The Kloudless Guide to Cloud Security David Hallinan Published: April 6, 2020 Introduction to Cloud SecurityAuthentication and Administrator Access: User Impersonation, Identity Access Management (IAM), Privileged Access Management (PAM), and Identity Governance.Activity Monitoring: User and Entity Behavior Analytics (UBA, UEBA), Threat Detection, Security Analytics, Threat IntelligenceUnified CRUD Routes: Detection and Remediation, Cloud Access Security Brokers (CASB), EDiscovery, Data Loss Prevention (DLP) SaaS Application Integration: Network Security, Endpoint SecurityEmpowering Your Cloud Security Software Engineering TeamEmpowering Your Cloud Security Software Product TeamFinal Words1. Introduction to Cloud SecurityAPI integrations do not have an industry that they offer the most specific value to. They are invaluable for applications that are focused on everything from file sharing to scheduling and availability. Cloud services, and especially SaaS applications, are not a single monolith that dictates a certain workflow or specified industry — they are the backbone of the modern web application.However, a certain type of application requires a certain type of cloud service. Apps that need the functionality to allow users to book an appointment are required to have the functionality of a cloud calendar service. Apps that need to allow users to upload their personal files to a shared repository are required to have cloud storage services in their repertoire. Apps that monitor the vast amount of information in a company’s CRM databases need — you guessed it — cloud CRM integrations.But, that’s not to say that there aren’t a few applications that need as many integrations as possible, no matter the category they may fall under. One such type of application that requires as many cloud service integrations as they can amass, is the modern data security application. Be that data security solution a Cloud Access Security Broker or an E-Discovery app, it needs the ability to connect to as many integrations as possible to properly monitor and secure the users’ data that it protects. A CASB can’t properly do its job of protecting a user’s data if it doesn’t connect to the service that the user stores their files in. As application usage continues to grow, data security solutions are tasked with the increasingly difficult job of providing full application security coverage for businesses. Businesses of all sizes are expanding their use of long-tail and custom apps, and simply building the integrations necessary to protect their customers can derail the product roadmap of a modern security solution.Security solutions, from small to Enterprise-level, require access to and data from the applications their customers need. Security use cases, such as CASB, DLP, and E-Discovery, need full activity monitoring and remediation functionality to keep their customers’ data safe.In this guide, we will explore all verticals of modern security software to help your organization take a calculated and well-thought-out approach to all things Cloud Security.2. Authentication and Administrator AccessA major component of security software is the ability to track users and their behavior. Whether it be user impersonation, identity access management, privileged access management, or identity governance, being able to stay on top of users and their activity/permissions is a primary concern for modern security software. From the initial authorization of users to the delegation of organization administrators, close attention must be paid to the comings and goings of users and their data in order to properly protect from bad-faith actors looking to act maliciously. The first step in protecting user data is a secure method of authentication. OAuth 2.0 should be implemented whenever possible, keeping with the latest in authentication standards. To learn more about how Kloudless can assist in your security software’s authentication needs, please head over and read up on our Kloudless Authenticator Library.Identity access management (IAM) is the process of defining and managing the roles and access privileges of network users. The criteria laid out for these roles and access governs whether individual users or groups are granted, or denied, said privileges. Identity management systems are implemented into many popular services, such as Microsoft SharePoint and Office365.Yassir Abousselham, senior vice president and chief security officer for Okta, explains the goal of identity access management as “granting access of the right enterprise assets to the right users in the right context, from a user’s system onboarding to permission authorizations to the offboarding of that user as needed in a timely fashion.” Data security software relies on strict governance of user privileges to control access to critical data inside of an organization, and therefore, must be equipped to monitor and enact these rules for a wide range of cloud software services. Authentication, authorization, roles, and delegation all play a huge role in safeguarding data from malicious intent. Security software must be thorough and comprehensive when implementing protocols to protect the information of their users’ organizations.This job is, however, scaled exponentially when posed with the task of integrating with multiple cloud services — let alone dozens. The prevalence of SaaS app integrations has led to a need for security software to plan out their authentication and administration access strategy early and thoroughly.3. Activity MonitoringHackers pose a very real threat to modern enterprise businesses. Firewalls can be broken into or legitimate credentials that can be procured that allow hackers to incur significant damage. Emails or messages with malicious attachments disguised as innocuous can result in data breaches or millions of dollars in lost capital. As a result, IT security software must take comprehensive measures to ensure that an organization can detect users and other entities that look to compromise the systems that they try to infiltrate.User and entity behavior analytics (UEBA) is one such means of ensuring that an organization is protected. UEBA is a type of cybersecurity process that analyzes the normal conduct of users to detect behavior that deviates from the standard operating