What is it: Agentless architecture refers to platforms and services that are built to run as cloud-native applications. They require no installation, patching, or other forms of long term upkeep on the part of a user.
Why it matters: Agentless applications, especially agentless security applications have a lower total cost of ownership (TCO), in terms of man-hours saved in deployment, maintenance, and overhead. Agentless applications are also ideal for deploying as cloud security solutions because they are cloud-native, meaning that they're built to connect with cloud environments over API, making it easy to deploy them in any cloud service or setting. Learn more about why agentless security applications matter for cloud security.
What is it: API security refers to the practice of protecting the APIs actively used by your organization, so that they're not abused to run applications or access data without your approval.
Why it matters: API based attacks have seen a 400% increase from 2022 to 2023. Additionally, exposed API keys within repositories or even outside CI/CD and within SaaS apps, are leading to sensitive data being exfiltrated from data stores like S3. Learn why API security is an essential part of cloud security.
What is it: One of the most fundamental cybersecurity concepts is the attack surface, which is a way to assess all of the attack vectors a threat actor can leverage to access and compromise critical systems and exfiltrate data.
Why it matters: There are a multitude of different ways for you to conceive of your attack surface, many of which are context dependent. Read our overview of the different types of attack surfaces and why they matter.
Cloud Attack Surface
What is it: The concept of a cloud attack surface refers to attack surfaces that are relevant for securing cloud systems. Because cloud environments tend to be parameterless and the hardware is managed by a provider, securing cloud systems tends to come down to:
- Configuration settings for the cloud environment: i.e. S3 Bucket Policies, Google Drive user groups, etc.
- User credentials and identities: This includes passwords as well as scoping appropriate permissions for a user given their role
- Data itself: A lot of cloud security involves managing the movement and storage of data to ensure it isn't sent or stored in the wrong place
Why it matters: Cloud attack surfaces are somewhat distinct from other attack surfaces for the reasons listed above, and so cloud security revolves around a unique set of concerns. Learn more about cloud attack surfaces and why they matter.
Data as an Attack Surface
What is it: In the cloud a lot of attention has been given to protecting identities because hijacking identities is one clear why threat actors can infiltrate environments. However data, especially when it's stored in the wrong place, can increase the damage threat actors can do within cloud systems.
Why it matters: We've seen an increase in breaches where a threat actor is able to access customer data, passwords, or API keys with ease because these were carelessly laying around. Incidents like these highlight the need to ensure employees are not inappropriately sharing sensitive customer or system data in the course of carrying out their work. To this end, managing data as its own attack surface is critical.
Bring Your Own Device (BYOD)
What is it: BYOD stands for bring your own device, which refers to a technology deployment model where employees supply the devices used in the course of their work.
Why it matters: With remote and hybrid work taking place, security considerations are increasingly revolving around BYOD, whether or not it's actually approved. Learn how to think about cloud security from a BYOD lens.
Cloud Access Security Broker (CASB)
What is it: CASB, which stands for Cloud Access Security Broker refers to a security technology that is designed to manage employee access. Many CASBs do more than this, as they provide "add-on" functionality for features like endpoint security, web firewalls, and data loss prevention.
Why it matters: CASBs are seen as the defacto or go to cloud data security solution, however it's critical to understand given their deployment methods there are large limitations to what they can and cannot do effectively. For example, cloud data protection and content inspection of sensitive data going to the cloud is not something CASBs can do with high accuracy or without first decrypting all cloud-bound traffic. This can introduce headaches without providing many advantages. Learn more about CASBs and whether they will work for you here.
Cloud Security Posture Management (CSPM)
What is it: CSPM, which stands for Cloud Security Posture Management refers to a class of security services that automate the detection and remediation of cloud mispermissions, like internet-facing S3 Buckets containing sensitive data or unencrypted databases being accessible by the wrong users.
Why it matters: CSPM maybe be part of an important toolkit for managing your cloud attack surface. Learn more about CSPM here.
What is it: Content inspection refers to the ability to scan the contents of messages and files to ensure that sensitive data does not end up sent or stored in an inappropriate location.
Why it matters: With cloud data security revolving around managing your data attack surface, the ability to accurately inspect content, understand its context, and evaluate if it's safe to be sent or stored in a specific location is critical. Learn more about why content inspection is so important for cloud security.
