Cloud Security Part 3: Identifying Cloud Misconfigurations & How to Fix Them
Cloud misconfigurations present a major opportunity for cybercriminals to attack your organisation and steal your data. Cloud misconfigurations can occur because the users who are building infrastructure in the cloud don’t always have the knowledge on how to build infrastructure securely. In the early days of cloud adoption, the teams that would use the cloud would be developers creating cutting edge applications, usually under the radar of the cybersecurity teams tasked with protecting the corporation.
So, how do you go about identifying Cloud misconfigurations? In our experience as threat management specialists, the best way to deal with Cloud misconfiguration is to use security posture tools. Many security posture tools deal with Public Cloud environments but not SaaS environments. Ideally, it’s beneficial to find tools that can deal with both environments as it will save on managing two different environments.
Most security posture tools allow organisations to define Cloud benchmarks like CIS, NIST, CSA etc. that define which configurations are correct and which are incorrect. Many tools provide the remediation advice on what needs to be done to fix the various misconfigurations. A good security posture tool will also categorise the misconfiguration, for example:
It’s also a good idea to continually monitor for misconfigurations in your Cloud environments as well as integrate the results into a SIEM environment so that the Security Operations Centre has visibility of the issues and can respond quickly. Most security posture tools have integrations into the major SIEM environments or provide the ability to export to an event bus or Cloud storage environment. So, in theory it should be possible to integrate with anything.
Complimentary to a security posture tool is ensuring you have coverage of all your Cloud assets. Having visibility over everything that exists in your Cloud environments goes a long way to selecting the correct security posture and required vulnerability tools.
How to fix Cloud misconfigurations
A crucial point to raise is misconfiguration in your Cloud environments may be the result of some fundamentally flawed configuration, particularly in Public Cloud environments like Azure, AWS and GCP. There could be several steps required to fix the misconfigurations:
User education is key in understanding and fixing how this configuration happened. Make sure the appropriate training and guidance is provided throughout the organisation for whoever deals with Cloud configurations. AWS certifications provide a good foundation for understanding the cloud and the shared security model.
It is important to have development/sandbox environments no matter how big or small the environment. Identifying misconfigurations here will stop the leak into production.
Adopting automation practices and building Infrastructure as Code (IaC) using security best practices will ensure that infrastructure remains secure and is repeatable as it transitions from development to production.
There are also several tools that can assist with misconfiguration and vulnerabilities in the build pipeline and repositories for IaC deployments. These tools check issues during the build process and won’t allow deployment if a misconfiguration or vulnerability exists.
This is an important step to providing DevOps/DevSecOps capability and to becoming more mature with Cloud deployments.
Carefully select a Security Posture tool that fits with the Cloud environment you use
Build Security Posture into an ongoing process
Integrate the results from Security Posture into a SOC environment
Try and fix the configurations as close to source as possible otherwise they will quickly re-appear
Having visibility over everything that exists in your Cloud environments goes a long way to selecting the correct security posture and vulnerability tools required.
In chapter 4, our concluding instalment in this series, will share with you our tips for Cloud security monitoring and what key considerations you take into account when choosing a cloud security monitoring solution.