ARTICLES

Addressing the Impact of Cloud Security Change

As one of the most technologically advanced regions in the world, Singapore has seen its fair share of cyber crime. According to the Singapore Threat Report[1], 96% of Singapore-based companies have experienced a breach and 92% say they’ve seen an increase in attack volume over the previous year. As such, Singapore’s government announced earlier this year (2020) that they will allocate $1 billion in funding over the next three years to improve its cyber and data security. In the U.S., this budget commitment would signal a dedication to public sector cyber security only. In Singapore, though, many companies are partially government-owned and thus the positive consequences of this funding are likely to trickle out.

Singapore has also shown a strong commitment to cyber security through the establishment of the Cyber Security Agency (CSA), the Personal Data Protection Commission (PDPC), the Maritime Cybersecurity Operations Center (MCOC), and various regulations such as the 2018 Cybersecurity Act, the Computer Misuse Act, and the Personal Data Protection Act.

This being said, while the government and private companies in the region have been anxious to adopt new technologies—Singapore leads the world in its smart city initiative—they have shown caution about the use of cloud. In other areas of the world we hear “cloud-first” on the daily, and companies are using cloud to spur growth, innovation, and expediency. In contrast, the reluctance to adopt cloud in Singapore has been prohibitive to security advancement and intelligence gathering, causing some companies to lag in their cyber defense strategies and fail to train local talent on the most up-to-date tools and techniques.

Shaping the future of cloud in Singapore

Two security experts and innovators saw an opportunity to shape the future of cloud security in Singapore. Paul Hadjy and Lee Sult had spent time working in APAC and knew the security climate well. Six years ago, while both were working at Palantir, Sult as a security engineer and Hadjy as a deployment specialist, the two decided to start a security company based in Singapore to help build a community and promote the secure adoption and use of cloud.

Today, their startup, Horangi, offers penetration testing, security awareness training, and vCISO services, as well as a Cloud Security Posture Management product called Warden. Why the eclectic mix? “Companies here need even more training than they do in the US,” said Hadjy, “so the services part of our business allows us to build awareness and skills, which then develops greater interest in things like cloud adoption and security.”

Continuous cloud assessments

We spent the bulk of our time together talking about Warden, Horangi’s automated platform for continuous cloud visibility, monitoring, and policy enforcement. Deployed in one click as SaaS and available on the AWS marketplace, Warden scans for all the usual risky suspects: misconfigurations, overly-permissive access controls, dormant admin accounts, exposed S3 or ElasticSearch buckets, and missing or weak encryption. Scan findings are fed into the dashboard where admins can see every active entity in the environment, its associated risk score based on identified vulnerabilities, and how the risk maps to compliance. Alerts summarizing findings and prioritizing remediation efforts can also be automatically forwarded to admins via channel integrations into existing workflows on Slack, JIRA, Github, and more.

Inside the dashboard, users can click into each finding to see greater details along with step-by-step remediation recommendations. At present, remediation must be done manually, but the short-term roadmap includes 1-click remediation.

Warden ensures that companies’ cloud configurations are in line with globally-established security frameworks like NIST, GDPR, PCI DSS, as well as ASEAN-specific regulations like MAS TRM, MAS Cyber Hygiene, and BNM-RMIT. Users can quickly spin out audit reports from this mapping and use them to address violations or simply demonstrate alignment.

“Where we are in Singapore with cloud adoption is where the US was, maybe, five years ago,” said Sult. “Paul and I come from a long line of entrepreneurs and we want to build a security community here, train engineers, and help companies use modern technology securely. Because of that, we know Warden has to be easy to use and automated.” Even though Horangi’s mission is focused on Singapore specifically and APAC more broadly, Warden is a slick tool that any company, anywhere in the world can use to gain better insights and construct action plans for securing their AWS environment. This summer, Google Cloud Platform (GCP) users will also be able deploy Warden into their environments, and the goal is multi-cloud visibility and risk management.

A holistic approach

In the longer term, the pair looks to expand the product’s capabilities while incorporating more elements of their services business. “We’ll never give up the services side of our business,” said Hadjy, “because that’s the human side, and we believe security teams need a holistic approach.” Having a strong services element of the business also allows the company to offer support to less-resourced companies using Warden, providing an extra level of comfort to cloud users who want to ensure they don’t run amok of compliance requirements and industry best practices, not become the next statistic in a data breach report.

__________________________________________________________________________________________________________

[1] https://www.carbonblack.com/resources/threat-research/global-threat-report-series/