- The 25+ best Black Friday Nintendo Switch deals 2024
- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
- One of the best cheap Android phones I've tested is not a Motorola or Samsung
- The best VPN services for iPhone: Expert tested and reviewed
Mitigating Security Risk in the Cloud(s)
The promise of DevSecOps is security that is inherent to every phase of the application lifecycle. Security processes are incorporated earlier, commonly called “shift left”. This implies that security best practices are both known and implemented consistently across all workloads – which in a multi-cloud world can include any number of disparate environments.
Multi-Cloud Security Threats
A multi-cloud strategy increases an organization’s ability to adapt quickly to the needs of the business but often also increases complexity and reduces visibility across environments.
The Cloud Security Alliance (CSA) report The Top Threats to Cloud Computing called out eleven threats to cloud computing. Of these, less than half were generic threats like account hijacking or insider threat. The rest were specific to visibility, misconfigurations, and a weak control plane.
This reflects a lack of maturity around cloud usage, often a direct result of limited relevant expertise and/or sufficient people to manage these increasingly complex environments.
The only way for today’s organizations to improve their cloud security posture is to supplement their human expertise with intelligent, automated protections. To build security processes that can be incorporated into every stage of the application lifecycle and applied to all cloud workloads and services.
Lack of visibility
Given that you can’t secure what you can’t see, or don’t fully understand, visibility across cloud environments is essential to mitigating cloud security risks. Many providers have tooling to assess the security posture of their own services. However, these can result in an incomplete and disjointed view into an organizations overall posture. And without the context necessary to understand the bigger picture, all issues can look similarly important. This makes it harder to prioritize actionable remediation and can result in critical issues getting lost or ignored in the noise.
Misconfiguration
Misconfigurations are a leading cause of public cloud security breaches. They can be the result of a simple fatfinger, lack of best practice awareness, or lack of resources to ensure consistency. They have always posed risk and proven difficult to eliminate completely. However, in the “always-on, publicly-connected” world of cloud, the potential for – and speed of – exploitation is magnified exponentially.
The Cloud Security Alliance (CSA) report The State of Cloud Security found that 1 in 6 organizations had a public security breach last year due to misconfiguration. Our own analysis of common cloud misconfigurations identified several high-risk violations:
- Object storage default encryption not enabled
- Database snapshots not encrypted
- Virtual machine disk volumes not encrypted
- IAM policy has unlimited administrative privileges
- Multi-factor authentication is not required for all users
- Virtual machines SSH port (22) is accessible from public internet for any source address
These violations should seem obvious to even the casual observer yet are prevalent enough to indicate a struggle to ensure basic protection consistently across clouds.
Cloud Security Posture Management
Cloud Security Posture Management (CSPM) is a solution category that, using Gartner’s definition, delivers “a continuous process of cloud security improvement and adaptation to reduce the likelihood of a successful attack.”
CloudHealth Secure State by VMware
CloudHealth Secure State is our leading CSPM that provides security posture management for AWS, Azure, and Google Cloud Platform services. It also provides Kubernetes Security Posture Management (KSPM).
Here’s how it works:
- You provide IAM credentials for each cloud account you want to monitor (configured for read-only following least privilege)
- Secure State collects cloud data and builds an interconnected cloud security model of your environment
- Secure State assesses the data for violations (findings) against its security rule database and compliance frameworks
Improved Visibility and Context
Users can access Secure State features through a single console or API. These features include:
- A unified search engine across resources, relationships, and security findings
- A topology explorer providing security context including relationships, misconfigurations, threats, metadata, and change activity
- An intelligent risk scoring algorithm to identify and prioritize critical findings
- Native exports to SIEM systems for additional analysis and to streamline SOC investigations
Improved Configuration Management
Secure State helps security and platform teams understand how a minor configuration change can elevate risk across connected cloud objects. It delivers:
- Automation to improve security and compliance posture with guardrails to prevent mistakes
- Auditing of configuration changes and compliance violations
- Automated assessment and remediation for benchmarks such as CIS, GDPR, HIPAA, ISO 27001, MITRE ATT&CK Cloud, NIST, PCI, & SOC 2
Conclusion
The dynamic, distributed, disparate nature of multi-cloud has introduced additional complexity for teams managing security risk. Challenges that were largely resolved in the datacenter, like limited system visibility and identifying misconfigurations, are not only more challenging across clouds but can also result in larger exposure.
Improving multi-cloud visibility and context, along with misconfiguration protection and remediation, are simple steps that organizations and DevSecOps teams can take immediately to improve their cloud security posture.
CloudHealth Secure State provides these capabilities, and more. Get a free trial or request a demo and start improving your cloud security posture today!
Learn more!
VMware Wins Gold at 2022 Cybersecurity Excellence Awards
VMware is proud to announce it has won across nine categories at the 2022 Cybersecurity Excellence Awards, demonstrating the company’s security innovation and commitment to keeping customers safe from cyberattacks.
CloudHealth Secure State by VMware won the gold award in the 2022 Patch and Configuration Management category.