procedures of these users. For example, a user that downloads a very small amount of files regularly suddenly switching to downloading vast amounts of data would trigger the system to alert an organization of this irregularity. UEBA does this by using a combination of machine learning, algorithms, and statistical analysis to detect these deviations in behavior.UEBA is not only for end-users, though. A large number of the behaviors that UEBA tracks are insider threats, ranging from employees that have been compromised to users with access to a system that may be planning to carry out targeted attacks on servers, applications, or more.A very large part of UEBA is the ability to trigger event notification when something out of the ordinary occurs, and this is often carried out by a vast array of real-time event monitoring hooks to report events that may seem out of the ordinary. Threat intelligence and threat detection ensure peace of mind for data centers that very well may mean the difference between an organization succeeding or failing due to compromisation.Tools such as Amazon’s EventBridge can provide invaluable functionality for nearly every vertical in cloud security software. Kloudless provides EventBridge functionality for customers that use AWS, and can help to aid in a variety of use cases:Data Sync and CollaborationBusiness users store data in a wide range of locations, including cloud storage, CRM applications, calendar tools, or even within chat applications. This means that integrating with a user’s existing SaaS apps is a fundamental requirement for any business app. Apps can prompt users to pull in any data from their existing software services via the Kloudless Unified API, and can then keep it in sync by listening for activity Kloudless publishes to Amazon EventBridge. When Kloudless publishes a new event to an app in AWS, the app can make further API requests to Kloudless to perform actions like downloading an updated file, updating a CRM record, or refreshing knowledge of a calendar event.UEBA, CASB, DLP, and eDiscoveryData security solutions are tasked with monitoring changes that occur in a customer’s tenant. Those changes may be a new or updated file, a user being added to a group, changes to collaboration settings that result from a file being shared externally, or even several login failures to a particular user account from a certain IP address. Kloudless Activity Monitoring enables security solutions such as for UEBA, CASB, DLP, and eDiscovery, by providing audit log level detail in a consistent and uniform manner via Amazon EventBridge. Kloudless monitors org-wide activity in connected cloud accounts using admin credentials regardless of whether the cloud service requires polling, listening to webhooks, crawling for data, or custom protocols. Once an application using Kloudless is aware of a change via EventBridge, it can take action using Kloudless’ Unified APIs to access, modify, or delete files and objects, collaboration settings, or user and group data.Real-time event monitoring is invaluable for threat detection and can mean the difference between catching threats as they occur or allowing them to wreak havoc before they can be safely remediated.4. Unified CRUD RoutesCRUD, which stands for Create, Read, Update, and Delete, refers to routes inside of an API that corresponds to each respective verb. RESTful APIs are built with a set of each of these verbs for every object in the database. For example, in an application where users upload photos, both the User and Photo objects will have their own set of these routes to find, create, update or delete these instances from the database. Based on a system of unique identifiers, RESTful APIs are by far the most common architecture of application programming interfaces these days.Security software that needs to detect and remediate threats, like a CASB, relies on the ability to use these routes in order to properly monitor and take action against threats. In a typical scenario, a single API will offer dozens to hundreds of routes to fully interact with all of the objects in their database. A single integration requires developers to write code for accessing each of these routes, resulting in up to thousands of lines of code and hundreds of hours of development time.Joe Mulenex, Director of Solution Consulting for Exterro, defines E-Discovery as “the search for facts or truth about given litigation, performed in the arena of electronically stored obligations.” Essentially, it is the procedure of preserving, collecting, reviewing, and exchanging information electronically for the purpose of using it as evidence in legal cases. This data may come in the form of emails or documents or maybe in the form of more modern electronic formats, such as social media or instant messaging logs. In the modern legal process, these types of documents and data represent the majority of correspondence relevant to an investigation. As a result, E-Discovery software is tasked with assisting legal proceedings or litigation by searching through millions of documents. This process is governed by a framework called the Electronic Discovery Reference Model (EDRM), although recent leaps in technology have consolidated the steps of EDRM into single software systems, such as Exterro.These single software systems for E-Discovery are responsible for every step of the process, from information governance to data preservation, data collection, and document review. The most time consuming of these processes is the data collection itself, which consists of combing through virtually every form of electronic data. This data might be “active,” meaning the documents are stored locally or through a network drive. However, considerably more of the data that must be collected by E-Discovery software is stored on cloud servers. As a result, E-Discovery technology solutions need to have a wide-range of API integrations with the most popular cloud services.Once integrated with a wide range of cloud services, security software must be able to remediate and take action against the threats they encounter. Unified CRUD routes allow for every possible step in the process.5. SaaS Application IntegrationProtecting data from malicious intent is of paramount importance to security software. Just as hackers have evolved