Cloud Security 2.0Posted on July 20th, 2020
Now that cloud technology is maturing, we’re seeing more and more offerings that focus on cloud security. As organizations continue moving resources and infrastructure to cloud projects, they are finding that the onus is on them to use the cloud securely. Rather than conceive of the cloud as “secure” or “insecure”, the question of the day is “are we using the cloud securely?”.
In this post, we’ll take a look at this paradigm shift and what it means for enterprises considering the move to the cloud. In particular, we’ll look at how new tools and new practices are evolving to make a more secure cloud, and how to take advantage of them.
The current generation of cloud providers all offer great tools to take some of the security load off your team. They help you deploy securely and ensure you stay secure. Amazon’s AWS Inspector and Microsoft’s Azure Inspector will scan your servers and ensure you’re not vulnerable to any known issues. And they’ll update periodically, so as new issues are identified, you’ll be alerted immediately.
Other tools, like Web Application Firewalls (WAFs) offer more sophisticated ways to protect your infrastructure. They apply rules, including machine-learning based rules, that identify threats and dynamically protect your cloud deployment. Many of these tools have out-of-the-box solutions that can be deployed with a single click. Some of the more sophisticated ones have deep configuration possibilities that let you leverage the tools to the fullest.
In any case, these automated tools are the perfect starting point for using the cloud securely. Automated tools and scanners help you avoid the common pitfalls that can come from simply launching an unconfigured server or overlooking some important patch. Security experts put a big emphasis on automation: checklists, automated periodic scans, and firewalls are all great ways to get a lot of security benefits quickly and cheaply.
At the same time, one-click tools can only take you so far. They work well for smaller setups where most of the architecture is off-the-shelf, but if you’re using the cloud to the fullest and deploying multiple new instances daily, you’re going to need to think through policies and spend some time on configuration.
Cloud providers these days are placing a big emphasis on Identity & Access Management. Ensuring you have the right role for a given server, process, or user is hard and requires thinking things through and looking at the larger security landscape. What does your architecture require that a given role have access to? What parts of your system need to be securely fenced off to all but the most privileged users? It’s no longer acceptable to have one “god account” with credentials to access everything.
Another benefit to developing a full security policy is that being secure and showing others that you’re secure are (unfortunately) different things. Security also requires compliance monitoring and auditing. Cloud providers are also stepping up their offerings in this area. AWS offers compliance resources and guidelines for almost every governmental organization and Google offers an array of checklists and auditing tools in their security center.
Becoming more secure
As long as organizations are providing valuable services and developing new software platforms, there will be ongoing, evolving security threats. The cloud offers a lot of new possibilities to answer those threats by building evolving security tools and leveraging the resources of cloud providers. Tools like Inspector evolve to meet threats and let you use the cloud provider’s knowledge to keep your infrastructure safe.
Although there are many tools for using the cloud securely, it can be difficult to know where to begin. Both Azure and AWS offer tools, the AWS Security Hub and Azure Security Center that make it easy to get started. These tools let you activate the scanners and rules we mentioned above, and generate a single report view for you to see how secure your infrastructure is, including single security scores. As always, we’re ready to start a conversation about how you can improve your security score, and how you can leverage cloud tools to stay secure.