Get your head in the clouds! Public cloud and how to secure it.
Public Cloud 07-Mar-2023 13:35:25 Max Harper 6 min read
As use of the cloud increases, so does the focus it receives from cyber criminals...
Digital transformation
Increased migration to the cloud forms an important part of most businesses digital transformation journey for 2023. For many organisations, this has been a gradual transition with a large majority now running hybrid environments. But as cloud adoption continues to grow, it's important to understand your responsibility in the shared security model and to understand how you can mitigate the new risk you may face...
So, who's responsible for what?
Public Cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), run a shared responsibility model - put simply, it means they ensure the security of the cloud, but it's your responsibility to secure what's in it.
What are the biggest security challenges for Public Cloud Environments?
Visibility
You've no longer got a bit of tin that you can kick... and if you can't see it, you can't secure it. One of the biggest requirements to getting your cloud security posture right is getting accurate visibility of all of your cloud-based infrastructure, configuration settings, API calls and user access.
Distribution of data
With workloads spread across disparate instances, and for some organisations, platforms. The rapid growth of cloud usage has resulted in a fractured distribution of data. A multi-cloud approach adds to the visibility challenge for IT teams who may need to jump from platform to platform to get a complete picture of their cloud-based estate.
Increased exposure
Keeping track of workloads wasn't as much as an issue when dev cycles used to last months, or even years! but those days are over. You now need to keep up with multiple releases - sometimes on the same day. Tracking fast-paced architecture changes, configuration updates, and security group settings around the cloud is near impossible. Which all adds up to be a recipe for increased exposure to cyber threats where vulnerabilities can be quickly exploited.
Lets not forget about maintaining compliance standards!
No matter where your infrastructure and data is held, you still need to demonstrate compliance with relevant regulations, incl GDPR, CIS, HIPPA and PIC or risk regulatory non-compliance.
The challenge in the cloud is that environments change by the day, the hour, even by the minute. Compliance checks every week or month may have worked for on-premises networks, but they won't cut the mustard for public cloud environments... The need for continuous compliance analysis can be a huge drain on resource for teams, let alone identifying a risk and getting security, Dev, Ops and compliance teams together to address it and remediate it.
So, let me get my head in the cloud! How can i secure it?
We mentioned the shared responsibility model earlier - here's a nice infographic by our friends at Sophos that outlines the responsibilities in more detail:
I want to see everything!
Utilise tools that provide a real-time visualisation of network topology and traffic flow, with a full inventory breakdown incl hosts, networks, user accounts, storage services, containers, and serverless functions.
For enhanced visibility, look for a solution that is able to identify potential vulnerabilities within your architecture so you can mitigate risk of a potential breach.
Potential risk areas include:
- Databases with ports open to the public internet that could allow attackers to access them
- Public Amazon S3 Simple Storage Services
- Suspicious user login behaviours and API calls - i.e multiple logins to the same account at the same time, or a user logging in from different parts of the world on the same day
Plan for Multi-Cloud ☁️☁️☁️
When planning your security strategy, start with the assumption that you'll run multi-cloud - if not now, at some point in the future. That way you can future-proof your approach.
Multi-cloud environments is a must-have strategy for a lot of organisations. The advantages include availability, improved agility, and functionality. Think about how you will manage security, monitoring, and compliance across multiple cloud providers, in separate systems and consoles. The easier the management experience - the easier it is to cut incident response times, threat detection and reduce compliance audit headaches.
Consider a solution that allows you to monitor multiple cloud provider environments within a single SaaS console. Single pane of glass yourself up! Reduce the number of tools, time, and people needed to manage security across multiple cloud accounts and regions.
Integrate compliance into daily operations
To streamline the process of addressing compliance failures, find a solution that can integrate with your existing ticketing solutions. Including alert information that can be used to create, assign, and track issues to completion and ensure important tasks are never lost, even during a release.
Automation for the nation
The ability to automate processes is one of the joys of DevOps. But, as your teams enjoy automating deployment of infrastructure templates and scripts, saving them hours of deployment team, you should also consider what security controls you can automate.
Cyber criminals take advantage of automation in their attacks - so you should too. The two main reasons why attacks on public cloud environments succeed are that the architecture configuration is not secure, and that threat response hasn't been able to keep pace with the attackers. Automation of security controls is key to addressing these risks.
Look for a solution that can:
- Auto-remediate user access vulnerabilities and resources with ingress from any source on any port
- Identify suspicious console login events and API calls that suggest shared or stolen user credentials are being used by an attacker
- Report anomalies in outbound traffic to alert your organisation to activities such as cryptojacking or data exfiltration
- Reveal hidden application workloads from the behaviour of the host computer instance to highlight hidden exposure points i.e databases
All sounds great - but where do I begin...?
Spear Shield can perform a FREE Cloud Security Assessment.
- How it works?
Spear Shield will guide you through the set-up of a Cloud Security Posture Management (CSPM) tool. Using read-only access, this proactive assessment then uncover how your public cloud environments stack up to the latest security and compliance best practices. - Included with every assessment:
Network visualisation - Complete visualisation of public cloud environments, with detailed asset inventory
Audit-Ready reports - Compliance and security best practice reports for leading standards
Recommendations - Remediation paths for any identified security and compliance gaps that could be placing you at risk - Resource required from your side?
1hr remote session and someone with admin privileges in your environment.
Sounds good or you'd like to learn more? Contact the team today.
01473 948980
About Spear Shield
Here at Spear Shield, we are continuing to invest in our goal to create one of the most cyber-secure client communities in Suffolk, East Anglia and across the UK.
Our approach is to work closely with IT teams and business leaders to help identify cyber risk, understand core business drivers and challenge the conventional approaches to legacy cybersecurity strategies to enable our customers to exceed their cybersecurity goals.
Spear Shield has a portfolio of award-winning cybersecurity solutions and services that we align to enable our customers to be able to solve even the most complex and advanced cybersecurity challenges.
The team at Spear Shield specialises in:
- Mitigating the risk of social engineering attacks and human-activated cyber risk
- Real-time asset discovery, device security and compliance
- 24/7 Managed Threat Hunting and proactive Incident Response
If you would like to learn why organisations are choosing to secure with Spear Shield, please do contact a member of the team to arrange a confidential conversation today.
The team has several year's experience working within both the private and public sector, have a very consultative approach and would welcome the opportunity to learn more about your organisation.
Max Harper
As CEO and Co-Founder, Max is dedicated to Spear Shield’s mission of creating one of the most cyber secure client communities across Suffolk, East Anglia, and the UK. By working closely with business leaders and IT Teams, Max’s approach is to understand core business drivers, challenge the conventional approaches to cybersecurity strategies and enable our customers to articulate risk and exceed their cybersecurity needs.