CSPM will lead to fewer cloud misconfigurations, writes Sergio Loureiro, cloud security director at cyber firm Outpost24.
Cloud misconfigurations have risen drastically in recent months, increasing 80 per cent, as more cybercriminals exploit this vulnerability as a launchpad for malware distribution. Indeed, avoidable cloud misconfigurations are the #1 culprit behind data breaches, costing global companies an estimated $5 trillion in 2018 and 2019. We’ve even seen well-known brands like Capital One, Pfizer, Prestige and Virgin Media all suffer as a result of security in the cloud being overlooked.
Security issues in the cloud typically occur when the appropriate security settings are not configured, in many cases, with the default security settings unchanged. This means the settings are not compliant with the industry security standards (CIS benchmarks) which are designed to reduce the risk of a data breach across cloud environments.
While cloud security has long been considered a serious challenge for modern enterprises, problems such as misconfigured storage buckets and overly permissive policies are exacerbated following the rush to equip employees to work remotely. Unfortunately, these glaring errors often arise from mistakes by internal IT team or business units who set up the cloud infrastructure. In fact, human error is generally the root cause of inadequate cloud security posture with Gartner reporting 99% of cloud security failures comes from the user. Other areas where security falls short is the lack of data and asset visibility that comes with unparalleled speed of change, scale and scope, making it difficult to govern and monitor without automation.
By not following industry guidelines, security professionals are providing access points for cybercriminals to exploit and steal information. Cloud misconfigurations take little skill to detect, with hackers purchasing automated scanning tools from the Dark Web to locate and identify weak points across cloud environments.
Cloud can be the right choice for businesses looking to expand their infrastructure, keep pace with DevOps demands and embrace new technology to support remote working. However, we are seeing many institutions falling short of adequate Cloud Security Posture Management (CSPM). But how can organisations implement security controls to prevent cloud misconfigurations and put an end to data being haemorrhaged from unsecured cloud estates?
Preventative measures
Like most issues in cybersecurity, cloud security must be tackled head on. Gaining visibility of your cloud data and asset is necessary so that all critical elements of security can be addressed to reduce any gaps in the shared responsibility model. Furthermore, collaboration is necessary between security and the wider IT department to minimize shadow IT and ensure a secure cloud migration. This also includes knowing specific roles and responsibilities between the Cloud Service Provider and the security team. Remember, the Cloud Service Provider is in charge of protecting the cloud infrastructure, while you are responsible for protecting the contents you put in it.
With misconfigurations being the biggest cloud security issue, Cloud Security Posture Management (CSPM) is the first thing that you want to get right. Named by Gartner as one of the key areas in their Top 10 Security Projects for 2020-2021, CSPM provides organisations with continuous cloud monitoring and configurations assessments for AWS, Microsoft Azure, Google, Docker or Kubernetes to ensure all settings and policies are meeting industry security standards like the CIS benchmark and safeguard the contents within the cloud environment.
And if you use more than one cloud service provider (CSP), opt for a CSPM that can handle configuration assessment across multiple cloud service provides. Each CSP has its own security complexities, policies and configuration standards that must be constantly reviewed to prevent security mishaps, so a multi-cloud security solution is needed to save time and ensure any system irregularities are flagged in real time.
Is more security needed despite the CSP providing security layers?
The wheel of cybersecurity is forever turning, requiring organisations to evolve with the ever-changing threat landscape, and this necessitates security to be factored throughout the cloud migration journey. The formation of the shared responsibility model highlights the need for additional security measures to be in place because security is never guaranteed. By taking a proactive stance, organisations are effectively taking ownership of the security of their environments which will see a reduction in cloud breaches and overall risk.
During this highly volatile cyber age, its imperative organisations do not delay in carrying out their security duties where the cloud is concerned. All elements must be protected including the network, applications, endpoints and cloud infrastructures. By implementing the necessary tools to carry out automated and continuous CSP management, security professionals will have the confidence that their organisations are following industry security best practises which in turn will mean compliance with data security and privacy regulations. In addition, this will provide a clear view of the overall attack surface with greater efficiency no matter how many cloud environments are being used.
The past 12 to 18 months have forced many into adopting new technologies like cloud during the transition of digital transformation which may have been daunting for some. Modern cyber criminals are opportunistic so to ensure the long-term survival, success and return on investment, implementing a multi-cloud orchestration and automation strategy for cloud security will be key.
