From the sprint to the establishment of employee home offices in the COVID-19 pandemic, the security consequences do not only involve vulnerable endpoints and home networks: What’s more worrying is that with the emergence of physical offices and security operations centers, there is a need for cloud-based The rapid adoption of the technology darkened the home office.
A physical and cloud-based hybrid IT infrastructure is now implemented in many organizations, which will change the corporate landscape in 2021 and beyond, thanks to COVID-19, which has prompted organizations to switch to a work-from-home model almost overnight.
Organizations are already struggling to manage and properly protect their physical IT infrastructure, which has expanded with the development of mobile and IoT devices and risks exposing company data.
Now, adding cloud services to the mix (such as AWS S3 data storage, Salesforce, Slack, ServiceNow, etc.), the potential of blind spots and vulnerable devices will increase exponentially. Since 2017 and continuing to this day, the infamous wave of leaks of AWS S3 bucket incidents is just one thing about to happen because of how easy it is to inadvertently mess up cloud security.
The core challenge is visibility and control of the content connected to the corporate network, and the cloud exacerbates an already obscure and difficult task. Most reputable cloud-based services actually come with built-in security controls, but customers still need to manage and configure these settings, and this is usually the problem. According to Gartner data, by 2025, 99% of cloud security incidents will be handled by customers. This may lead to leakage and leakage of sensitive data.
Some emerging startups and technologies are trying to solve visibility and management issues. For example, DisruptOps is the idea of Rich Mogull, Mike Rothman and Adrian Lane, the head of Securosis, and it stands out from a project established by a senior security consultant. Recently, the company received $9 million in Series A financing less than two years after its launch in the fall of 2018. Cloud-based services provide what the founder calls a “guardrail” that can automatically evaluate and implement security policies in the cloud infrastructure, including configuration incidents.
Last month, “security as a service” startup JupiterOne stood out with a $19 million Series A financing. Its service automatically finds and keeps updated online physical and virtual devices and assets in the organization, including cloud-native services.
Traditionally, identifying and managing the security of cloud-native services and assets has been a time-consuming manual task. Will Gregorian, CISO of wealth management services company Addepar, pointed out that assigning engineers to manually inventory and maintain all the assets of the organization is also expensive.
“you are always [just] Keep up with the pace of asset management plans. “He said.
Addepar recently replaced its government, risk management and compliance (GRC) tools with JupiterOne services. Gregorian said his company can now run queries on AWS S3 accounts to ensure that they are properly locked and not exposed on the public Internet, and can measure the policies assigned to buckets.
He said: “For example, you can see who has access to which bucket and identify access keys that are no longer needed and can be obsolete.
Misconfiguration of security as a service (SaaS) or cloud-native applications is common, mainly due to human error and the fact that it is almost impossible to manually keep up with all potential settings and connections provided in these services. According to a new survey by AppOmni, nearly 60% of organizations now manually audit the security and compliance of their cloud-based applications. In addition, only 31% of people run automated tools to manage SaaS configuration and security, while 10% have no process for this.
Brendan O pointed out: “Security teams are often busy responding to ransomware, requiring patches and strengthening peripheral functions”, so that the business of managing SaaS configuration usually depends on the business department, and the business department relies on IT to manually configure and manage applications. AppOmni CEO Connor said the company provides a service to manage the security of SaaS applications, including APIs and configuration settings.
He noted that security teams often don’t even have permission to log in to Salesforce.com or other applications used in the organization. O’Connor said this could lead to misconfiguration of security controls in ServiceNow, Slack, and other cloud-based applications.
He said: “Visibility is the core challenge, and security teams usually don’t have enough bandwidth to fully grasp all the details of these applications, or there is no API to connect with SaaS applications to work both internally and externally.
He said that large-scale SaaS applications such as Salesforce and ServiceNow require “hundreds of knobs and switches” to learn. He said that AppOmni’s service regularly finds users who have unnecessary and over-permitted access to these applications, mainly due to configuration errors or supervision rather than malicious activities.
Even so, accounts exposed to the public Internet are vulnerable to abuse, especially as cybercriminals regularly scan for vulnerable systems there.
Kurt John, chief cybersecurity officer of Siemens USA, said that many organizations have disrupted their plans from planning a gradual cloud deployment to immediately adopting the pandemic.
He said: “With this accelerated action…they obviously need to prioritize business operations, and this often compromises security.”
Richard Stiennon, founder of IT-Harvest, pointed out that this is why organizations need to invest in adequate cloud asset management and configuration management. Stiennon said that due to phishing attacks related to COVID-19 this year, there may be a wave of data breaches by 2021.
Steennon said: “I am worried that next year will be all violations again.”
According to a new study by Trustwave, given that approximately 96% of organizations worldwide plan to redeploy sensitive data to the cloud in the next two years, violations will become even more ugly if organizations cannot properly manage and protect their cloud services.
At the same time, in COVID-19, the rapid spread of cloud technology is accelerating the development of new technologies to help manage these new hybrid infrastructures: the next big thing to control the cloud may be a more useful AI model. Keith Neilson, a technical evangelist for cloud governance provider CloudSphere, said that by 2021, artificial intelligence will evolve from detecting anomalies only (as most iterations do today) to actually sending out credible threats to security teams. alarm.
Kelly Jackson Higgins (Kelly Jackson Higgins) is the executive editor of The Dark Reading. She is an award-winning senior technical and business journalist with more than two decades of reporting and editing experience in various publications, including network computing, security companies, enterprises and enterprises.
Recommended reading:
More insights
#guardrail #cloud #native #applications
More from Source