Public clouds offer many advantages. Their rapid adoption however has led many organizations to assume the provider handles security. This mistaken belief leads to data breaches on other security issues that can affect a company’s reputation. A recent study shows that 81% of customers would stop engaging with a brand online following a breach. There is no shortage of acronyms in technology, and security is no exception. Let’s look at several of these acronyms such as CIEM, CSPM, CWPP, and CASB and discuss how they help organizations strengthen their security measures.
Offsite infrastructure management offers the convenience of offloading the management of IT resources to third-party vendors. This convenience, however, doesn’t relieve companies of certain security measures. Service providers are only responsible for managing the infrastructure. Configuring and securing applications and data are the responsibility of the company.
CSPM refers to a set of IT security tools used to monitor services for misconfigurations. The goal is to identify these issues so companies can take measures to enforce security policies.
Capabilities for CSPM tools include:
Visibility – With data and applications spread across multiple services, it’s difficult to have a clear picture of inventory.
Compliance – Information in the cloud is subject to the same security protocols as that of on-premise data centers. CSPM provides tools to show compliance with these regulations.
Risk Detection – CSPM tools detect both internal and external threats to the information stored off-premises.
Remediation – Some tools not only monitor for misconfiguration but can sometimes perform remediation to resolve issues.
Cloud computing offers flexibility and scalability in deploying applications. As companies use the cloud more, the attack surface multiplies. Workload management is a security mechanism to protect the attack surface. Its goal is to protect the processes and resources that support an application. Securing workload in the cloud can be difficult. With workloads being passed between multiple hosts and vendors. Common attack points include:
- Containerized applications
- Cloud-based endpoints
- Cloud-based storage
- Applications running on virtual machines
The security for offsite hosted applications must also include security for traffic between the on-premises infrastructure and the offsite infrastructure. Some of the challenges with managing traffic include accidental data exposure and malicious intent to steal information. A CASB helps solve these problems by instituting a broker that sits between end-users and cloud systems. The access broker can:
- Encrypt sensitive data
- Block unusual account activity
- Enforce policies for access to sensitive information
As the complexity of cloud services grows companies are at risk for threats caused by application services with excessive permissions. A service identity is a role a service uses to gain access to resources. Unless the privilege of least principle is employed, these services might leak access to sensitive data, execute a malicious attack, reconfigure network settings or gain access to other identities.
CIEM is the best solution for managing access and enforcing the least privilege in the cloud.
Cloud infrastructure, by nature, is complex. Compute spins up and spins down in a matter of minutes, even seconds. Identities can exist briefly or lay dormant for years, and their permissions are never set in stone. The ephemeral nature of the cloud makes it even harder to continuously monitor resources with complete visibility.
IT and Security organizations use Cloud Infrastructure Entitlements Management (CIEM) solutions to manage identities and access privileges in the cloud and multi-cloud environments. Sometimes referred to as Cloud Entitlements Management solutions or Cloud Permissions Management solutions, CIEM solutions apply the Principle of Least Privilege access to cloud infrastructure and services, helping organizations defend against data breaches, malicious attacks, and other risks posed by excessive cloud permissions.
Cloud complexity compounds when the business demands accelerated production schedules without forethought into the further cloud data sprawl and potential permissions creep. Stakeholders often want to speed up development that adds identities and resources with innumerable endpoints. Their understanding is that the cloud provides infinite scalability and mistake cloud as the ultimate solution to always keep assets safe. It’s a failure to grasp their end of the shared responsibility model of the public cloud.
The term Cloud-Native Application Protection Platform is the convergence of methodologies from CSPM and CWPP. According to Gartner, “There is synergy in combining CWPP and CSPM capabilities, and multiple vendors are pursuing this strategy. The combination will create a new category of Cloud-Native Application Protection (CNAPs) that scan workloads and configurations in development and protect workloads and configurations at runtime.”
This approach reflected the need for a comprehensive cloud security platform. CNAPP stands for Cloud-Native Application Protection Platform. Gartner recognized the expanding needs that go into securing applications in the cloud. CNAPP solutions aim to address workload and configuration security by scanning them in development and protecting them at runtime.
CIAM helps organizations manage human identities. It is how companies give users access to applications. The proliferation of web-based apps means users have multiple channels for interacting with a company’s systems. Common channels include mobile devices, partner applications, and IoT devices.
Common features include:
- Customer registration
- Self-service account management
- Single sign-on
- Multi-factor authentication
Traditionally, security has been managed at the application level. This approach relied on user IDs and passwords to protect access to these systems. As companies implement cloud solutions, this approach is inadequate. Ideally, security protocols should encompass the cloud and on-premise applications. Below are a few items to consider when evaluating a comprehensive security tool.
- Does it support encryption?
- Does the tool support all of your cloud platforms ( AWS, GCP, Azure)?
- Does it effectively inventory your identities and find effective permissions?
- Locate your data and tell you who and what is accessing data?
- Can it provide a continuous, context-based audit/view of configuration changes or drift?
- Does it support security between the cloud and legacy systems?
- Does your tool help you solve your challenges?
Implementing proper IAM protections ensures end users have access to data and systems with the appropriate permissions. The complexity of distributed applications makes implementing IAM a challenging task. Some of these challenges include:
It isn’t unusual for companies to use multiple vendors. Each is likely to have different tools and procedures for managing identities. With so many tools and standards to keep track of, there is a potential for inconsistencies between systems. The result creates additional vulnerabilities in the organization’s security stance.
Organizations often get trapped in the habit of giving users more access than required for the sake of minimizing bottlenecks in someone’s ability to perform their job. Unfortunately, excessive privileges can be detrimental to a company. These privileges are problematic in that they allow employees access to sensitive data, install unapproved or unlicensed software, or inadvertently cause errors in these systems.
Identity sprawl occurs when the central directory service for an organization’s directory service is not integrated with that of the systems with which it integrates. As a result, administrators must manage identities across systems.
The number of credentials a user must manage can lead to user frustration. A study shows that the average business employee keeps track of 191 passwords. As a result, employees reuse passwords. While 91%of users understand the risk of reusing passwords a whopping 59% admit to doing it anyway.
Security for Remote Work
Many organizations are giving employees more options for when, where, and how they work. With remote work becoming more prevalent administrators must extend security measures to:
- Browser-based applications
- User behavior within those apps
- The user’s location
- The type of device they are using
Identity and access management in a multi-cloud or hybrid environment is a complex task that requires comprehensive capabilities for securing your data. If you would like help exploring your options, Sonrai can help you select the right cloud security tool.
The post The Simple Acronyms That Protect Your Cloud appeared first on Sonrai Security.
*** This is a Security Bloggers Network syndicated blog from Blog – Sonrai Security authored by Eric Kedrosky. Read the original post at: https://sonraisecurity.com/blog/acronyms-cloud-security/