Misconfigurations in the Cloud — Be prepared before they cause you headaches
According to Gartner, “the rapid adoption of cloud services, along with an increasing number of cloud infrastructure and platform services, has created an explosion in the complexity and unmanaged risk.” There is a trend for companies across the globe to migrate their application and infrastructure to Cloud Service Providers (CSP). Every day these companies are adopting a cloud and multi-cloud strategy to get the advantages and features offered by CSP today.
As these organizations migrate their infrastructures, the risk of human error increases - which should often not be attributed to the technical team. The pressure DevOps, SRE’s (Site Reliability Engineering), Cloud Architects, and others often feel from Business Units (due to the expectation of delivering new features and products to customers) may cause them to be more susceptible to software development and cloud operations failures.
Imagine you are a company using any of the 3 major cloud service providers (AWS, Azure, or GCP): How could you monitor misconfigurations across accounts within your cloud environments? In most cases, customers take the responsibility of checking it manually and mainly from production accounts. As you may be aware, this is not enough! Let’s pretend you are the customer and are monitoring your cloud environment, and then your provider mistakenly changes its access to “public” without your consent. How can you prevent this possible risk?
If this occurs, you would most likely notify the team and auto-remediate it with some 3rd party solution. In these kinds of situations, it is essential to think about more viable and accessible solutions because the number of cloud accounts and services companies are using today is exceptionally high.
“Security is a shared responsibility in order to keep data safe in the cloud, remember that!”
In the last five years, I have been spending a lot of time talking with companies from United States, Canada, Latin America, Brazil, and the Middle East, and I see misconfigurations are becoming a big issue for many of them. This is also becoming a headache for security professionals concerned with data leaks from misconfigurations. As Gartner states, “through 2022, at least 95% of cloud security will be the customer fault.”
“Soon most of the attacks on the cloud environment will be the result of misconfigurations, lack of customizable security profiles, and auto-remediation by organizations in their day-to-day”
- Mistake 1: Storage Access
- Mistake 2: “Secrets” Management
- Mistake 3: Disabled Logging and Monitoring
- Mistake 4: Overly Permissive Access to Hosts, Containers and Virtual Machines
- Mistake 5: Lack of Validation
Just recently, the NSA released guidance about misconfiguration issues in which they mentioned 3 examples of abused misconfigurations. Interestingly enough, all 3 are associated with the mistakes discussed above:
- In May 2017, a large defense contractor exposed sensitive NGA data and authentication credentials in publicly accessible cloud storage;
- In September 2017, a security researcher discovered CENTCOM data accessible to all public cloud users;
- In September 2019, a research team discovered sensitive travel details of DoD personnel exposed in a publicly accessible Elasticsearch database.
The rate at which new features and functionalities from cloud providers are growing is exciting and promising. At the same time, however, it adds complexities to our cloud environments in terms of securing against misconfigurations, compliance risks, and data protection flaws.
This is why it is so important to consider a Cloud Security Posture Management (CSPM) solution. A CSPM will help you with the following:
- Real-Time Misconfiguration Monitoring
- Consolidated view for Multi-Cloud environments and Multi-accounts
- Standards Framework and Compliance Reports like (NIST, HIPAA, GDPR, PCI-DSS, and AWS Well-Architected Framework)
- Infrastructure-as-a-Code pre-scanner for CloudFormation and Terraform
- Multiple 3rd-party integrations for real-time notification and remediations (Slack, Jira, Zendesk, PagerDuty, AWS SNS, ServiceNow)
- Cost Savings Recommendation
- Auto-remediation actions for high-risk detection
Could the configuration in the Cloud Service Provider represent excessive risks for my applications?
The answer is YES! For example, AWS has more than 170 different services today. Within each of them, there are granular configurations, specific authorization policies that make it very complicated to ensure that the environment is under proper configuration and compliance recommendations. This complexity is the reason Cloud Secure Posture Management is so important.
This kind of technology is an emerging security solution to help organizations discover, assess, and resolve cloud misconfigurations across multiple cloud providers and accounts.
“Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. CSPM offerings directly target this need.” — Gartner 2019 Innovation Insights for Cloud Security Posture Management
Cloud Security Posture Management allows you to dive deep into your cloud infrastructure by offering security visibility, compliance, and governance at scale within the cloud. This helps with understanding where the gaps may lie, alleviating pressure on security teams wanting to improve operational excellence in cloud infrastructure, and providing guard-rails for agile DevOps teams.
“Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.” — Gartner 2019 Innovation Insights for Cloud Security Posture Management
I want to say a BIG thank you for some people that helped me with fantastic feedback to improve this article:
- Aaron Ansari
- David Clement
- Stephanie Laranjeira
- Ingrid Kibler
If this post was helpful, please click the clap 👏 button below a few times 😉👍! ⬇