What is it: Cryptojacking refers to the act of stealing compute (generally cloud compute) in order to mine cryptocurrency.
Why it matters: Despite 2022 and 2023 being slow for cryptocurrency, cryptojacking activity has not abated. Threat actors generally infiltrate cloud environments like AWS using API keys or stolen credentials in order to mine cryptocurrency on someone else dime. Learn more about crypotjacking here.
What is it: Cyber hygiene refers to the maintenance of the data stored in your cloud environments as well as any user permissions that would make this data available to any unauthorized parties. Cyber hygiene is enabled through policies that inform how to handle sensitive data, as well as user education and tools that can enforce policy.
Why it matters: Cyber hygiene is essential for keeping cloud systems secure and maintaining compliance with PCI, HIPAA and other industry standards. Learn more about cyber hygiene and how to enable it here.
What is it: Cybersecurity playbooks (or just security playbooks) are the documentation used by security practitioners to address specific aspects of a security program, like security policies and incident response.
Why it matters: Playbooks enable transparency as well as organization-wide collaboration. They ensure that regardless of the situation your org finds itself in, there is a plan in place. Read our Security Playbook for Remote-first Organizations for a detailed look at how to build out a security playbook.
Cloud Data Loss Prevention (Cloud DLP)
What is it: Cloud data loss prevention refers to a cloud-native data protection solution that can integrate with cloud applications in seconds via API in order to scan data in transit and at rest within the cloud. Nightfall is an example of such a service.
Why it matters: Cloud DLP is distinct from endpoint or network DLP because it has perfect visibility at the cloud layer with the ability to remediate within the specific cloud environments it's deployed in. Neither endpoint nor network DLP can do this because they do not have APIs connecting them to cloud services. Additionally, since cloud DLP runs remotely, leveraging processes like machine learning to enhance the accuracy of content inspection is possible. This leads to Cloud DLP being more accurate than endpoint or network layer DLP for organizations trying to secure cloud applications. Learn more about the advantages of Cloud DLP here.
Continuous Integration/Continuous Delivery (CI/CD)
What is it: CI/CD stands for Continuous Integration and Continuous Delivery, a software development practice that emphasizes regular integration of code changes and automated testing to ensure faster and more reliable software releases.
Why it matters: Implementing CI/CD in the context of cloud data security helps organizations identify and remediate vulnerabilities and misconfigurations in the development pipeline. Managing CI/CD, however, requires putting in the right processes. Learn more about CI/CD security here.
Continuous Security & Compliance
What is it: Continuous Security & Compliance refers to the ongoing process of monitoring, assessing, and improving an organization's security posture and adherence to regulatory standards across its IT infrastructure, including cloud environments. Continuous security is enabled through technologies like Cloud DLP.
Why it matters: In the context of cloud data security, Continuous Security & Compliance is essential for detecting and remediating data exposure incidents, mispermissioned accounts, and other things that can elevate the risk of system intrusion and data exfiltration. By adopting a continuous approach, organizations can proactively address security risks, minimize the potential for data breaches, and demonstrate compliance to regulators and stakeholders. Learn more about Continuous Security & Compliance and its importance for cloud security here.
Data Security Posture Management
What is it: Data Security Posture Management (DSPM) refers to the process of continuously monitoring, assessing, and improving an organization's data security stance across its cloud environments.
Why it matters: With the growing reliance on cloud-based services, maintaining a strong data security posture is essential for minimizing the risk of breaches and ensuring regulatory compliance. DSPM helps organizations identify and mitigate potential vulnerabilities, detect and respond to threats, and maintain overall data security in the cloud. Learn more about the importance of DSPM here.
What is it: Microservices refers to a software architecture approach where an application is structured as a collection of loosely coupled, independently deployable services.
Why it matters: Microservices can impact cloud data security as they enable faster development cycles, easier scaling, and improved fault isolation. However, they can also introduce new security challenges, such as increased attack surface and the need for robust access control between services. Understanding microservices and their security implications is crucial for maintaining cloud data security. Learn more about microservices and their impact on cloud security here.
What is it: The OSI Model, or Open Systems Interconnection model, is a conceptual framework that standardizes the functions of a communication system or network into seven distinct layers.
