September 17, 2021
As Cloud Adoption Increases, Security Must Keep Pace
Cloud security posture management tools ensure compliance and monitor real-time threats in evolving cloud environments.
IN THIS ARTICLE
The Cloud Threat Landscape Is Ever-Changing
One of the most telling statistics about cloud security comes from the Cloud Security Alliance’s 2021 report “State of Cloud Security Concerns, Challenges and Incidents.” When asked whether their organizations had experienced a cloud security incident in the past year, 41 percent of respondents said they did not know. “Unsure” was the most common response, and that percentage had doubled since 2019.
Now, consider that the average organization has workloads placed with two or more public cloud providers, according to the SANS Institute’s “Extending DevSecOps Security Controls into the Cloud: A SANS Survey.”
Together, these trends represent a dangerous combination: increased reliance on multicloud environments, impaired by a lack of knowledge about security. Further, this is a problem that is difficult to solve manually.
This challenge is the primary reason organizations are turning to cloud security posture management platforms. CSPM solutions provide visibility and automation to identify and remediate cloud-based vulnerabilities. They allow organizations to leverage the cloud within risk management parameters that protect cloud-based resources just as diligently as those on-premises.
The pandemic unquestionably accelerated cloud adoption. The same agility and scalability that served organizations well before the pandemic became critical to support large-scale remote work. With organizations reaping the benefits of this approach across nearly every industry, cloud adoption will continue to rise.
Lasting consequences of the pandemic will cement this expansion further. Organizations need to be agile and to support remote work. Eighty-three percent of employers report that remote work has been successful, and only 17 percent anticipate a complete return to fully in-person work, according to PwC’s US Remote Work Survey. All these factors indicate that organizations should be maturing their cloud environments not only technologically but also strategically: developing security strategies and governance processes, and establishing best practices throughout.
WHY CLOUD ADOPTION IS A CRITICAL CONSIDERATION
Major changes in the business world demand adjustments in how organizations implement and use IT.
Organizations must be technologically agile to survive and adapt to future disruptions. Whether those arise from pandemics, natural disasters or other causes, the cloud can help organizations adjust quickly.
Continued cloud adoption also is being driven by the widespread expectation that high levels of remote and hybrid work will continue. A variety of cloud tools enable work from anywhere.
Robust cloud adoption is happening in the education sector, particularly at the college level, as many institutions reformulate their offerings for continued distance learning.
What Is Cloud Security Posture Management?
CSPM solutions help organizations solve potential liabilities related to visibility, configuration, compliance and ongoing management of the cloud environment. This technology supports adherence to security best practices and regulatory requirements, facilitates inventory management, and provides log and alert capabilities. It essentially provides governance, risk management and compliance capabilities for cloud environments.
Public cloud providers continuously evolve their environments, which means default configurations and other critical settings also change. CSPM tools assess environments against target compliance or security rules and alert IT staff or automatically make the necessary fixes. Proactive identification and elimination of improper configuration is essential, because it reduces cloud risks.
Many organizations must comply with regulatory frameworks that apply highly specific requirements to cloud security. CSPM tools assess compliance against specific sets of rules and best practices. Equally important, organizations can choose to have CSPM tools automatically make corrections to maintain compliance, even as circumstances shift either within the requirements or the cloud environment.
Threat intelligence encompasses data related to threats and vulnerabilities, as well as bad actors, exploits, malware and indicators of suspicious activity or compromised systems (making it a critical capability for the cloud). Better intelligence makes it possible to resolve security events faster and more effectively while providing insights to further enhance strategy.
OTHER KEY FEATURES
Other features of CSPM solutions may include:
- Enhanced visibility into cloud costs
- Cost optimization capabilities
- Emphasis on seamless compliance and governance
- Network visualizations that depict trust relationships and guide remediations
- Threat remediation capabilities, including integrated cross-team capabilities
- Compatibility with other cloud security tools
- Robust customization of rules and reports
Multicloud has become the norm, but its benefits come with an added layer of complexity. When multiple cloud services communicate with each other, the landscape becomes even more difficult to parse. CSPM restores control and oversight to cloud ecosystems that can quickly feel unmanageable if they are not subject to proper controls.
