Whose Fault Is That? How Not to Be a Cloud Security Statistic
Whose Fault Is That? How Not to Be a Cloud Security Statistic
Focus on understanding and upholding the shared responsibility model, taking advantage of the security tools available to you, and continuously monitoring activity in your cloud environments.
Join the DZone community and get the full member experience.Join For Free
Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you have to point the finger at your organization.
Or — better yet — you could take the necessary and proactive steps to minimize the likelihood that you’ll become one of the cloud security failures. The good news is that it’s pretty easy to find out what you need to do. Below we’ll outline the steps to make sure that you stay out of the headlines and out of the statistics.
Don’t Fear the Cloud; Fear Your Users
It wasn’t so long ago that people were wondering whether they could really trust the public cloud. How could a large, well-established organization, used to running a private data center in the basement, suddenly rely on Amazon to keep their data and applications safe? It was daunting.
Today, for many businesses, that fear has largely dissipated. Of course, you can trust AWS (or Azure or the Google Cloud Platform). They have huge teams of highly talented infrastructure engineers, rarely face downtime, and are on the cutting edge of security best practices.
The problem is that organizations have started to believe that cloud providers are entirely responsible for their security needs. As a result, many of them aren’t paying enough attention to how their employees are using external applications. This leads to employees sharing data (often inappropriately) with other employees, third parties, and sometimes pretty much the whole internet.
No matter how secure AWS or Azure is, if your organization doesn’t have proper protocols, controls, and user education in place, your data’s not safe, period. So, let’s take a look at what you need to do to not be part of Gartner’s 95% statistic.
Understand Shared Responsibility (And Uphold It)
We harp on this a lot, but that’s because it’s important! The shared responsibility model is vital to the health of the cloud. You need to understand what your responsibility is when it comes to cloud security and what belongs to your provider. In the case of the cloud, providers are responsible for the security of the cloud itself. You are responsible for securing your data and applications in the cloud.
If you’re not sure exactly what this means, take a look at AWS’s Shared Responsibility Model documentation. It explains how seriously AWS takes security and the various precautions they have taken to ensure you don’t have to lie awake at night worrying. Azure also offers significant information about their approach to security, as does Google Cloud Platform.
The bottom line is that, while you can trust these providers to hold up their end of the bargain and protect the cloud itself, what you can’t do is assume that means your data and applications will, therefore, be safe. That part’s your responsibility. (Below, we’ll explain how to take care of it.)
Take Advantage of Built-In Security Tools
Cloud providers have also started offering a variety of security tools and features built right in that organizations can use for data protection. This includes encryption at rest and in transit, web app firewalls, and key management. AWS CloudTrail, for example, helps organizations identify which users and accounts are accessing AWS services, determine the source IP address that API calls are made from, and find out when the calls occur. This offers quite a bit of information that can be used to detect and respond to potential security issues. It’s a good start, but you’ll want to add on.
Audit Your Configurations
Remember, your cloud is only as secure as your configurations. A staggering 73% of companies today have critical AWS misconfigurations that make it easy for attackers to access non-public resources or consoles. Disconcerting, right? Plus, we ran a study recently and found that the majority of companies have still not closed these gaping holes.
It’s up to you to make sure that you are meeting the best practices laid out by providers and the Center for Internet Security. It’s true that AWS offers guidelines about how to best configure your environment, but they can’t do it for you.
This can be a daunting task, which is exactly why we built Threat Stack’s Configuration Auditing solution. This helps organizations quickly and easily understand where they are in relation to these best practices. So if you run a configuration audit, you’ll be able to see where exactly you need to make improvements and even prioritize these action items based on the severity.
Use Continuous Monitoring
In addition to upholding shared responsibility and making sure you configure according to best practices, you need to gain continuous visibility into what’s going on in your environment. This is of utmost importance for regulated industries and sensitive workloads in the cloud, but no one can afford to ignore it.
What kind of visibility do you need? In the cloud, it’s best to focus on the workload. There is no way to know what’s happening with your files and who’s doing what if you can’t look at events on the host. If you’re coming from a legacy environment, this can necessitate a shift in mindset, but it’s necessary to ensure your success and security in the cloud.
Collect data straight from the kernel and you’ll be able to monitor, audit, and alert on any real or potential threats as they arise. That’s simply not possible with more traditional network and log-driven systems. Prioritize visibility to ensure security in the cloud.
Turning the Numbers Around
You don’t want to be part of the 95% statistic, and as long as you follow the steps outlined above, you won’t be. Focus on understanding and upholding the shared responsibility model, taking advantage of the security tools available to you, and continuously monitoring activity in your cloud environments, and you’ll be well on your way to beating the odds.
Published at DZone with permission of Natalie Walsh . See the original article here.
Opinions expressed by DZone contributors are their own.