putting them in the best stead to mitigate risk entirely.
The new environment might also change some of the fundamental elements of business processes. This behaviour change could lead to uncertainty around security best practices in the virtual environment – especially given that over half of Boardrooms still don’t understand the shared responsibility model, according to a Gigamon report – which results in risk. Attackers know that the window of opportunity is not only technical and will consider social engineering attacks that take advantage of employees learning to navigate the cloud.
Social engineering attack emulation is an element not to be overlooked in Red Teaming. If integrated as part of the overall Red Team engagement, testers can go beyond a standard phishing awareness exercise with the objective-based approach of leveraging the human aspects of your attack surface to perform a successful breach. If successful, the insights on how your cloud environment affects your employees’ behaviour will be invaluable to building adequate security training to defend against real-world threats.
There is then value in continuing Red Teams operations after the cloud migration is complete. You might choose to expand your solution and can iteratively evaluate your cybersecurity posture on an ongoing basis as your cloud estate evolves. Furthermore, constant updates will require expert opinion. Expert involvement will ensure that the security controls in place to protect your environment are doing so effectively, evaluating environmental changes through the eyes of an adversary that intends to break it.
Cloud migration is often the dawn of an exciting new era for businesses. However, it presents a risk that might destabilise operations and customer trust. Being proactive to these threats is essential to safeguard a migration to the cloud. Using Red Teams as part of an offensive approach to cybersecurity will put a business’ best foot forward against attackers and safeguard its cloud investments for the future.
