Have you got a handle on your cloud infrastructure security?
November 26, 2019
The growing popularity of Infrastructure-as-a-Service (IaaS) solutions has created unique challenges for security teams to manage.
The scalability, flexibility and cost-efficiency of IaaS has led enterprises to move parts of their IT capabilities, or in rare cases their entire estate, from ‘on-prem’ to the cloud.
As a result, IaaS is now the fastest-growing of the three cloud computing models. But the adoption of cloud, hybrid cloud or multi-cloud IT systems has created additional layers of complexity and ambiguity for security teams to manage. Common cloud security risks include insufficient access management, insecure APIs or misconfigurations on the customer side. All of which can lead to serious security incidents.
Who’s responsible for cloud infrastructure security?
On-premises IT can be expensive and require space and maintenance, but IT and security teams also have more control, visibility and accountability. There are fewer grey areas with on-premises. The enterprise is solely accountable for the organisation’s systems and data.
Cloud infrastructure, by contrast, divide up that responsibility and visibility. Some aspects of security fall to the customer, some to the cloud service provider. This ambiguity can create additional risk. The customer may not know where their responsibilities start and end.
Gartner predicts that by 2022, 95% of cloud security incidents will be the customer fault, most likely the result of system misconfiguration. Perhaps more worryingly, McAfee reports that 99% of cloud incidents go unnoticed. The fact that almost all cloud incidents aren’t being identified signals a critical lack of visibility into cloud system security and awareness around responsibilities.
If you’re unclear about who’s responsible for what, Rackspace summed up the shared responsibility of cloud security quite nicely as follows:
- The provider is responsible for the security OF the cloud
- The customer is responsible for the security IN the cloud
For an exact breakdown of who is responsible for what, you should refer back to your own provider’s documentation. But at a high level, the provider is responsible for securing the compute, network and storage layers within their data centre. The customer is responsible for securing the applications, data and services that are running in their cloud environment.
Siloed visibility and reporting
Whether your systems are hosted in the cloud or on-premises, it’s vital to be able to see every asset across devices, applications and databases, in every environment. As we often say, you can’t secure what you can’t see.
For large enterprises, migrating to the cloud has been a slow and complex process with many moving parts. As mentioned earlier, some large enterprises have opted for hybrid or multi cloud solutions.
While this does have some benefits – greater flexibility, redundancy, resiliency, feature availability and security – it also increases the attack surface and the complexity of the environment, which can hamper cloud infrastructure security.
Almost all businesses want to be able to move fast and be agile, two things that cloud computing can facilitate. But the downside of this can be that organisations make the move to the cloud faster than IT, Security or corporate policy are able to handle.
Cloud infrastructure makes it easy to spin up new instances and even easier to forget about old ones. These neglected instances can become ‘cloud zombies’ – active assets that are unmonitored and unpatched, creating additional risk for the organisation the longer they are left online.
Similarly to running many different tools, having multiple cloud instances across different providers can also create serious challenges when it comes to reporting. Pulling data from different sources, combining, formatting and presenting it back is time-consuming. As we reported recently, the average security team spends 36% of its time producing manual reports.
This siloed visibility presents challenges for security teams but even greater challenges for the wider organisation. Information silos lead to reduced visibility, which increases the overall risk of controls gaps. These gaps in controls coverage increase the risk exposure of the organisation. Ultimately, unified visibility of all assets and controls, whether in the cloud or on-premises, is foundational to securing the organisation and its data.
A unified view of cloud and on-premises IT
Continuous Controls Monitoring can pull all of your cloud environments into a single unified dashboard. This provides visibility of all of your on-premises and cloud-hosted environments, reducing the risk of coverage or controls gaps within your IT environment. It can also help you stay on top of cloud-specific security pain points such as weak identity and credentials management, preventing unauthorized access and strengthening the authorisation process.
Book a demo to find out how Panaseer can help you improve your cloud infrastructure security. If you have any questions about anything mentioned in this post, feel free to get in touch on Twitter, LinkedIn or by email.