How can CDW help your organization improve the security of its cloud data and workloads?
The Cloud Security Landscape
The expected growth in public cloud spending in 2021, with the largest categories being Software, Infrastructure and Platform as a Service1
The percentage of organizations that expected to migrate to cloud-based models within the next year2
The percentage of enterprise workloads that will be deployed in cloud infrastructure and platform services by 2023, up from 20 percent in 20203
The average time it took organizations in a mature stage of cloud modernization to detect and contain a security breach4
How Automation Enables Effective CSPM
In general, cloud security strategies should incorporate the same fundamentals as on-premises security: defense in depth; least-privilege access controls; and the exercise of continuous, adaptive monitoring and management.
Research shows that many IT professionals are concerned they are not adequately leveraging automation to effectively manage their cloud infrastructures. Faced with the persistent gap between consistent, reliable data protection and the shifting sands of the cloud, these professionals recognize that where manual processes are insufficient, automation is key.
CSPM tools address this concern by automating an organization’s governance, risk management and compliance for the cloud. Automation minimizes the burden on IT staff, which in itself is a significant advantage. But it also gives organizations a fighting chance against attackers, who are arming themselves with the same powerful tools.
“In the same way automation may be helping you scale up your defensive operations, it can also help attackers scale up their offense,” notes Verizon’s “2021 Data Breach Investigations Report.”
Simplify Your Cloud Security Posture
CLOUD ASSET INVENTORY
CSPM tools provide continuous visibility across all deployed assets from a single, unified console. They can automate both workload and application classification and full lifecycle asset change attribution.
A need for greater visibility, particularly in hybrid and multicloud environments, drives the adoption of CSPM tools. Visibility is broader, however, than simply understanding the cloud environment from a security perspective; it also should be actionable.
Many CSPM solutions can enforce configuration policies across multiple cloud services and fix common misconfigurations before they lead to security incidents. Some CSPM platforms allow users to build custom rule sets and reports.
This CSPM capability helps organizations prioritize issues. By identifying which concerns are most important and the steps needed to address them, CSPM solutions provide IT teams with a launch point and a roadmap for remediation.
Continuous compliance posture monitoring for a variety of standards and frameworks (such as HIPAA or the European Union’s General Data Protection Regulation) helps organizations investigate and remediate compliance violations.
CSPM can automatically resolve policy violations, such as misconfigured security groups. All CSPM tools can flag misconfigurations, and many can also enforce policies through auto-remediation. Some solutions allow users to build custom rule sets and reports.
Learn how CDW can help you protect your data in the cloud.
Building Cloud Threat Intelligence
Rapid response to potential threats is imperative, but security teams must also plan for the long term. Addressing that shift requires IT departments to develop a comprehensive threat analysis; increase their use of cloud-native intelligence, such as intrusion prevention system signatures, behavior patterns and other elements; and emphasize cloud-specific events and scenarios. The SANS Institute recommends creating a comprehensive model to gather, analyze and manage cloud threat intelligence.
Review data sources, both internal and external, to ensure data is appropriate and accurate.
Verify that integration is functional; that is, ensure that data from cloud events is going to security analysis services as intended.
Perform event reviews to ensure that any event data updates properly and furnishes enough detail to inform analysis and investigation.
Validate information related to cloud security events, with an eye toward capturing all relevant data.
Assess value periodically to ensure threat intelligence activities yield “useful, actionable and timely” insights.
The First Steps Toward CSPM
Despite the many benefits of the cloud, organizations that increase their cloud use need to address a major hurdle: A broader presence in the cloud creates a larger attack surface and increases vulnerability.