Why it matters: A thorough grasp of the OSI Model is vital for implementing effective security measures and monitoring network traffic. Learn more about the OSI Model and its significance in cloud security here.
What is it: Privilege escalation refers to the exploitation of a vulnerability or misconfiguration in a system that allows an attacker to gain unauthorized access to higher levels of permissions or privileges.
Why it matters: In the context of cloud security, privilege escalation can lead to unauthorized access to sensitive data, allowing attackers to compromise, modify, or exfiltrate information. Central to protecting against cloud privilege escalation is both zero trust identity and zero trust data security. Learn more about cloud privilege escalation here.
What is it: Regex, short for regular expression, is a sequence of characters that defines a search pattern, which can be used to match, locate, and manage text.
Why it matters: Regex is often used to conduct content inspection in cloud environments to find sensitive data patterns, validate user input, and implement content filtering rules. Regex, however is highly limited when compared to the capabilities of AI-enabled Cloud DLP which can use machine learning to increase the accuracy of contextually relevant findings and automate remediation. Learn more about the differences between regex and AI here.
What is it: Secrets scanning is the process of detecting sensitive information, such as API keys, passwords, and tokens, within code repositories and other locations like SaaS applications.
Why it matters: Unintentionally exposing sensitive information in code repositories or data storage can lead to security breaches and unauthorized access to cloud environments. Implementing secrets scanning helps organizations to identify and remediate exposed secrets, thereby enhancing cloud data security. Learn more about secrets scanning and its importance for cloud security here.
What is it: Shared responsibility refers to the concept that cloud security is a joint effort between the cloud service provider and the customer, with each party responsible for specific aspects of security and compliance.
Why it matters: Understanding the shared responsibility model is crucial for organizations to effectively manage their cloud security. Failing to address customer responsibilities can lead to data breaches, regulatory non-compliance, and other security risks. By recognizing the roles of both the cloud provider and the customer, organizations can implement a comprehensive security strategy to protect their cloud data. Learn more about the shared responsibility model and its significance in cloud security here.
Security information and event management (SIEM)
What is it: SIEM, which stands for Security Information and Event Management, is a set of tools and processes used to collect, analyze, and manage security events and logs from various sources in real time.
Why it matters: SIEMs play a critical role in cloud data security by providing organizations with visibility into their security posture, enabling them to detect and respond to potential threats more effectively. By integrating SIEM with cloud environments, organizations can gain insights into security events, facilitate incident response, and maintain compliance. Learn more about SIEMs and their impact on cloud data security here.
Supply chain attack
What is it: Supply chain attacks refer to security incidents that impact thrid-party service providers or software dependencies that your organization relies on. Supply chain attacks, like 2022's Heroku/Travis CI token theft can allow threat actors to enter your environment without being detected.
Why it matters: Supply chain attacks are part of a concerning growing trend over the last five years. By some estimates, supply chain attacks have increased by over 700% since 2020. Because supply chain attacks can bypass security detection tools, they are highlighting the need for organizations to adopt zero trust data security to ensure that when threat actors enter an environment they can't find API keys, credentials, or customer data that can escalate the incident.
What is it: Zero trust (ZT) refers to an approach to security that assumes all networks, systems, and users are “untrustworthy” by default. Because Zero trust can be applied across multiple layers of security (to devices, users, networks, etc.) Zero trust is better thought as a set of principles or related processes. Central to all forms of zero trust is the notion of "continuous security," that is using automation to consistently evaluate your security posture.
With regard to cloud security there are two important types of zero trust security:
- Zero trust identity: This typically involves using an identity provider to manage user accounts, verify that they only have access to the resources they need (and nothing else) and automatically deprovisioning them when they no longer need access to resources.
- Zero trust data security: Zero trust data security continuously scans cloud environments for data security policy violations that would lead to being out of compliance or to data exposure incidents. Nightfall is a zero trust data security solution.
Why it matters: Implementing a Zero Trust approach can significantly enhance cloud data security by reducing the attack surface, preventing unauthorized access, and mitigating the risk of data breaches. By adopting Zero Trust principles, organizations can create a more robust security posture that protects their cloud data and applications. Learn more about Zero Trust and its importance for cloud security here.