As businesses and government agencies continue to expand and evolve their use of the cloud, remote work, and other digital transformations, the role of security operations (SecOps) has become increasingly challenging. The need to secure greater multicloud environments has only added to the complexity for defenders who must ensure that the organization’s assets are protected without impacting the flexibility and scalability necessary for the organization to meet its objectives.
To help us understand the broader issues of multicloud, and the role DNS can play, there are several recent surveys and reports from the SANS Institute that can help, written by season SANS Analysts. Collectively these reports highlight how a growing number of SecOps teams have successfully embraced DNS for more than its “internet phonebook” role, and the challenges faced by those who have not, with a focus on how this is impacted by the evolution of multicloud adoption.
Here are some highlights for each of these very interesting SANS Institute reports, with links if you want to know more.
This report by SANS Analysts Brandon Evans and Kenneth G. Hartmann shares the results of a global survey they conducted in late 2022, along with their expert opinions and advice on the findings. They quickly discovered how complex multicoud environments have become for many organizations with almost one-third of respondents (30%) reporting that they are using as many as seven different cloud providers, and the report digs into the motivations behind these decisions.
The many findings from the survey led the authors to conclude that there is a significant gap between what organizations perceive as the ideal adoption of multicloud and reality. Ninety-one percent of respondents consider cloud-agnosticism to be a virtue, but only 17% of organizations claim to have all cloud-agnostic applications. They are adopting numerous cloud services, but as many as 12% of them believe they are completely unprepared to secure ubiquitous capabilities like storage.
Overall, the survey shows that multicloud and its security issues are here to stay. The authors of the report hope to inform readers of the hard work ahead of them, warn the industry that they are far from reaching their ideal state, and highlight the technologies and techniques practitioners are using to cope with the onslaught of challenges brought about by the vast multicloud service landscape.
The results of the previous multicloud survey led Evans and Hartmann to conduct a follow-up survey that delved more into the value of DNS security in these multicloud environments, as it is a foundational service that can easily be used across multiple clouds for both visibility and control advantages.
Respondents shared how they are deploying DNS, which often involves multiple services across the multicloud environment. The report shows how they are using DNS for improved visibility and defense, and the level of success (and failure) they encounter depending on the type of device and user. Regardless of where they are in their DNS security journey, respondents were looking to expand to cover additional types of devices.
The report concludes that despite being invented 40 years ago, DNS has not been fully tapped for security purposes, and survey respondents showed a strong desire to change this in the short term. Although respondents indicated that they have a long way to go, most were at least partially leveraging DNS for security operations today. Early adopters started off by leveraging third-party services and add-ons that integrate with their existing multicloud architecture. But this survey, and this next report, also talk about how more mature security operations are implementing security within the DNS architecture for additional benefits.
In this report, author and SANS Analyst John Pescatore refers to DNS services as the central nervous system of digital business, enabling rapid and reliable communications. However, because of this, DNS is a highly attractive target for attackers and a key weapon in the continual struggle by security operations to quickly detect and repel those attackers.
Pescatore emphasizes the need for better protection for DNS services to minimize business disruption. He also explains how DNS can be used to increase overall security by detecting and blocking threats within DNS using DNS threat intelligence. By taking advantage of the vast amount of timely and accurate threat data available from DNS services, SecOps can detect attacks more quickly, and the focus can be on avoiding damage instead of incident response.
SecOps will find this report interesting as he packs a great deal of information in one report to highlight how taking advantage of the deeper visibility provided by the DNS system can drive improvements in ‘Time to detect”, “Time to respond”, and “Time to Restore” while improving SecOps efficiency along the way by reducing the ‘noise’ produced by false-positive indications and reducing the burden on security operations staff.
While each of these reports provides valuable insights, collectively offer greater context for dealing with the challenge of multicloud and the value of making greater use of DNS for security.