Defining an Effective Multi-Cloud Strategy: Identifying Vulnerabilities Before They Wreak Havoc
This blog was originally published by Alert Logic here.
It’s not news that organizations are facing a growing number and frequency of cyber threats, nor that new, sophisticated attacks are evading traditional security tools. But the growing threat that companies face is the complexity of their multi-cloud, multi-vendor environments.
With businesses using about five different cloud services on average, threat detection and response have become prohibitively difficult, leaving many companies vulnerable to devastating damages.
In this blog, we’ll focus on the vulnerabilities to look out for in multi-cloud environments, so that you can build a more effective multi-cloud security strategy right from the start.
Top Multi-Cloud Vulnerabilities
In the multi-cloud, the most common problems, when it comes to identifying vulnerabilities that can lead to potential threats, are based on configuration errors. The benefit of a cloud, whether it’s a multi-cloud or a single cloud, is that you can very quickly spin up an environment, especially a serverless container-type environment.
However, that has a drawback — often, you can spin up an environment without necessarily putting in place all the appropriate configurations, such as identity management access control. If it’s a public-facing environment, you’ll be exposed to vulnerabilities without all those checks.
“Left of Boom”, meaning pre-breach (with boom being the moment of a successful breach), specifically addresses one of the biggest issues to come out of the lack of appropriate configurations – human error. How do I make sure that I’m constantly scanning and looking at those environments to identify vulnerabilities?
Speed of development
Additional issues arise from the promise of the cloud in how quickly you can set up things. People often spin up environments in what they view as a nonproduction environment without thinking about checks and balances.
But just because nonproduction means the environment doesn’t have any data associated with it doesn’t mean that it’s not a conduit to a system that does have data. You may have a device on your network that’s publicly facing, that doesn’t necessarily have data residing on it, but that can function as a conduit to other systems. Now, you’ve opened a new door for attackers.
Not everyone patches their systems. In the cloud, you must make sure that any auxiliary systems that might be connected to your applications are patched and up to date.
With our customers, we come across systems that have been unpatched for years, in some instances. You’ve got to be very mindful of what vulnerabilities you’re opening up, how easy it is to do so, and the damage that you can cause doing it.
Multi-cloud exacerbates all of this because you often have skillsets within customer environments that are specific to one particular cloud environment. Knowing what configurations, what access control to put in place in each individual environment, and when to do it requires skill and knowledge. Not every organization has the ability to acquire those skills and that knowledge, so you can actually amplify your problems when you’re multi-cloud.
Start with Security
To effectively protect a multi-cloud environment, security must be part of your cloud strategy from the beginning. “Bolting on” security at the end increases the likelihood of a successful attack and leaves your security teams overwhelmed by the volume of incidents that need to be addressed.
About the Author
As COO and CTO, Onkar Birk oversees Product, Release and Threat Management as well as R&D for Alert Logic. Birk has built his reputation as a leader focused on delivering products to market with customer success, swift execution, and the development of talent on his teams.