Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Neutralizing the Threat with Cloud Remediation

Published 04/23/2024

Home
Industry Insights
Neutralizing the Threat with Cloud Remediation

Originally published by Tamnoon.

Written by Michael St.Onge, Principal Security Architect, Tamnoon.

Smooth remediation requires meticulous coordination across tools, teams, and schedules. The complexity and scale of the remediation process may suggest that only a manual or an automated process can deal with it. Ideally, an organization can leverage the best of each process where appropriate. With so many different dimensions to coordinate, intricate planning and cross-functional excellence is critical to be successful.

Additionally, integrating security checks into CI/CD pipelines is an important part of execution, allowing you to catch vulnerabilities early in the development lifecycle before they reach production.


The Security / DevOps Relationship

Your security and DevOps teams must work hand-in-hand during this process. And while each team has their distinct domains, they also have shared goals to safeguard data and maintain uptime, meaning that a tight partnership is paramount.

This collaboration does not always come easy. Some common scenarios that can strain relations and undermine progress might be:

  • Competing priorities
  • Siloed teams
  • Different mindsets
  • Technical disconnects
  • Lack of clear policies
  • Unrealistic demands
  • Blame culture
  • Poor monitoring
  • Lack of trust (or confidence)

Nevertheless, it’s critical that security and DevOps teams develop a common “language” to achieve their shared goals, which include:

  • Align on severity levels, compliance needs, and business justification.
  • Agree on optimal coordination model and cadence of communications.
  • Establish validation criteria to confirm successful remediation.
  • Maintain clear documentation of roles, responsibilities, and risks.

By regularly communicating their priorities, constraints, and risks from both perspectives, and emphasizing their unified mission, DevOps and Security can align on the best approach to streamline remediation while minimizing disruptions. The organizations that have been most successful at bridging the security/DevOps gap follow a framework like the one below for disambiguating roles and forging common ground.

TeamRole and required inputsKey questions to ask counterparts
Security
  • Gather intelligence to understand risks, impacts, and technical constraints related to remediation
  • Provide clarity on severity levels, compliance implications, and data exposure risks
  • Supply guidance to DevOps on safe remediation methods to mitigate risks
  • Recommend testing procedures to validate remediation before deployment
  • Collaborate with DevOps to optimize coordination and communication
  • What risks do you foresee that we need to mitigate?
  • What dependencies with other teams or resources do we need to map out?
  • How complex will rollback be if any issues do arise? Are there ways we can simplify it?
  • Are there any technical limitations that could complicate this fix? If so, are there ways we can work around them?
  • What testing procedures do you recommend before we deploy any changes?
DevOps
  • Share insights on potential system stability and uptime impacts
  • Map out dependencies with other teams and resources
  • Devise reliable rollback procedures in case issues arise
  • Outline technical limitations and, if any, options to work around them
  • Continuously monitor for early warning signs of emerging risks
  • How severe and what is the potential business impact of this vulnerability?
  • How urgent is remediation? Is there a deadline?
  • Will we violate any compliance requirements if this is not addressed?
  • Does this issue expose sensitive information?


Key Steps for Secure and Seamless Remediation

Follow the Plan

Smooth execution requires a detailed plan mapping out phases, steps, timelines and responsibilities:

  • Document the steps to be taken to address specific types of security findings (public storage accounts, exposed services, unencrypted volumes, unrotated keys, etc).
  • Define timelines for each phase to provide clarity on the order and pace of remediation.
  • Assign clear ownership and responsibilities for each step to ensure accountability.

It’s crucial that security and DevOps teams collaborate closely on constructing this plan. Security provides expertise on managing risk and prioritizing assets while DevOps offers insights on the potential impacts of any changes made.

With both perspectives, the plan can sequence remediation intelligently by starting with high-risk, mission-critical items before moving towards low-impact items. For example, addressing improperly configured S3 buckets exposing sensitive data in phase 1 before rotating IAM keys in phase 2. By tackling high risk issues first, well-planned remediation systematically strengthens security posture while minimizing disruptions through incremental progress.


Sample Remediation Plan

In this sample plan, security teams have identified a high-risk misconfiguration; open-access S3 buckets which expose sensitive data. Unencrypted RDS instances are generating a moderate risk, threatening a service disruption during cutover. Lastly, IAM keys need to be rotated, which could cause minor operational delays if left undone.

