As organizations adopt cloud technology to modernize their businesses and increase agility, employing security automation to identify and correct cloud infrastructure misconfiguration has become a necessity. Cloud misconfiguration is one of the most common and significant security risks facing organizations today, yet it is also preventable.
There has traditionally been some reluctance on the part of security teams to automate remediation steps out of a concern over false positives or the loss of forensic evidence. These concerns are understandable, but when we look at the problem of cloud misconfiguration, there are compelling reasons why organizations should employ automated remediation over manual approaches:
1) The dynamic nature of cloud
In the cloud, resources are created, modified, and destroyed via APIs. Teams can spin up and spin down thousands of compute instances with a few simple commands. Network configurations and access policies can be easily modified. In many large enterprise cloud environments, it’s not uncommon to have thousands of resources that span hundreds of accounts. This creates a visibility and compliance challenge: How can you know what’s running where, and whether critical data is secure and infrastructure adheres to policy? And a simple misconfiguration that opens up a network port or object storage can go unnoticed for some time, leaving data exposed.
The complexities of cloud computing, and the chance of human error, will bite you in the butt.
⎯ David Linthicum, InfoWorld | OCT 5, 2018
2) Human factor and alert fatigue
Because of the dynamic nature of the cloud, hundreds of misconfigurations per day is quite common. There is no way for humans to thoroughly vet each corresponding alert, which means critical misconfiguration events are often missed or are improperly remediated. By automating remediation for routine misconfiguration exposures such as accidentally disabling logging or encryption, you can continuously enforce critical security and compliance policies. Automated remediation also eliminates significant time wasted on chasing down misconfiguration events.
3) Reduced Mean Time to Remediation (MTTR)
Time delays in remediating infrastructure misconfiguration events represent the biggest threat to cloud infrastructure. The longer a critical misconfiguration is left undetected and unrepaired, the higher the risk of a serious security breach. With automated remediation, you can measurably decrease your MTTR down to minutes, instead of days or weeks. When the threats that seek to exploit misconfiguration are themselves automated, you can’t afford to defeat them with manual approaches.
Infrastructure configuration enforcement must be able to span the full infrastructure stack, including your network, compute, storage, and any of the other cloud services. Continuous monitoring that includes automated remediation provides you the assurance that your cloud infrastructure environments are secure and operating in accordance with policy.
In part II, we will discuss the different types of automated remediation available and how to select the solution that best fits your business needs.