Well-publicized cloud breaches have borne this out. IBM’s most recent annual study of data breaches, “Cost of a Data Breach Report 2021,” states that when breaches do happen, they’re expensive: $4.8 million, on average, in the public cloud and $3.6 million in a hybrid cloud.
The financial impact, of course, is just one consequence. Others may include:
- Loss of intellectual property
- Fines and legal ramifications arising from regulatory noncompliance
- Downtime related to breach containment and systems rebuilding
- Reputational impact and reduced trust among the public, customers and partners
In analyzing the vulnerabilities that most often lead to cloud breaches, the National Security Agency identified four categories:
- Poor access control
- Shared tenancy vulnerabilities
- Supply chain vulnerabilities
“Cloud vulnerabilities are similar to those in traditional architectures, but the cloud characteristics of shared tenancy and potentially ubiquitous access can increase the risk of exploitation,” the NSA notes.
Although organizations can take steps to minimize risk arising from shared tenancy and supply chain vulnerabilities, the primary areas of risk mitigation within their control are configuration and access control.
CLOSING THE GAP
Within the shared responsibility model, one of the most important tasks for organizations is the proper configuration of application-level security. Misconfigurations are one of the most common sources of data breaches, so it is imperative to get this task right.
The problem for many organizations is that lack of visibility and control, exacerbated by a deficiency in cloud security expertise, make it nearly impossible to configure cloud environments correctly and to consistently apply security controls and policies.
In the absence of a holistic, proactive cloud security strategy, vulnerabilities like these are almost certain to occur, especially when cloud environments are known to be susceptible to breaches. As of this year, in fact, Verizon’s “2021 Data Breach Investigations Report” found that external cloud assets were involved in cybersecurity incidents and data breaches more commonly than on-premises assets.
Organizations should start by determining whether CSPM is appropriate for their needs. The first questions to ask are “Do you have Infrastructure as a Service?” and “Are you using cloud services that require CSPM?” An assessment can help organizations determine which CSPM tool makes the most sense for a specific environment. Third-party partners can provide insight into the capabilities of various CSPM offerings, and how to use them to improve the cloud environment and remediate security issues.
Ultimately, CSPM is one component of an overarching cloud security strategy. It brings cloud security under the same stringent protections that govern on-premises security, making governance and risk management an integral, ongoing aspect of cloud operations. As CSPM solutions check the most critical boxes for cloud security (visibility, control, proper configuration and automation to augment staff limitations), they allow organizations to confidently take full advantage of the cloud.
TEST-DRIVE A CSPM WITH A CUSTOM ASSESSMENT
CDW’s complimentary Cloud Security Posture Assessment provides visibility into cloud environments, plus analysis and recommendations to enhance security — information that empowers organizations to immediately mitigate risky misconfigurations.
The assessment starts with a discussion of the organization’s goals, followed by a kickoff call with an assessment lead. CDW then onboards the organization to an industry-leading CSPM solution and, as needed, provides ongoing support during the assessment. This read-only connection lets CDW see only information about how the cloud is configured, not any data inside the cloud.
The organization’s IT staff can test-drive the tool to see how it works in their environment.
Organizations may have several reasons to request an assessment:
- Ensure configurations are secure across cloud platforms
- Evaluate compliance with regulatory requirements
- Gain hands-on experience with a variety of CSPM tools
- Get help analyzing findings and making recommendations
- Obtain quick, actionable information that addresses time constraints, knowledge gaps and lack of visibility
After this guided trial of the CSPM solution, CDW shares its findings and recommendations in a brief presentation, including guidance on which issues to prioritize. In addition, the organization can export a variety of compliance framework reports.
Organizations may choose to augment the value of this assessment by pairing it with an annual penetration test.
Story by Mike Mullen, a senior field solution architect for CDW’s Secure Cloud team. He is a knowledgeable cybersecurity professional focused on assisting companies as they develop security strategies for their public cloud and hybrid cloud environments. His experience with businesses varying in size from fledgling startups to expanding global corporations affords him a distinctive viewpoint for determining how security can advance business operations to achieve goals.