In 2021, the COVID-19 pandemic had a dramatic impact on how and where we do business. For many enterprises, the “where” became the cloud – immediately. This rapid adoption of the cloud – in most cases multiple clouds – created a rapid increase in security issues. Suddenly, enterprises had new cloud security requirements they needed to understand and deploy without the benefit of time to learn. The complexity continued to increase, and this triggered new security issues with potentially costly consequences. These included:
- Data leakage/exfiltration – Unauthorized movement of sensitive data from inside the enterprise to outside can be accidental or deliberate. Often the discovery that data has been leaked occurs days, weeks, or months later, and can result in a damaged brand, lost customer trust, and fines.
- Ransomware – Enterprises can pay thousands to millions of dollars to access encrypted data and systems in order to restore operations. Additionally they can be extorted to pay for the recovery of stolen sensitive information. If they refuse to pay, enterprises can lose days or weeks of revenue trying to recover their systems, and risk having sensitive data posted on the internet.
- Non-compliance – Enterprises not adhering to mandatory regulations (PCI-DSS, CMMC, HIPAA) or voluntary cybersecurity frameworks (NIST, GDPR) can incur costly penalties and potential shutdowns that limit their ability to conduct business. Customer relationships may be damaged by the perception that security isn’t a priority.
- Team collaboration/staffing shortages – DevOps is highly distributed across the enterprise and many teams acknowledge the lack of cloud platform security expertise. Cloud security practices should encourage significant collaboration that leverages both internal and external expertise.
To maintain cloud security and reduce–if not totally eliminate–the impact of these serious security issues, enterprises need a proven cybersecurity framework to address these issue directly.
Steps to Strengthen Your Cloud Security Posture
Cloud environments are dynamic and constantly evolving. These five steps provide a proven framework to improve your enterprise’s cloud security using a technology driven approach, even in a multi-cloud environment.
- Visualize/maintain an accurate inventory of compute, storage and network functions
Security teams often lack visibility across multi-cloud and hybrid environments. Cloud environments are often managed in disparate consoles in tabular forms. Security teams need to understand controls that filter traffic, including cloud native controls (network security groups and NACLs), and third-party infrastructure (SASE, SD-WAN and third-party firewalls). A single solution that provides a detailed visual representation of the multi-cloud environment is critical.
- Continuously monitor for exposed resources
It is important to understand which cloud resources are publicly accessible or Internet-facing. Unintentional exposure of resources to the Internet is a major cause of cloud breaches. This includes any data resources like AWS S3 buckets or AWS EC2 instances. Security teams need to easily identify and report on exposed resources, and then provide remediation options that include changes to security groups or firewall policy.
- Continuously validate against industry best practices
There are many industry best practice frameworks that can be used to validate cloud security. CIS Benchmarks and Cloud Security Alliance are two of these frameworks. Security teams should continuously validate adherence to best practices and quickly remediate findings to eliminate misconfigurations and avoid excessive permissions.
- Validate policies – segmentation within/across clouds and corporate mandates
Many security teams create segmentation policies to minimize attack service and reduce the risk of lateral movement. Examples may be segmenting one Cloud Service Provider from another (AWS cannot talk to Azure) or segmenting access across accounts in the same CSP. Both segmentation and corporate policies should be continuously monitored for violations and provide detailed information that enables rapid remediation.
- Conduct comprehensive vulnerability prioritization
All vulnerability management solutions provide a severity score, but more comprehensive prioritization can occur by identifying which vulnerabilities in the cloud are Internet-facing (including the downstream impact of these vulnerabilities).
Note: AWS uses the term VPC (Virtual Private Cloud) and Azure uses the term VNet (Virtual Network). Conceptually, they provide the bedrock for provisioning resources and services in the cloud. However, there is variability in implementation.