Given the simplicity and cost-effectiveness of the public cloud, it’s no surprise that more and more organizations are turning to Amazon Web Services,
Microsoft Azure, and Google Cloud Platform. You can spin up a new instance in minutes, scale resources up and down whenever you need while only
paying for what you use, and avoid high upfront hardware costs.
While the public cloud solves many traditional IT resourcing challenges, it does introduce new headaches. The secret to effective cybersecurity in the
cloud is improving your overall security posture: ensuring your architecture is secure and configured correctly, that you have the necessary visibility
into your architecture, and importantly, into who is accessing it.
While this sounds simple, the reality is anything but.
The rapid growth of cloud usage has resulted in a fractured distribution of data, with workloads spread across disparate instances and, for some organizations,
platforms. The average organization already runs applications in two public clouds, while experimenting with another 1.8 public clouds. This multi-cloud
approach compounds the visibility challenge for IT teams who need to jump from platform to platform to get a complete picture of their cloud-based estates.
Lack of visibility into cloud-based workloads leads to both security and compliance risks
Greater agility and improved time-to-market for products and services are huge motivators for an organization to move to the public cloud. Doing this usually
requires the agility and responsiveness of a DevOps approach. For many, this new approach to development and product releases entails multiple developers
working across multiple platforms, and often in different time zones.
Keeping track of the workloads wasn’t such an issue when development cycles lasted months or even years, but those days are over. You now need to keep
up with multiple releases – sometimes on the same day. Tracking fast-paced architecture changes, configuration updates, and security group settings
around the clock is near impossible. It all adds up to a recipe for increased exposure to cyber threats where vulnerabilities can be quickly exploited.
Just as organizations enjoy the automation benefits that the public cloud offers, so too do cyber criminals. Today’s attackers increasingly canvass cloud environments and take
advantage of native cloud provider APIs to automate deployments on new instances, breach open databases, change security settings, and lock out legitimate users.
To quantify the issue, SophosLabs recently set up environments in 10 of the most popular AWS data centers in the world. The research revealed that:
These startling results highlight the frequency with which cybercriminals are targeting cloud-based instances, using sophisticated, automated techniques. The challenge for
security teams lies in identifying and securing potential vulnerabilities before the attackers, and identifying unusual (attacker) behavior in real time to stop an attack in its tracks.
No matter where your infrastructure and data is held, you need to demonstrate compliance with relevant regulations, including CIS,
HIPPA, GDPR, and PCI or risk regulatory non-compliance.
The challenge in the cloud is that environments change by the day, the hour, even by the minute. Whereas compliance checks every week or month may
have worked for on-premises networks, they won’t cut it for the public cloud. The need for continuous compliance analysis can be a huge resource drain for teams
that are managing cloud environments manually or with native tools. What’s more, once a compliance issue is identified, the fractured nature of security,
development, operations and compliance teams within most organizations means it is often challenging to address the situation in a timely manner.
*Article taken from Sophos White Paper on Securing Public Cloud