Clearing up the fog in implementing cloud security

Many technology companies, like Adobe, face the daunting challenge of implementing a comprehensive security program across a mixture of both legacy infrastructures, acquired product platforms, and newly deployed cloud-based SaaS offerings.

Successful products—whether new, legacy, or acquired—are often wedded to disparate technology stacks. In a perfect world, we would migrate all solutions to a standard, homogenous platform; however, doing so would deter the impressive momentum toward iterating on our current solution offerings for customers.

In order to maximize security across not only the range of Adobe services and technology stacks, but also the various geographic, logistical, and cultural boundaries involved, requires a step back to formulate a broad end-to-end approach.

The cyber world is a complicated place that is exponentially more complicated every day. At Adobe, we’re enabling our customers with web analytics, digital marketing, document signing, creative file storage, and workflow, among many other solution offerings.

Adobe’s core security strategy for these services centers on reducing risk through proactive measures intended to minimize the impact of exploits while, at the same time, developing agile and effective reactive measures to quickly identify and respond to malicious behaviors.

In order to accomplish this, we spend our efforts proactively building robust defense mechanisms into our solution offerings and supporting infrastructure, making attacks to our customers’ sensitive data or our internal support systems more difficult. Our challenge in security is to distill the complexity we’re facing and optimize our toolsets as much as possible.

One way that Adobe is meeting this challenge is by implementing a file integrity monitoring and configuration monitoring system. Doing so has provided our information security team with a detailed understanding of our solutions and supporting technology stacks. Implementing these tools across such a broad technology stack, in many different countries, and with so many differing priorities is not an easy task.

For example, within Adobe’s Digital Marketing business unit, some teams immediately went to work, understanding the need for the technology, and wanting to be the first within the group to have the tools deployed. Other teams were concerned that the tool may have a negative impact on their customers in other geographies so they worked with the tool vendor to vet the product before moving forward with tool deployment.

Still other teams did not want to involve the vendor in their product review and put the tool through its paces as they stress tested the capabilities of the tool within their environment. In these cases even delays of milliseconds would have been unacceptable to the team. Upon test completion, the tool was verified ready for deployment and over 20,000 endpoints had daemon coverage within three weeks.

Today, cloud security monitoring and configuration management at Adobe is standardized across many operating systems, enhancing our ability to monitor and track tens of thousands of hosts in our Digital Marketing business unit.

Configuration Management

Configuration management fits into the Adobe strategy by reducing risk proactively by identifying weak or poorly configured software and hardware. The aim of configuration management is to achieve an adequate and appropriate level of hardening of our IT systems.

Configuration management is key to securing not only the operational platform, but also the applications and services that support our business. Simple misconfigurations can potentially lead to unintentionally exposing information on these systems.

Adobe actively identifies deviations to our established, hardened configuration baselines. As deviations are detected, Adobe takes an aggressive approach to eliminate risks associated with these deviations.

File Integrity Monitoring

File integrity monitoring (or FIM) provides a fundamental layer of monitoring the security of our systems. This function is designed to rapidly notify our team of possible compromise or intrusion. Adobe is using proven FIM tools to actively monitor privileged user activity on our critical systems and files.

Events are forensically captured, processed, and correlated with our other security data to provide context for our incident response efforts. Using our strong background and expertise in data analytics, Adobe has developed trending reports and dashboards to help skilled security operations personnel and incident responders to quickly spot potential malicious activities. In this way, we are able to quickly identify deviations from established baselines, potentially signaling a potential system compromise.

Leveraging these two technologies aids Adobe in our efforts to secure our infrastructure against threats, identify malicious activity, and actively respond when threats are identified.

Davidson is a Senior Network Security Engineer at Adobe.