Intelligent remediation prioritizes the reconfiguration of S3 bucket permissions; AWS-authenticated threat actors can read, write, and manipulate objects within the bucket, creating a high-severity risk to the asset and the business.

Armed with guidance on prioritization, the remediation team plans three 2-week sprints to tackle these misconfigurations.

During these six weeks, Security and DevOps should meet weekly to review:

  • Overall progress and timeline
  • Blockers needing resolution
  • Emerging risks and mitigations
  • Next steps and action items

Security and DevOps should also have contingency plans ready to adapt to changes in the remediation plan. To handle plan deviations:

  • Have risk mitigation strategies ready. Being prepared with contingency plans for potential issues prevents being caught off guard.
  • Replan dynamically if any issues emerge. If surprises come up, be ready to quickly adjust the plan and timelines. Don’t rigidly stick to outdated plans.
  • Adjust timelines as needed. Related to above, update schedules and phases if delays or changes occur.
  • Document all modifications. Track all changes to the plan in a central place for visibility.


Integrate Security into CI/CD Pipeline

Remediation should integrate security checks into existing CI/CD pipelines early to catch issues before they reach production. Scrambling to fix problems right before deployment creates unnecessary risk and delays.

Shifting security left in the pipeline provides multiple touchpoints to rapidly surface and resolve vulnerabilities at each stage of the development lifecycle.

Key techniques include:

  • Execute infrastructure scans during continuous delivery to catch misconfigurations around encryption, permissions, network rules, and more. This surfaces risks before they impact customers.
  • Trigger security scans at multiple stages, not just end — failures early in CI are cheaper to fix.
  • Gate releases if critical vulnerabilities are detected, failing the build. This prevents broken code from being promoted.
  • Automate scans as much as possible to save time and money.


Role of the expert vs. automation

Finding the right balance between manual and automated approaches is crucial for effective cloud security. Teams often have to choose between a solely automatic solution, or solely manual. However, relying only on manual processes leaves the majority of risks unaddressed, while automation without oversight risks destabilizing your environment.


The Bottom Line

Effective remediation requires careful orchestration across tools, processes, and teams to address security issues.

Consider just some of the challenges:

  • Prioritizing the flood of daily alerts and signatures from various tools
  • Mapping dependencies between affected resources
  • Predicting impacts on operations, budgets, and compliance
  • Assigning fixes to the right teams
  • Crafting customized playbooks
  • Monitoring effectiveness and identifying patterns

When addressing complex remediation, teams often face a tradeoff between relying solely on manual fixes or full automation. Manual remediation allows for nuanced human judgment but is inconsistent and doesn’t scale. Automation provides speed and consistency but lacks oversight. The most balanced approach likely integrates automation and human guidance based on the situation. By playing to the strengths of both skills and software, the potential rewards are substantial: robust security, streamlined operations, and improved compliance.


For Practitioners

For security and DevOps practitioners, an optimized remediation process improves efficiency, reduces disruption, and clarifies responsibilities. By automating repetitive tasks and detailing procedures, practitioners complete remediation faster with less overhead. They can focus their expertise on higher-value initiatives. Shared playbooks also minimize business impact and reduce friction between teams. Smooth remediation increases practitioner productivity and effectiveness.


For Management

For leadership, balanced remediation strengthens cloud security posture while optimizing IT operations. Instead of slow and inconsistent manual fixes, scalable automation remediates issues rapidly and consistently. Metrics like remediation times, security ticket backlog, and audit findings improve. Compliance assurance also increases through automated policy enforcement. Leadership gains confidence that both existing and emerging threats will be addressed quickly and effectively through mature remediation practices.

Cloud Incident ResponseDevSecOpsEnhancing cloud security strategy

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Mark Your Calendar for Cyber Monday!
Map the Transaction Flows for Zero Trust
Advance AI Risk Management
Level up with Cloud Infrastructure Security Training
Related Articles:
The Evolution of DevSecOps with AI

Published: 11/22/2024

How Cloud-Native Architectures Reshape Security: SOC2 and Secrets Management

Published: 11/22/2024

The Lost Art of Visibility, in the World of Clouds

Published: 11/20/2024

Group-Based Permissions and IGA Shortcomings in the Cloud

Published: 11/18/2024