How machine learning is shaping the next generation of cloud security

Security solutions must pivot in order to protect organizations as they move to the cloud.

cloud security ts

Most cybersecurity products on the market today operate statically, meaning that instead of adapting in real time to evolving user behavior, they look for a fixed set of pre-defined threats. Oftentimes these solutions are limited in their ability to control access and make a simple “allow or block” decision. They also struggle to protect data on unmanaged endpoints and traffic flowing beyond a limited set of managed corporate applications.

Similarly, traditional anti-malware solutions search for fixed signatures and patterns associated with known threats and, despite regular updates to malware definitions, are unable to detect unknown, zero-day malware.

Ultimately, these reactive approaches to security no longer work. Advanced malware is being created and distributed at a phenomenal rate, while employees have access to corporate data from more devices and locations than ever before. As such, security solutions must pivot in order to protect organizations as they move to the cloud using next-generation technologies.

Enter machine learning

Machine learning provides a highly responsive and automated approach to security. Rather than focus solely upon identifying sensitive data patterns, solutions that incorporate ML can take a holistic approach to securing corporate data across all of a company’s cloud applications. It enables an augmented ability to detect threats and high-risk data outflows.

Consider a scenario in which a finance team member typically accesses certain data in Box from corporate headquarters within standard working hours. If this user were to access said data on a weekend, from a new location, or on a new device, a solution with machine learning capabilities could detect the suspicious behavior and respond. Remediation actions could include alerting IT or requiring two-factor authentication from the user before permitting data access. Machine learning doesn’t aim to impede productivity or frustrate users, rather, it takes a data-centric approach that evolves as it sees more scenarios and user behaviors.

Machine learning also monitors data behind-the-scenes to enable complete threat protection. As mentioned previously, many anti-malware solutions are only capable of responding to known threats. They do this by checking for hashes or signatures that are known to be associated with malware. However, this fails to address unknown, zero-day vulnerabilities that have not yet been identified. Machine learning takes a fundamentally different approach to defending against malware – these solutions determine if files are likely to take malicious actions by analyzing their behaviors and characteristics. If a file is determined to be a likely threat, it can be blocked when users try to upload it to the cloud or download it to a device. As more files are analyzed and more malware is detected, accuracy only increases. This thorough, automatic security is particularly helpful for enterprises that store large amounts of data in multiple cloud applications.

The power of the cloud

Relying solely upon legacy security tools can make it difficult to perform in-depth analyses on firewall activity in your own data center. Because of this, many enterprises are moving heavy security analyses and calculations off-premises. By having machine learning’s backend analysis done in the cloud for increased performance and efficiency, automated decisions are much more rapid and accurate, providing increased data security. In other words, moving to the cloud amplifies the capabilities of machine learning as well as an enterprise’s security posture.

Machine learning, the need for data and compliance

Many of today’s machine learning algorithms are not data efficient, meaning that they are unable to make appropriate decisions when observing only small amounts of data. However, they improve as enterprises expose them to greater pools of information. For example, humans can look at one laptop, see another with slightly different styling, and recognize that both are laptops. Machines, however, function differently. They need to see many different styles of laptops in order to recognize that a completely new offering from a new manufacturer is the same category of product. As such, machine learning solutions that receive little data aren’t as “smart” as solutions taking in a high volume of data from high-traffic environments.

Fortunately for the enterprise, massive amounts of information can now be stored in the cloud at a relatively low cost. Because of this, next-generation machine learning solutions can analyze and “learn” from an ever-growing set of data. However, this data glut can present a unique challenge. Knowing what type of information to capture is becoming critically important – not only for efficient and accurate machine learning decisions, but for reaching compliance with regulations.

The growing abundance of cloud data could be machine learning’s greatest asset and biggest challenge. Organizations must provide real-time security for their users, a seamless customer experience, and continue to innovate with machine learning – all while complying with regulations and respecting data subjects’ privacy. Meeting all of these demands is typically not a simple process. However, to find solutions and develop machine learning in the cloud, it’s essential that cloud providers, third-party vendors, governments, users, and data subjects work together.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Fall 2018 issue of Security Smart