Cloud security has become increasingly complex and distributed. The rapid transition to remote work and increased cloud adoption have dramatically changed the IT landscape, producing new cyber-attack vectors and data breaches. Today’s cyber-criminals aren’t necessarily trying to knock down doors. Instead, organizations are leaving many of them open themselves. According to Gartner, through 2023, “…at least 99% of cloud security failures will be the customer’s fault.”
This is an unsettling prediction but not entirely surprising given the realities that teams face today. The overwhelming complexity of the cloud systems asks for both expertise in both application development and security, which is perhaps unreasonable. The placement of security controls has moved away from security teams and into application development teams.
CSPM: The Industry’s Response to Cloud Complexity
To deal with this complexity and constant change, a new market segment has emerged. It is broadly referred to as cloud security posture management (CSPM), and security organizations typically use it when wanting the equivalent visibility and security they’ve had with on-premise environments.
Current CSPM technology aims to help security teams understand what resources they have in their cloud environments, what security controls are in place, how they are all configured and automate as much of it as possible. While it is largely successful in accomplishing these feats, CSPM in its current form isn’t without its limitations. As we’ve learned in the past with our approach to securing on-premise networks, visibility plays a fundamental role.
The Importance of Visibility
It’s not uncommon for organizations to lose track of their cloud deployments over time, considering it only takes a developer and a department credit card to spin up a cloud environment. Nowadays, developers are empowered to innovate at speed and scale, but who keeps track of these newly created multi-cloud VPCs, VNETs and VCNs? Even more worrisome – who is responsible for securing them?
There are always unknowns when networks grow and change. Still, we also know that tools that provide visibility can give security teams a more accurate, dynamic and comprehensive look at what resources they have, how they are connected and the risks associated with them.
Unfortunately, many CSPM tools present their findings in static, tabular forms. It can be challenging to understand the relationships between resources, such as between multiple accounts and whether they’re shared or not. Teams are often asked to secure unmonitored cloud environments and benefit from a visual, interactive model of their organization’s cloud resources.
This visibility allows security teams to fully understand their cloud footprint and reduce their overall attack surface by understanding the interconnectivity between their resources. Some CSPM tools can show connectivity where there is traffic, but security teams want to calculate how an instance gets to the internet, what security points it goes through and through which port and protocols.
Understanding End-To-End Access
Current CSPM solutions remain insufficient when it comes to calculating access that can lead to data breaches accurately. Many tools simply call into the APIs of CSPs looking for misconfigurations at the compute and container levels, but they don’t fully understand “end-to-end” access. For example, they may only look at a setting in AWS that states a particular subnet is “public,” so, therefore, it’s exposed. However, that’s not necessarily true because there may have other security controls in place, such as third-party firewalls or their own Kubernetes security policy.
For example, perhaps a network security engineer who doesn’t understand native AWS and Azure firewalls instead decides to use a third-party firewall from a vendor they’re already familiar with. Suppose that a firewall is blocking access to the public-facing nternet. In that case, current CSPM tools won’t recognize it, and security engineers can spend their days chasing false positives simply due to a lack of accurate information involving access.
Prioritizing Exposed Resources
With increased cloud complexity comes increased risk–there were over 200 reported breaches in the past two years due to misconfigured cloud deployments. Several of the most significant data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks, so prioritization efforts should begin there. In addition, unintended access and shadow IT can also lead to cloud leaks. So by establishing an “exposure first” security approach, cloud security teams can identify critical vulnerabilities and prevent costly breaches.
CSPM is a critical ally in the fight to secure the cloud, but security teams need additional visibility and improved accuracy that is still lacking in many organizations.
Kurt Van Etten Chief Product Officer, RedSeal