By Oren Amiram, Director of Product at AlgoSec
Cloud security as a strategy is
constantly evolving to meet the needs of organizations for scale, agility, and
security. If your organization is weighing the merits of the use of public
cloud versus private cloud, here are a few facts to keep in mind.
Data
shows that the public cloud is the preferred choice. Here's what's driving it.
Public cloud security has become more
ubiquitous thanks to IaaS platforms such as Amazon Web Services (AWS),
Google Cloud Platform (GCP) and Microsoft Azure. According to Gartner, worldwide end-user spending on public cloud services is expected
to grow
by 20.4% in 2022 to a total of $494.7 billion, up from
$410.9 billion in 2021.
It is easy to see why public clouds
are so appealing. Unlike private clouds, public cloud platform solutions allow
organizations to provide business applications fast and reduce the costs
associated with purchasing, managing, and maintaining on-premise hardware and
application infrastructure. Furthermore, public clouds enable businesses to set
up the required infrastructure much faster than on-premise and provide
unmatched scalability, as well as extra security capabilities.
Public
cloud benefits are abundantly clear, but there's more to this than meets the
eye
As robust as a public cloud platform,
there are also challenges that organizations need to
overcome. According to a recent global survey on public cloud
security risks, just under a third of organizations (31%) were
not confident or only slightly confident about their ability to protect
sensitive data in a cloud environment and another 44 percent reported they were
only moderately confident. Another survey focused on top threats to cloud computing showed that misconfiguration of the cloud platform was one of the top three concerns among
respondents. This challenge is even more amplified as evidenced in a separate survey, with nearly 76% of respondents stating their
organization uses two or more different public cloud providers. The findings
suggest that security teams often have to manage multiple native security and
management consoles to enforce security and compliance across different
environments.
How
profound is the impact of misconfigurations on your network? All it takes is a
single hole
It is no surprise that enterprise IT
teams find it difficult to keep their applications secure. Migration of
applications to public cloud platforms involves many potential pitfalls.
Misconfiguration errors can occur at many different points on the network as
part of the migration process, especially when moving from traditional
firewalls to cloud security controls.
Ongoing management of applications
and workflows within the public cloud presents a unique challenge. Many
organizations have multiple teams using different methods to manage the
applications and the security controls that should protect them, such as
Ansible, Chef and Terraform, in addition to manual changes.
Even if you are using a single public
cloud platform, you still need to manage multiple security controls protecting
a multitude of applications. Organizations may have hundreds of separate public
cloud accounts, each with multiple VPCs, spread across different regions. These
VPCs are protected by multi-layered security controls, from Cloud
Infrastructure, such as security groups and network ACLs, cloud-native advanced
network firewalls, to Security Products offered by ISVs, such as NG
Firewalls.
It is easy to see why
misconfiguration occurs if IT teams attempt to take on this complex, tedious
and labor-intensive process themselves. A single mistake can cause outages,
compliance violations and create holes in your security perimeter. Digital
Shadows detected over 2.3 billion files that had been Misconfigured storage
services have exposed more than 30 billion records and contributed to more than
200 breaches over the past two years. It is safe to assume that as
organizations seek to optimize their public cloud
deployment, cloud breaches will increase in velocity and
scale. According to a recent Accurics report, misconfigured cloud storage services were commonplace in 93% of
hundreds of public cloud deployments analyzed.
Avoiding
misconfiguration risks is easier said than done, but there's a solution
Given that organizations are so
concerned about misconfiguration risks, what steps can they take to avoid
making them? There are two basic principles that should be followed:
- Ensuring that only authorized, qualified personnel can make network or
security control changes
- Following a clearly defined change process, with mandatory review and
approval for each stage
It's also important to keep in mind
that errors are still likely to occur even while you're still carrying out your
processes manually. Luckily, there is an easy public cloud solution - a network-aware
automation. This enables you to employ network change automation, eliminate
guesswork and error-prone manual input, while also simplifying large-scale,
complex application migration projects and security change management.
It's critical to obtain a full
network map of your entire hybrid network security estate, as well as identify
risks and correlate them to the assets they impact. There are tools available
to achieve instant visibility of cloud assets and security controls,
pinpointing and troubleshooting application and network connectivity issues
resulting from security policies.
You should also leverage a uniformed
network model and change-management framework that covers the hybrid
cloud and multi-cloud environment, with an automated
policy push for "zero-touch" automation. You can securely migrate workloads
from on-prem to the public cloud with central policy management, allowing you
to orchestrate multiple similar security controls in a single policy.
The ability to proactively detect
misconfigurations to protect cloud assets, including cloud instances, databases
and serverless functions, is also important. It is possible to identify risky
security policy rules, the assets they expose and whether they are in use. You
can also remediate risk, including cleaning up bloated and risky policies and
enjoy audit-ready compliance reporting, including vast support for diverse
regulations.
##
ABOUT
THE AUTHOR
Oren Amiram
Oren Amiram has over 15 years of senior
management experience, serving in a variety of roles in the Cyber Security
industry. Prior to joining AlgoSec as the Director of Product Management, he
was responsible for the SAST product at Checkmarx, led the vision and strategy
for SaaS solutions at Panaya and held various senior positions at NICE, including
director of product for multi-channel and voice biometrics solutions.