Securing the multi-cloud environment through CSPM and SSPM
By the CipherCloud Team
Misconfigurations are the biggest cause of data breaches in the cloud, exposing more than 33 billion records and costing companies close to $5 trillion in 2018 and 2019. - DivvyCloud
It took decades to convince IT leaders to move to the cloud. In the initial years, cloud adoption faced issues around security, privacy, and data protection. Zoom forward to 2020 and we are in a scalable cloud-first environment although some of those very same issues still prevail. And that is primarily because security and risk management leaders underestimate the attack surface on the cloud or believe their cloud provider is entirely responsible for security.
An article published by Gartner said. “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.” A leading cause for a wider attack surface on cloud is the ease at which cloud environments can be configured or misconfigured. Cloud environments that are misconfigured or mismanaged are responsible for very many successful cloud services attacks in the recent years.
Few factors that make the cloud environment attacker-friendly:
- Ease of Configuration: Cloud services are designed to be deployed on-demand, with default yet essential security settings. More often than not, these settings in SaaS and IaaS apps remain unchanged. This can substantially increase the chances of a breach in the organization.
- IT skillset fails to scale with cloud adoption: The migration of CRM, HRM, ITSM, IT workloads to the clouds, for collaboration and business continuity, is increasing the management complexity. Managing access permissions across these locations often are not effectively tracked, creating holes in the organization’s security net.
- Misplaced Onus on Cloud Providers: Many business leaders think that complete security of the cloud is on cloud providers. However, the shared responsibility model dictates that the security of content in the SaaS and IaaS apps, which includes configuration settings, is the responsibility of the business owner.
- Lack of Centralized Visibility: With regulations dictating compliance and how data should be stored in the cloud-environment and across cloud infrastructures, it is vital for the organization’s security and IT teams to have complete visibility. However, too many clouds clog the view of administrators in managing configuration settings for individual accounts. Compliance violations and unsecure storage of data across IaaS and SaaS clouds can pose serious security risks over time.
With the growing cloud popularity and adoption, organizations migrating their business-critical applications to the cloud are overlooking a simple cloud security question – How do I maintain configuration templates across multiple SaaS and IaaS clouds such as Office 365, Box, Salesforce, AWS, and Azure that drastically reduces risk and eliminates human configuration error or oversight?
The answer to securing cloud configurations can be found in a Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) solution. These solutions perform an automated assessment of your IaaS and SaaS landscape against well-defined security guidelines, reducing the operational complexity in managing multiple apps, preventing data loss from misconfigurations, and ensuring compliance in a multi-cloud environment.
CSPM and SSPM continuously monitors enterprise SaaS app and IaaS cloud environments to identify gaps between their stated security policy and the actual security posture. At the heart of CSPM is the detection of cloud misconfiguration vulnerabilities that can lead to compliance violations and data breaches. Some of the benefits include:
- Continuous visibility into multiple cloud environments of policy violations.
- Optional ability to perform automated remediation of misconfigurations.
- Use of prebuilt compliance libraries of common standards or best practices such as CIS Foundations Benchmarks, SOC 2, PCI, NIST 800-53, or HIPAA.
- CSPM offerings typically focus on identifying the following types of policy violations:
- Lack of encryption on databases, data storage and application traffic, especially that which involves sensitive data.
- Improper encryption key management such as not rotating keys regularly.
- No multi-factor authentication enabled on critical system accounts.
- Misconfigured network connectivity, particularly overly permissive access rules or resources directly accessible from the internet
- Logging is not turned on to monitor critical activities such as network flows, database access, or privileged user activity.