their techniques to threaten our data, so has the means of protection put in place to safeguard from attack. The primary means of keeping malevolent forces from intercepting or penetrating the systems in place that our computers or servers connect with is referred to as network security. Network security is further aided by a concept of analyzing the devices on a network, known as endpoint security.Network security is the implementation of prevention and protection methods against unauthorized actors in a corporate network. This is generally accomplished with both physical and software measures to ensure that computers, users, and programs within a platform are safeguarded from unauthorized access, misuse, or in the most extreme cases, destruction. Network security is primarily in place to keep unauthorized people or programs from accessing networks and the devices connected to them.Endpoint security, while related to network security, is a smaller subsection of the overall protection within a network. The traditional definition of endpoint security is the protection of individual devices that connect to a network. This refers to the computers, servers, mobile phones, tablets, and other devices that all make up the “endpoints” of a network.Nowadays, we find our daily lives and workflows powered by more than simply the standard hardware of the past like laptops and smartphones. IoT devices and wearables are constantly connected to the same networks that the aforementioned devices are, and our data no longer exists strictly on our personal computers. The proliferation of cloud-based services and their integration into popular software and operating systems has led to a new frontier of “endpoints” that must be monitored as much, if not more than just the devices we connect to a network with.6. Empowering Your Cloud Security Software Engineering TeamKloudless was built to help security software applications connect with the API integrations they need to thrive. While connectivity is the top priority for software companies in need of cloud service integrations, the implementation and maintenance of said integrations often resemble the engineering equivalent of “pushing a boulder up a hill.” Building a single API connection can take months of development time, and once that job is finished, the inevitable maintenance that follows will require more dev time — an already scarce commodity for most engineering teams.Dev teams spend months to years of their time toiling over building, testing, and finally, deploying these integrations to the security codebases they work for.So, when choosing the right solution for your security product’s SaaS integrations, remember that time should be the most important factor in your decision making. Specifically, implementation time, maintenance time, and updating time. Here at Kloudless, we build software with engineering teams in mind. We aim to take as much of the SaaS integration building, maintenance, and operations off your engineering team’s plate. Because the faster a development team can build SaaS integrations into your application, the faster they can get back to building your security solution’s core functionality. Your development team is smart, focused, and capable of building the necessary functionality that your security solution needs to succeed. By keeping them busy dealing with the headache of building and maintaining API integrations, you are reducing the time that they could be working towards the core functionality of your product.7. Empowering Your Cloud Security Software Product TeamKloudless was built to empower the modern security software solution. From network to SaaS security, software providers are taking advantage of Kloudless’ unrivaled connectivity and detection and remediation tools to protect the data of their customers.Kloudless helps Cloud Security software deliver all the integrations that their customers ask for without building and maintaining each one individually. This greatly reduces time-to-market, engineering costs, and the risk of APIs changing in the future. Using our Unified APIs, Cloud Security software companies can code once and integrate many applications at once.Kloudless provides solutions that are designed for Cloud Security software use cases:Activity monitoring – Real-time event notifications via webhooks for user activity (like creating, modifying, or deleting resources) and Audit Events for all users in an organization.Remediation – Access/modify/delete files, folders, and objects with an extensive network of Unified CRUD routes.White-labeled user experience – We built Kloudless to be embedded in your product, so your customers won’t even know we’re there.Self-hosted, on-premises – Run Kloudless privately as Docker containers, OVAs, or AMIs to meet performance and compliance requirements.Engineering teams at security software providers benefit from a decrease in upkeep and maintenance for the API integrations their applications support, as well as unified data models and routes that make implementation quick and painless. However, the products that these engineers work on are also recipients of a high level of product and competitive advantage. The level of connectivity that Kloudless provides is exactly what their customers need to properly protect data and preserve their peace of mind. Kloudless is the product differentiator that security software companies need to stay ahead of the competition.8. Final WordsCloud Security software in 2020 must realize that, above all, that connectivity is paramount. The modern workflow of the users these platforms and vendors protect are increasingly storing and transferring their data across a multitude of 3rd-party cloud-based applications.Integration with these cloud-based applications has become a necessity. It is no easy task to expect an engineering team to build integrations with dozens to hundreds of these apps, let alone maintain the upkeep of these connections.Unified APIs provide a one-stop-shop to quickly add hundreds of integrations to cloud services across multiple categories without the headache of learning the intricacies of each service.To learn more about how Kloudless can help your cloud security software, please send us an email to email@example.com, or read more on our dedicated security solutions page.