The rapid rollout of the cloud to support remote working is creating more opportunities for misconfiguration.
The pandemic has seen a sharp rise in the investment in cloud infrastructure as businesses seek to mobilise their workforce and operations. This rampant cloud adoption, coupled with developers and engineers having to login remotely and a lack of visibility into the cloud, are all conspiring to create a perfect storm of insecurity. In some cases, workforces are even bypassing security and compliance policies altogether, increasing the risk of security gaps and the potential for a breach.
The top cause of security breaches continues to be misconfiguration. This occurs “when computing assets are set up incorrectly, often leaving them vulnerable to malicious activity”, according to the Cloud Security Alliance.
Casualties of misconfiguration
As the pandemic increased its grip during 2020, so companies started to succumb to misconfiguration issues, with three breaches linked directly to the misconfiguration of Elasticsearch databases resulting in the leakage of millions of records. Adult entertainment provider, CAM4, exposed 7TB of data totalling 10.88 billion records, while security firm Keepnet Labs saw a misconfiguration occur during the routine migration of its database and social networking site, Whisper, failed to password-protect its database, leading to the exposure of 900 million records.
The most common types of misconfiguration are Security Group misconfiguration that allows an attacker to access cloud-based servers and exfiltrate, a lack of restrictions and safeguards to prevent unauthorised access and a failure to implement least-privilege, which restricts permissions. All are attributable to human error and lack of oversight, which is perhaps why Gartner predicts that 99% of cloud security failures will be down to customer error through 2025.
We can also expect misconfigurations to creep up as enterprises become more agile and DevOps teams start spinning up infrastructure using code. The same one line of code that spins up a compute instance can also expose the same to the public internet. Businesses need this agility, but they also need to safeguard it, so should ensure there are sufficient guard rails in place to catch the misconfigurations as and when they occur, with the security team then alerted and if possible, auto-remediation should be carried out to deal with the violation.
While cloud misconfiguration appears to be the most common cause of cloud security breaches, reports suggest that 99% of these misconfigurations go unnoticed. Enterprises often overlook the shared responsibility for the cloud and assume that their cloud provider will take care of security, but when it comes to what is put into the cloud and the measures used to protect sensitive data, that is their responsibility.
Organisations should therefore seek to implement certain best practices to secure their cloud assets and prevent misconfiguration, including:
- Applying the principle of least-privilege to ensure that employees do not have unnecessary accesses and privileges. Over privileged identities continue to be one of the biggest threat vectors in the cloud.
- Implement frequent audit checks in the cloud against industry best practices like CIS benchmarks and NIST Cyber Security Frameworks.
- Maintain audit logs to track user activity.
- Encrypt all data.
- Automate security policy compliance since employees may not always be aware of the policies and configurations and may not act in accordance with these policies.
Yet keeping on top of misconfigurations is no easy task. A correctly configured system can easily become misconfigured during a migration, for example, which is why many businesses are now looking at automation tools.
How CSPM can help
CSPM (Cloud Security Posture Management) addresses misconfiguration issues by analysing configurations and comparing these with other inputs to identify risks. These tools assess, detect, log, report, and automate issue remediation and are also capable of discovering all assets, detecting unused assets, enforcing a security baseline, and helping stay compliant with security standards and regulations. This means that CSPM solutions don’t just monitor for misconfiguration but also facilitate security enforcement and operations, compliance assurance, investigation, and incident response.
While the ideal time to remediate a misconfiguration issue is less than two hours, enterprises often take days to identify a security issue before it can be remediated. Some of the 1,000 IT professionals that recently took part in a McAfee survey admitted it often took the business longer than 24 hours to correct reported misconfigurations, while in some serious cases, fixes took over a month. A CSPM solution can help reduce this window by enabling the business to identify misconfigurations in real-time and remediate them instantly.
C3M’s Cloud Control CSPM solution provides this level of automation across the entire cloud security and compliance management cycle, enabling the business to automate policy enforcement, security governance, impose compliance, and implement security across their cloud infrastructure.
In the policy compliance module, for instance, administrators can quickly see which cloud service configurations do not comply with pre-set policies, perform a deeper dive into the configurations, enabling them to see details such as how long the service has not been in compliance, and remediate issues automatically. While through audit trails, administrators can identify when the last configuration was made, by whom, as well as the severity levels of non-compliant configurations.
The challenge of shared responsibility is also automated, and security monitoring and remediation are made continuous and real-time. Moreover, because Cloud Control has identity and access management capabilities, it ensures that users have only the access they need to perform their tasks, enforcing the principle of least privilege.
If you’d like to find out more about CSPM, read our whitepaper Cloud in Crisis: Solving the multi-cloud security problem or download our Cloud Control datasheet here.