5 Areas Exposing Your AWS Deployments to Security Threats
This blog was originally published on Vectra.ai
Let’s be honest, the cloud has come at us fast this past year—especially if you’re a security practitioner. Like lining up to race Usain Bolt in the 100 meters kind of fast. Only he’s the cloud and you’re trying to keep up. As soon as you get set, he’s already crossed the finish line and is onto the next deployment. What do you defend? Where do you focus your efforts and resources and how do you make sure all of your services are secure when you know threats are lurking?
And it’s not that they’re just lurking, we recently surveyed hundreds of security professionals who work to secure Amazon Web Services (AWS) and found that every participating organization had experienced a previous cloud security incident. The full findings are in the latest State of Security Report that provides insight from CISOs, security architects, engineers and DevSecOps professionals who share how their organizations are utilizing and securing AWS.
You’ll discover how organizations are utilizing Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) across AWS to rapidly develop and deploy workloads, while security teams are often struggling to keep up with potential vulnerabilities. In addition to the free report, you can also take a look at the five cloud security blind spots that were uncovered as well. But for now, let’s get to the 5 exposure areas in cloud deployments that can leave your organization susceptible to threats like ransomware.
1. Customer misconfigurations or mistakes
While the benefits of greater speed and agility that come with the cloud enable faster delivery of applications, these advantages need to be balanced against security risks that arise from increasingly complex and constantly evolving deployments. In fact, Gartner states that through 2025, 99% of all cloud security failures will fall on the customer. Misconfigurations or mistakes are inevitable but by utilizing artificial intelligence (AI) you’ll gain visibility into account creation, account changes and how services are being used to identify when something isn’t right.
2. More people, more access, more risk
The report findings reveal that 71% of participating organizations have more than 10 users with access and the ability to modify the entire AWS infrastructure. With more users granted access to AWS, risk exponentially increases as even one compromised account by an attacker would spell disaster. The challenges of securely configuring the cloud are expected to continue for the foreseeable future due to sheer size, scale and continuous change.
3. No formal deployment sign-off
The cloud has expanded to such an extent that securely configuring it with continued confidence is nearly impossible. Almost one-third of organizations surveyed have no formal sign-off before pushing to production, and 64% of organizations are deploying new services weekly or even more frequently. Not having a set sign-off procedure in place doesn’t always mean security isn’t prioritized, but it’s important that security teams are involved in deployments and ideally would be part of a formalized sign-off process.
4. Services with a high possibility of exploitation are being implemented
The survey cites that 71% of respondents use more than four AWS services, leaving themselves even more vulnerable to exploitation, while only 29% use three AWS services—S3, EC2, IAM. This shows that organizations are blind to threats in the services that aren’t covered with native security controls offered in the bottom three services. We also found that 64% of DevOps respondents are deploying new services at least once a week. As enterprises move their high-value data and services to the cloud, it’s imperative to control cyber-risks that can take down their businesses.
5. Different regional consoles need to be investigated separately
Data shows that 40% of participating organizations are running AWS across three or more regions. The challenge here is that native threat detection tools offered by cloud service providers require a single console for each region, so security teams have to manually investigate the same threat in each regional console. Attacks are rarely confined to one region as well, which puts organizations at a disadvantage during detection efforts because they lose a holistic view. In this case, native tools will only hold them back and may augment the risk of a successful breach.
By making sure your bases are covered in these areas during your cloud journey, you’ll be in much better position to reduce the risk of compromise and exposure to today’s ransomware attacks. For further insight, make sure to download the State of Security Report: PaaS & IaaS—More People, More Access, More at Stake.