Several of the most significant data breaches occurred when cloud misconfigurations left critical resources exposed to untrusted networks, so prioritization efforts should begin there. With increased cloud complexity comes increased risk–there were over 200 reported breaches in the past two years due to misconfigured cloud deployments. In that case, current CSPM tools won’t recognize it, and security engineers can spend their days chasing false positives simply due to a lack of accurate information involving access. Suppose that a firewall is blocking access to the public-facing nternet. However, that’s not necessarily true because there may have other security controls in place, such as third-party firewalls or their own Kubernetes security policy.įor example, perhaps a network security engineer who doesn’t understand native AWS and Azure firewalls instead decides to use a third-party firewall from a vendor they’re already familiar with. For example, they may only look at a setting in AWS that states a particular subnet is “public,” so, therefore, it’s exposed. Many tools simply call into the APIs of CSPs looking for misconfigurations at the compute and container levels, but they don’t fully understand “end-to-end” access. Understanding End-To-End AccessĬurrent CSPM solutions remain insufficient when it comes to calculating access that can lead to data breaches accurately. Some CSPM tools can show connectivity where there is traffic, but security teams want to calculate how an instance gets to the internet, what security points it goes through and through which port and protocols. This visibility allows security teams to fully understand their cloud footprint and reduce their overall attack surface by understanding the interconnectivity between their resources. Teams are often asked to secure unmonitored cloud environments and benefit from a visual, interactive model of their organization’s cloud resources. It can be challenging to understand the relationships between resources, such as between multiple accounts and whether they’re shared or not. Unfortunately, many CSPM tools present their findings in static, tabular forms. Still, we also know that tools that provide visibility can give security teams a more accurate, dynamic and comprehensive look at what resources they have, how they are connected and the risks associated with them. There are always unknowns when networks grow and change.
Nowadays, developers are empowered to innovate at speed and scale, but who keeps track of these newly created multi-cloud VPCs, VNETs and VCNs? Even more worrisome – who is responsible for securing them? It’s not uncommon for organizations to lose track of their cloud deployments over time, considering it only takes a developer and a department credit card to spin up a cloud environment. As we’ve learned in the past with our approach to securing on-premise networks, visibility plays a fundamental role. While it is largely successful in accomplishing these feats, CSPM in its current form isn’t without its limitations. It is broadly referred to as cloud security posture management (CSPM), and security organizations typically use it when wanting the equivalent visibility and security they’ve had with on-premise environments.Ĭurrent CSPM technology aims to help security teams understand what resources they have in their cloud environments, what security controls are in place, how they are all configured and automate as much of it as possible. To deal with this complexity and constant change, a new market segment has emerged. CSPM: The Industry’s Response to Cloud Complexity
The placement of security controls has moved away from security teams and into application development teams. The overwhelming complexity of the cloud systems asks for both expertise in both application development and security, which is perhaps unreasonable. This is an unsettling prediction but not entirely surprising given the realities that teams face today. According to Gartner, through 2023, “…at least 99% of cloud security failures will be the customer’s fault.” Instead, organizations are leaving many of them open themselves. Today’s cyber-criminals aren’t necessarily trying to knock down doors. The rapid transition to remote work and increased cloud adoption have dramatically changed the IT landscape, producing new cyber-attack vectors and data breaches. Cloud security has become increasingly complex and distributed.
0 kommentar(er)
