The public cloud is designed to enable agility, scalability, and adaptivity. The result is a massive proliferation of public cloud services and APIs offered by cloud platform providers, which help organisations increase the rate of innovation far beyond they could in the private data centre.
While these new cloud services deliver attractive benefits, they also increase management complexity and the potential for costly misconfiguration errors that can compromise critical resources and sensitive information.
Misconfiguration is a looming threat in the cloud
Public cloud environments effectively include an infinite number of configuration combinations, offering a long list of opportunities for misconfigurations. Users may also change settings at any time, introducing a misconfiguration where there was not one previously. Where with automation these misconnfigurations can rapidly be duplicated. For the public cloud, misconfigurations are a serious problem, which is why Gartner recently claimed that 99% of cloud security failures are the customer’s fault.
According to another report, most cloud misconfigurations are the result of inexperienced users or a failure to update security tools designed to do things like monitor and validate configurations. Nearly 40% occur due to efforts to merge data during M&A activities. Other times, a cloud storage bucket is left open to the public, enabling anyone to access it—no special hacking skills or tools required. Perhaps the most famous example is that of the US National Security Agency, where a cloud-based server was left open, and security documents were freely accessible using just a web browser.
Other security events tied back to misconfiguration include:
- System downtime events, 44%
- Unauthorised traffic to a virtual server instance, 36%
- Object storage breaches, 34%
- Unauthorised access to a database service, 34%
- Unauthorised user logins, 29%
- Unauthorised API calls, 28%
- Critical data breaches, 27%
The results of a cloud misconfiguration can be devastating. Between 2018 and 2019, more than 33 billion records were exposed as companies moved to the cloud without having appropriate security in place. During that time, the number of records exposed by cloud misconfigurations “rose by 80%, as did the total cost to companies associated with those lost records.”
Securing access and managing critical applications and resources
Addressing this challenge needs to start with prioritising secure access to cloud resources, especially business-critical applications. Access is especially relevant since the number of people touching the cloud infrastructure has dramatically increased over the past few years. In the past, only a handful of people in an organisation, primarily DevOps teams, had access to the cloud infrastructure. Today, deploying applications and making engineering changes to a given infrastructure has become far more common.
Of course, keeping track of which applications are the most critical may seem straightforward. But as applications multiply, and cloud usage evolves, assumptions about which applications are the most valuable can often be wrong. To keep up, organisations need to be monitoring for increases in application usage over time so that the most critical applications are not only prioritised to ensure availability and optimal user experience, but that access is controlled so that errors can be kept to a minimum.
The critical need for centralised cloud management
To effectively detect and remediate intrusions and protect critical services, security teams also can benefit from the ability to view the current inventory of all cloud resources through a single console. That way, they can monitor and analyse traffic and drill down on specific services and traffic patterns that are suspicious. Specifically, they need to be able to visualise traffic to effectively distinguish between valid and threatening traffic.
Now is an excellent time to put in place a central cloud security management system where you can streamline security operations across multiple clouds while interfacing with fewer touchpoints, ultimately enabling consistent visibility across a broad cloud environment. In a static, on-premise environment, such issues can be addressed using a configuration management database (CMDB). But rapid changes to cloud services and configurations introduce new challenges. Management systems isolated to per-cloud instances inevitably results in siloed visibility. Add to that the dynamic nature of cloud deployments, and it can become nearly impossible for an organisation to consistently assess its security posture. This is a root cause of many critical misconfigurations that occur in increasingly complex cloud infrastructures.
A centralised cloud security management system needs to include a common framework for security policies to be deployed and orchestrated across a multi-cloud environment. These tools are typically categorised as Cloud Security Posture Management, Cloud Workload Protection and Cloud Access Security Brokers. These tools need to perform configuration analysis, event analysis, compliance checks, and data inspection, regardless of the cloud environment in which a solution is deployed, along with offering remediation recommendations. Even better, those configurations should be able to be compared against industry standards, such as PCI, HIPAA, or NIST, to ensure ongoing compliance and adherence to best practices.
Just as importantly, these cloud security capabilities need to be able to see and communicate with each other, regardless of where they are deployed. This requires tools such as cloud connectors that can translate and normalise data, policies, and enforcement protocols on the fly. This not only ensures the collection of critical security data from across the distributed cloud but also enables resources to be marshaled as part of a unified response to a detected threat.
The cloud is transforming business – but only if you remain in control
Cloud sprawl can quickly result in significant risk to any organisation that does not step up to take proactive measures. A truly centralised cloud security management solution must not only integrate natively into each cloud platform it is deployed, but also serve as a central point of truth covering the entire distributed infrastructure. This includes the breadth of services utilised in the cloud from IaaS, through PaaS to SaaS applications and resources operating both on and off the network.
Such a strategy plays a critical role in preventing issues like misconfigurations and shadow IT that plague organisations and put entire digital operations at risk, no matter the size of the company.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.