Cloud Security Posture Management Best Practices
Security teams must rethink their approaches to protect this dynamic environment.
With the rapid adoption of cloud services and an increasing number of cloud infrastructure and platform services, we have witnessed an explosion in complexity and unmanaged risk in the mission critical industry. So the question is, what is considered best practice when it comes to cloud security posture management?
The cloud is unique, so it requires security teams to rethink classic concepts and adopt approaches that better address the challenges of a dynamic and distributed cloud infrastructure. Unfortunately, many security teams still rely on asset management, incident response, and internal training/education, which were originally built for on-premise environments and are now outdated. According to Gartner, by 2020, 95% of cloud security issues will be the result of misconfiguration.
As the cloud grows, so too does the playing field of participants. Between infrastructure management security, continuous integration/continuous delivery (CI/CD), and trying to navigate all of the nuances in between, it’s difficult to keep track of what each category of tooling includes. Within the cloud security space alone, we have security access brokers, workload protection platforms, and security posture management — a mouthful to say, let alone manage.
Cloud management platform and tools (CMPT) sits at the very top of the cloud services pyramid. This is a huge umbrella of categories that includes the CMP subset. According to Gartner, CASB, CSPM, and CWPP tools offer an overlapping set of capabilities to address cloud risks, but no single group performs all the features of the others.
CSPM concentrates on security assessment and compliance monitoring, primarily across the infrastructure-as-a-service (IaaS) cloud stack. It also assesses cloud environments against best practices and security violations to provide the steps required to remediate them — often through automation. Data breaches through mismanagement of IaaS usage are becoming commonplace. Nearly all successful attacks on cloud services resulted from customer misconfigurations.
Most common CSPM solutions will do things like identify cloud footprints and monitor for the creation of new instances or buckets (i.e. shadow IT). They can provide policy visibility and ensure consistent enforcement across multiple providers. And they can also perform risk assessments versus frameworks and external standards, such as the International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST). Typical CSPM services conduct these activities on a continuous basis and can include automation capabilities.
It is recommended that you continuously monitor your cloud’s security posture against established best practices with the help of cloud-specific benchmarks from the Center for Internet Security (CIS). Also, look to leverage a CSPM solution to automate benchmarking against multiple compliance frameworks at once. Make sure that your security tools and procedures account for the dynamic nature of your cloud environment and provide the real-time visibility necessary to audit the ephemeral nature of cloud infrastructure.
The amount of violation alerts security owners receive everyday can be overwhelming, so it is useful to prioritize them by quantifying risk. To start, take a look at violations that impact your critical cloud assets first, especially those that could expose data publicly or lead to unauthorized access. Work with a cloud security expert to build a custom plan to selectively enable security checks and policies that are most critical for your environment.
The life span of many objects in the cloud can be extremely short-lived, and even if your applications are not dynamic, figuring out security gaps late in production can be extremely expensive. What can you do? Well, you can define misconfiguration checks as a pipeline to find violations immediately after your deployment pipelines are executed. You can embed remediation steps into the redeployment pipeline to correct configurations. And it helps to continuously gather feedback to identify trends in violations, if any, to update your policies.
In order to ensure security in the cloud, a unique approach is necessary. Though there is no single right answer, CSPM solutions automatically assess your cloud environment to identify security violations and provide the steps required to fix things.