We live in a culture of rapid innovation, but that innovation can result in a variety of security mistakes. Businesses must innovate quickly to compete in today’s markets, and software and public cloud infrastructure, or IaaS, are significant enablers of that innovation. Software is a fast mechanism to deliver innovation, and public cloud infrastructure is an agile way to support rapid software development and delivery. Both of which can lead to significant security mistakes. Let’s look at how we got here and where we need to go.
Software, IAAS and Innovation
Almost every company is now a software company by default—they all have important software components driving their products or overall business.
- Ford essentially sells computers-on-wheels.
- FedEx boasts a developer skunkworks to further their technological edge.
- The app that monitors and tracks your digitally-enabled shoes can be now be iterated much faster than the shoes themselves.
Software is a fast and easy mechanism to deliver faster innovation, because software development and deployment processes have evolved to be quick and iterative. As a result, software development can move faster than physical product innovation.
To support this rapid software development and deployment, enterprises are leveraging public cloud infrastructure to build a faster and modern application infrastructure that improves operational agility and optimizes costs and resources. It’s fast and easy to acquire and set up, but can result in some nasty security mistakes.
This new application infrastructure can drive an extremely high change velocity enabling DevOps teams to develop and operate as a continuous process, often meaning real-time changes in production and faster delivery. As more businesses are being run on software and delivered as online services — from movies to agriculture to national defense—more of them need public cloud infrastructure.
Public Cloud Infrastructure Brings Net-New Security Challenges
While public cloud infrastructure is improving the way many enterprises do business, it can also be technically complex—with hundreds of cloud services each offering numerous configuration options, the potential for security exposures is enormous.
Within these new environments it’s easy for security mistakes to find their way in and stay there—often undetected. Many of them commonly caused by misconfiguration of cloud services can easily expose cloud infrastructure to security threats.
As enterprises increase the use of public cloud infrastructure services, they also expand their cloud attack surface, making maintaining security and compliance a much bigger challenge requiring the Shared Responsibility Model, where both the cloud provider and its customers’ DevOps teams take responsibility for security.
Avoiding the Five Security Mistakes
Within this model based on shared responsibility, user security responsibilities revolve around ensuring cloud infrastructure is architected, deployed, and operated in a safe manner. In other words, the security team must ensure that the flexibility and power of cloud infrastructure is not used improperly—either inadvertently or nefariously—and results in a costly security mistake.
The challenge is determining the most burning security priorities, having the ability to quickly detect and remediate them, then preventing them from recurring—all at cloud scale and cloud speed.
The good news is that when it comes to working in the public cloud, many have come before you and developed ways to automate cloud security processes and integrate them into daily automation workflows, making DevOps a force multiplier, and proactively identifying and addressing security mistakes.
Five Nastiest Security Mistakes
Based on real-world experience and research, our upcoming white paper: The Five Nastiest Security Mistakes Exposing Public Cloud Infrastructure, shares insights into five of the most dangerous and common IaaS configuration mistakes that could expose your public cloud computing environment to a worst-case security scenario. These are:
- Early hacked administrative credentials
- Exposed data assets
- Weak network access controls
- Unconstrained blast radius
- Poor event logging
For each of the five security mistakes, we’ll discuss:
- The specific weaknesses those configuration mistakes can create
- How those weaknesses can be exploited
- The potential impacts of being exploited
- How to detect those weaknesses manually or through automation
Pre-order your free copy of the whitepaper “The Five Nastiest Security Mistakes Exposing Public Cloud Infrastructure” coming later this month to learn more about the five most dangerous categories of configuration security mistakes that expose public cloud infrastructure to compromise.
The post Security Mistakes and the Culture of Innovation appeared first on Cybersecurity Insiders.
September 19, 2019 at 09:08AM
0 comments:
Post a Comment