M&E Journal: Securing Cloud Workflows: Why Misconfiguration and Improper Design Matter
By Ted Harrington, Executive Partner, Independent Security Evaluators –
Content owners and their vendors face a burning problem: there is a compelling business case to migrate to cloud workflows, but there is uncertainty about the security implications of doing so. Do cloud workflows require security tradeoffs and if so, are they significant enough to delay or potentially even prevent adoption? How can these security concerns be best addressed?
In most cases, cloud workflows tend to be a security upgrade as compared to more traditional on-premises models; however, this is only valid when these workflows are designed and implemented properly. In order to do so, content owners and their vendors need to understand the most important security issues related to cloud workflows, and the three ways to address those issues.
‘Cloud’ does not automatically mean ‘secure’
Cloud certainly provides many benefits, including geographic distribution of data centers, massive financial investments in hardware upgrades on a very frequent basis, robust physical security and so on.
The security landing pages for the major cloud providers typically outline the many investments they make in security testing and compliance. These pages describe the ways in which they deliver a variety of security features, such as encryption, monitoring, audit trails and more.
However, robust security is not delivered automatically just by utilizing cloud. Instead, the workflow must build security into the deployment configuration, otherwise these benefits may be lost or undermined.
Workflows in M&E are not like other industries
The M&E industry is unique in that sensitive and valuable content assets are collaborated upon by multiple vendors in the production and post production phases. Most industries use some level of collaboration between stakeholders and vendors, but the extent of collaboration in M&E is quite high. Such collaboration requires a level of trust and access not typically seen in other industries, and these conditions of trust and access inherently increase the level of risk to the valuable assets about which the content owners care most.
Cloud security is a core business discipline
Security is a core business discipline, not just a technical one. Migration to the cloud entails an array of critical business decisions that impact business units and organizations across the enterprise, including the vendor ecosystem upon which the enterprise relies. This is drawn in sharp distinction to an outdated model whereby organizations formerly considered security as a purely technical issue, one that could be delegated outside the purview of executive leadership. Given that security is a core business discipline, the business must therefore consider security in not only its cloud strategy, but also its overall corporate strategy.
In order to effectively address each of these issues, content owners and their vendors can pursue a handful of effective security actions.
A threat model is an exercise through which an organization goes, in order to identify three primary components of security: assets the organization wishes to protect, adversaries the organization wishes to defend against, and the attack surfaces against which the adversaries will launch their malicious campaigns. The threat model thus becomes the basis of decision- making for the security mission, including how and why to invest resources, how to understand risk in the business context, and how to define success.
In contrast to a threat model – which outlines the relationship between the content owner and the adversary – a trust model defines the relationship between the content owner and the vendor. This includes why the organization trusts the entity, how trust is provisioned, and how trust is revoked. A trust model thereby empowers an organization to make sound security decisions about the high levels of trust and access that are required for industry collaboration.
Every content owner is unique, and every vendor is unique. Taken together, these conditions mean that all workflows between content owner and vendor are going to be unique. Therefore, while utilizing a set of guideline controls is always a good starting point, every workflow must be tailored to the unique needs and conditions of the relationship between content owner and vendor. Of paramount importance to that workflow tailoring is accounting for adjustments in threat models, trust models, and all security considerations that may result from the unique relationship between content owner and vendor.
Call to action
Organizations that want to implement secure cloud-based workflows must consistently assess and monitor cloud service settings for misconfigurations, and in so doing, take care to include a detailed trust and threat model as a part of planning and deployment. Wherever necessary, organizations must then tailor their workflows.
Now is the time to grasp the distinction between what the cloud providers deliver versus what the stakeholders must deliver in pursuit of a robust security posture. As an industry, we must recognize why the characteristics that make this industry unique also impact our approach to security; and we must treat security like the core business discipline that it is. If we can do these things, we can resolve much of the uncertainty around security implications of cloud workflows and arrive at a state where the many benefits that cloud delivers can be obtained.