Cloud Native and the Hype of Security
Through proper understanding and support, your organization can ensure it is secure while operating in the cloud and start taking advantage of the many possibilities present.
Cloud Security is a nebulous topic. It has almost all the same risk factors as a regular on-premises network, plus more. Before we jump into all the similarities, differences, and how to secure them, let's define “cloud.”
Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.
This means someone else is managing most of your maintenance and ensuring you have enough compute and storage ready in case of usage spikes…without you having to lift a finger. No more managing giant air conditioning systems; all the physical aspects you used to manage, such as power and having staff physically rack servers, are a thing of the past.
With cloud, you can press a few buttons (after giving them a credit card) and within minutes, you have new infrastructure ready to use. Apps can seamlessly fail over from server to server without any effort on your part. Cloud providers also offer geographical distribution (which is great for disaster recovery planning), auto-scaling, infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and centralized management and visibility like never before. They also offer newer types of technologies, such as serverless and infrastructure as code, among others.
When speaking about security in the cloud, quite often practitioners are talking about how we secure cloud native. So what’s that?
I define “Cloud Native” as applications and services that automate and integrate the concepts of continuous delivery/integration/deployment, DevOps, microservices, serverless, and containers.
Although some people define cloud native as ‘products that only work in the cloud,’ my personal definition above combines several common definitions.
Now that we have defined cloud native, how do we SECURE it?
Several concepts that apply to an on-premises data center still apply to cloud, such as:
- Zoning – separating parts of your network using firewalls to prevent pivoting in case of breach
- Patch Management – applying new patches to virtual machines, regularly and promptly
- Scanning for vulnerabilities – on virtual machines and containers but not PaaS
- Monitoring and logging – keeping track of what’s happening on your network
- Incident Response – unfortunately, this has not changed!
With cloud native - and all the new types of technologies that are a part of it - we must also apply new tactics and automation of older tactics.
- Zero Trust
- Just in Time (JIT) access control and permissions
- Automation for Patching and Patch Management
- Total visibility and threat monitoring
- Automation of security during the SDLC
- Monitoring of everything, with automated responses
- Better resilience means the ‘A’ in CIA
- Security as Code
- Using serverless and logic apps to protect yourself
- Writing playbooks for automated security responses
- Using Cloud Native Security tools, such as Cloud Native SIEM, Native Threat Detection/ Protection and Native Firewalls.
- Less Heroics = Happier Staff
- Happier Staff = Less Turnover
And with new tactics, we of course need new tools. What follows is a non-exhaustive list of new and exciting tools for cloud!
- Visibility of publicly exposed resources
- Inventory and logging automation for compute, data, management, network, security, and even applications
- Tracking permissions over time, for each user
- Networking images that are actually correct, including security settings for your cloud vendor (not third party)
- Who has access to your online storage and which privileges they have
- Automated reporting worthy of presentation to executives
- Auto-remediation of some policy infractions, such as excessive permissions and missing MFA
- Third party tools that can manage your cloud instance for you, or just offer advice
- Bug tracker integration for policy infractions
- Visualization of user management, network, permissions, etc.
- Ability to buy third-party tools but have them managed for you by MSSPs
- Having better visibility means more information when responding to incidents and breaches, even if these tools aren’t made for this
The cloud is becoming increasingly popular, with more people jumping on the bandwagon and reaping the benefits. However, as with anything, it has its risks. Through proper understanding and support, your organization can ensure it is secure while operating in the cloud, which means you can start taking advantage of the many possibilities present!
Written by Tanya Janca of SheHacksPurple and Bright Security