Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Why IaaS Security Should be a Priority

Published 08/20/2021

Why IaaS Security Should be a Priority

This blog was originally published by Bitglass here.

Written by Jonathan Andresen, Bitglass.

Why are CIOs and IT organizations prioritizing investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains, and partners. Getting the most value out of legacy systems typically involves integrating them with cloud infrastructure and apps. As a result, cloud infrastructure in IaaS is projected to see an end-user spending increase of 38.5% this year alone – growing to $223B in 2025, making it one of the fastest growing cloud services according to Gartner. Popular infrastructure services include Amazon’s Elastic Compute (EC2), the Google Compute Engine, and Microsoft Azure.

There are clear advantages of IaaS cloud computing. IaaS infrastructure is elastic and scalable, letting businesses purchase extra capacity as needed without investing in hardware that must be deployed and maintained. What’s more, IaaS enables an increasingly remote workforce, who can connect to their business from any place with an internet connection. With unlimited computing resources only a click away, IaaS has become a tool of choice for developers. What’s less well understood, however, is how to best secure IaaS infrastructure and the data created and uploaded to it.

IaaS apps are designed for productivity with default settings geared towards ease-of-use – not security. As a result, the misconfiguration of cloud infrastructure is a leading contributor to data breaches. If an organization’s cloud environment is not configured properly, critical business data and applications may become susceptible to an attack. Because cloud infrastructure is designed to be easily accessible and promote data sharing, it can be difficult for organizations to ensure their data is only being accessed by authorized users. This issue can be exacerbated due to a lack of visibility or control of infrastructure within their cloud hosting environment.

Using IaaS safely requires that organizations address the three pillars of IaaS security: securing data at rest, securing custom applications, and cloud security posture management (CSPM) – which is designed to identify misconfiguration issues and compliance risks in the cloud. An important purpose of CSPM is to continuously monitor cloud infrastructure for gaps in security policy enforcement

Typically, IaaS solutions need extensive configuration for them to function well. Failing to apply even a single setting correctly can prove disastrous for any company. Fixing misconfigurations on these platforms is a critical step to prevent data leakage. When organizations fail to do this, data within storage offerings such as AWS S3 can be left public facing and open to anyone who tries to access it ­– especially cybercriminals.

According to Gartner, misconfiguration of the cloud environment is one of the more common mistakes in the cloud that can lead to a data breach -- and use of a CSPM tool can reduce cloud-based security incidents due to misconfigurations by 80%.

At a minimum, CSPM tools should include the ability to:

  • detect and automatically remediate cloud misconfigurations with an intuitive graphical interface;
  • maintain an inventory of best practices for different cloud configurations and services;
  • map current configuration statuses to a customized security control framework or regulatory standards;
  • work with IaaS, SaaS and PaaS platforms in containerized, hybrid cloud and multi-cloud environments; and
  • monitor storage buckets, encryption and account permissions for misconfigurations and compliance risks.

CSPM tools play an important role in securing a cloud environment by reducing the possibility of data breaches. For this reason, IT leaders should consider implementing CSPM in tandem with a Cloud Access Security Broker (CASB). CASB is a software tool or service that can safeguard the flow of data between on-premises IT infrastructure and a cloud provider's infrastructure.

Share this content on your favorite social network today!