Public Cloud Security and Misconfiguration Risks

Today's hybrid cloud environment is fast-changing and ever-evolving. Every day more organizations are migrating applications and data to public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). While the cloud enables businesses to be more agile, configurations changes often occur without any security or compliance oversight. Applications housed in the cloud are increasingly vulnerable to various attacks, and it is the responsibility of each organization to configure and secure its resources properly.

Everyday, we hear about breaches due to the misconfiguration of public cloud resources. While the cloud provider provides insular security to its platform, there is a shared responsibility between the customer and its cloud service provider. Customers must vigilantly monitor network traffic and ensure they are implementing the necessary security group, such as installing antivirus and malware detection software, maintaining patch management, and handling data encryption. 

With the recent shift to native cloud-based application architecture, the emergence of serverless and container-based approaches to net new applications pose their own unique challenges. Serverless computing has become a popular option because of its potential to be more economical and easier to manage. Though with the benefits come more risk, and serverless computing has created a massive challenge with respect to visibility and control of resource configuration, access control, and compliance readiness. 

Data breaches and typical cloud misconfigurations are mostly caused by simple human error and poor security practice. Organizations are responsible for mitigating their insider threat risks in the public cloud. Now since more employees have access to the cloud systems within organizations, Identity and Access Management (IAM) protocols need to be in place to limit employees' access and permissions. A lack of fundamental security practices could expose the infrastructure and increase the attack surface.

Companies must explore their options when designing a public or private cloud strategy. There are solutions that support businesses and automate the governance of misconfigurations. As traditional network monitoring tools fall short of visibility, Anomalix helps organizations effectively monitor new and existing access, as well as identify and investigate all security-related events in a cloud environment. 

Within the platform, client access across the cloud is unique to the user and can be modified. At a high level, the authorized users can at any point, browse, investigate, and remediate resources spread across multiple platforms. 

Here are some of the regulation checks that should be performed:

• IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused for 90 days or more be removed or deactivated. Disabling or removing unnecessary credentials can be the window of opportunity for credentials associated with a compromised or abandoned account.
• IAM password policies can be used to ensure that passwords are comprised of different character sets. It is recommended that the password policy requires at least one symbol, has one lower- and upper-case letter, and so on. Setting a password complexity policy increases account resiliency against brute force login attempts.
• Ensuring the Amazon S3 bucket used to store CloudTrail logs (that records every API call made in your AWS account) is not publicly accessible. Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected account's use or configuration.
• Ensuring Amazon VPC flow logging is enabled in all VPCs provides visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

 For more information about IdGenius, please visit https://www.anomalix.com