Yotam Ben Ezra
February, 19th 2020
The public cloud is everywhere
The advantages of utilizing cloud infrastructure have brought organizations of all sizes and verticals to adopt it to some extent. Public cloud adoption reached 94% in 2019 which means virtually every organization utilizes the cloud in some way. 38% of enterprises surveyed said that public cloud was their top priority for 2019.
Increasingly, central IT and security teams assume responsibility for security and governance of the public cloud infrastructure in their organizations. As organizations use the cloud for more business-critical and customer-facing applications, the security requirements and concerns associated with that infrastructure mature as well.
Public cloud security issues
Cloud security continues to be a top concern for IT organizations. While some security requirements and challenges for public cloud usage are the same as private clouds, others differ.
Challenges specific to security in the public cloud are in four key areas:
Top security concerns in the cloud
Cloud security professionals focus on protecting their critical data. Whether it is data loss or leakage, or breaking compliance with regards to data privacy and confidentiality, they must keep track of the threats which put at risk their data kept in the cloud. The following threats are the most prevalent and are considered to be the most urgent issues to tackle:
Misconfiguration or faulty setup of the cloud platform is the single worrisome issue. Due to the complexity, pace and scale of cloud applications, this has become the underlying cause for security incidents in cloud platforms in recent years. Misconfiguration can relate to granting access, setting policies and configuring the network.
Unauthorized access by various attacks on credentials and resulting misuse of employee credentials. This is a major concern because the impact of gaining privileged credentials in a cloud platform can be devastating.
Insecure interfaces or APIs involve both cloud infrastructure and application APIs. For example, many of the security incidents in the past few years involved an overly accessible S3 configuration. In addition, many of the cloud applications design involve heavy usage of API-based interaction, where security is often overly permissive.
Account, service or traffic hijacking may result in the ability to access data. In public cloud infrastructure, the opportunity to perform such attacks causes concern due to the shared infrastructure and the fact that if access rights are not managed well enough, the impact can be severe. Also, this is an attack vector which starts at the user which is in many cases the weakest link in the chain in terms of security.
How SafeBreach can help
Breach and Attack Simulation enables organizations to test their security controls against simulated attacks. SafeBreach BAS platform enables BAS at a scale which is suitable to the challenges of managing cloud security.
Use cases for validating cloud native security
The use cases for validating cloud native security include cloud control plane security and container security.
Validating cloud control plane security
The cloud control plane includes capabilities that are usually exposed by the cloud IaaS provider API: access management, storage and other services and network configuration. In the shared security responsibility model, the user is responsible for these.
The cloud control plane represents a new and [for hackers] lucrative attack surface which is highly susceptible to misconfiguration and human error due to the high complexity of the environment.
SafeBreach BAS is able to interact with the cloud IaaS API and perform various operations which simulate attacker techniques and behaviors in order to validate security policies. The simulations also confirm whether controls are correctly configured to block attacker behaviors and expose where these may deviate from desired configurations.
SafeBreach simulation data can translate attack simulation data for threat or risk-based analysis, which is helpful in showing the environment posture in terms of the actual attack surface and threat exposure.
Validating container environments in cloud workload security
Container environments represent the infrastructure which enables cloud native architecture. Containers are very useful; they enable organizations to accelerate development processes and shorten software release cycles. In 2018, use of containers was up to 57 percent.
From a security perspective, the container environment behaves differently than traditional environments. Fundamentally, container environments are characterized by a large number of small entities (microservices), interacting with each other in a complex application structure. Each entity requires a different set of security settings.
Cloud native security solutions are designed to secure container environments in light of the different architecture and complexities. Such tools focus on specific core areas:
Conclusion: The entire attack surface, and the entire kill chain
Its new container security capabilities make SafeBreach the only BAS platform able to run attacks across the attack surfaces to validate configuration of the relevant security controls. SafeBeach Cloud Native Security capabilities enable users to visualize the entire kill chain of a potential attack on their applications, identify the most critical gaps and holistically remediate them.