Automating cloud security is a process still in its infancy for many organizations, says Unit 42.
The coronavirus pandemic forced many organizations to put their cloud migration projects into overdrive. Such a fast and unexpected transition to the cloud inevitably opened the door to more security threats. A report released Tuesday by Palo Alto Networks threat intelligence team Unit 42 examines how the cloud migration has affected security and what organizations can do to better protect themselves.
Based on internal data, Unit 42’s latest “Cloud Threat Report” found that organizations increased their cloud workloads by more than 20% between December 2019 and June 2020. Along the way, cloud security incidents rose by 188% just in the second quarter of 2020.
Industries that are vital in the effort to combat the pandemic have been hit especially hard. Over last year’s second quarter, cloud security incidents for the retail, manufacturing and government sectors rose by 402%, 230% and 205%, respectively.
The rise in security incidents has been triggered in part by the inability of many organizations to automate cloud security. Previous research from Unit 42 found that 65% of publicly disclosed security incidents in the cloud were due to customer misconfigurations, a problem that could have been addressed through automated security controls. As one example, infrastructure as code (IaC) offers DevOps and security teams a way to enforce security standards, but this resource remains largely untapped.
To help organizations improve their cloud security, Unit 42 offers the following recommendations:
Gain awareness and deep cloud visibility. The first step in making cloud security and compliance easier is to understand how your developers and business teams are using the cloud today. This means getting and maintaining situational awareness of what’s happening in your cloud environments down to the API and workload layers.
Set security guardrails. Ask yourself what misconfigurations should never exist in your environment. One example would be a database that receives direct traffic from the internet. When misconfigurations like this are found, your security guardrails should correct them automatically. If your organization does not already do so, consider using IaC templates to enforce security guardrails. There are potential security risks to using such templates, so be sure to scan them for common misconfigurations.
Adopt and enforce standards. It’s extremely difficult to automate what you haven’t standardized. Many teams talk about automation without having a security standard in place. Don’t start from scratch. The Center for Internet Security has benchmarks for all major cloud platforms. Look to automate and codify these standards by leveraging IaC.
Train and hire security engineers who code. Unlike most traditional data centers, public cloud environments are driven by APIs. Successful risk management in the cloud requires that security teams be able to leverage these APIs to manage workload security at scale. APIs are difficult to use without having engineers on your security team who know how to code and automate security processes as part of the CI/CD pipeline.
Embed security in DevOps. Strive to map out the who, what, when and where of how your organization pushes code into the cloud. Once this is done, your goal should be to locate the least disruptive insertion points for security processes and tools into your CI/CD pipeline. In this regard, getting early buy-in from DevOps teams is critical. From there, work to minimize human interaction over time by automating as many operations as possible.