Cloud platform providers such as Amazon, Google and Microsoft have invested heavily in creating secure environments for customers to operate their networks in by providing more resources and capabilities to keep foundational services patched and operational. This is largely driven by the Shared Responsibility Model, which dictates cloud providers monitor and respond to security threats related to the cloud’s underlying infrastructure.
Despite everyone’s best efforts, cloud security threats continue to impact organizations. Amazingly, 98% of respondents to Ermetic’s 2021 survey reported at least one cloud data breach within the previous year and a half. It’s no surprise 95% of organizations are moderately to extremely concerned about cloud security.
What’s the solution? As threats continue to persist, organizations have a huge opportunity to leverage the power of the cloud and provide greater network security in the cloud than on premises. This can be achieved through cloud security tools that extend beyond the network to also secure organization’s user and endpoint devices.
Let’s take a closer look at three best practices organizations must consider when it comes to orchestrating the security architecture of their cloud environments.
Pillar 1: reducing the risk of cloud misconfigurations
Misconfigurations in cloud environments are major contributors to security issues. For example, a study by Ponemon suggests misconfigured cloud servers cause 19% of data breaches costing half a million dollars per breach, while Gartner estimates misconfigurations will cause 99% of cloud security issues by 2025.
The major cloud breaches we’ve seen such as the Capital One data breach in 2019 have been due to misconfigurations or a malicious actor taking advantage of a configuration. Earlier this year, we saw bad actors expose thousands of student records through a misconfiguration in a Microsoft Azure server. We’ve also seen customers accidentally allow public access to their MongoDB resulting in ransom demands in exchange for compromised encryption keys.
In this example, following recommended best practices in design and a disciplined DevSecOps process on Security Group changes would have prevented the exploit. This would have ensured security was integrated into devops initiatives, reducing risk while minimizing the possibility of attacks.
Pillar 2: securing endpoint applications and users
Although applications create more entry points for attackers into a cloud environment than an on-premises environment, the leading cloud providers have built-in mechanisms and tools to help secure application workloads.
For example, organizations can tightly control and contain the blast radius of application exploits by applying cloud best practices. Application developers specifically need to make security a central component at the start of the development process, rather than an afterthought further down the line. Security vulnerabilities should be addressed during the software development process.
Organizations can’t afford to leave the door open to malicious attacks. By “baking in” security capabilities during the application design and development cycle, businesses will be better placed to continuously audit and optimize their apps, while ensuring proactive protection from the most prominent cyber-threats.
There are also programs available to help organizations keep up with the speed of change in the cloud. For example, some can even help organizations track and improve their workload compliance, empowering them to reduce risks and respond faster to changes which may affect application security.
Pillar 3: patching makes perfect
Cloud environments include many gateways for malicious actors to access systems and data. Organizations that apply timely patches to applications can minimize the impact and remediate active exploits. However, applying patches in a timely manner is still something many organizations struggle with.
Organizations are slow to patch due to a combination of factors, such as the complex nature of systems or overstretched internal resources. Without a strategy for implementing patches or enough personnel to focus on patch management, they can fall by the wayside. This could result in servers remaining unprotected for weeks or even months after an update is released.
So, what goes into an effective patching strategy? The first step should always be to take an inventory of the systems in the infrastructure. Once the organization has a clear understanding of the devices, software and applications being used, they can determine the risk levels of their systems and assign priorities to each of them based on factors such as how long a system has been left unpatched and whether it accesses the internet.
Of course, the most important best practice is to apply patches as quickly as possible. Patches should always be applied in a timely manner – a process which can be automated through tools to leave systems unguarded for the minimum amount of time possible.
The future of cloud security
Ultimately, there is no silver bullet when it comes to securing cloud environments. However, in the short-term, organizations can minimize risk by applying and following the best practices outlined by cloud providers.
Looking ahead, implementing AI and machine learning technologies will provide an opportunity for organizations – specifically hyperscalers and third-party software providers – to innovate in cloud security. These tools leverage automation to provide increased visibility into cloud environments. For example, businesses can create policies to automatically detect misconfigurations, show exactly when a configuration was last changed, and by whom – all without any manual labor or human interaction.
With the cloud threat landscape continually evolving and becoming more complex, next-generation technologies such as AI and machine learning will be key to bolstering security defenses and building truly resilient cloud architectures.