A famous quote attributed to bank robber Willie “the Actor” Sutton states: “I rob banks because that’s where the money is.” Well, in recent years, as more of our data migrates to the cloud, crime follows.
According to a recent report by intelligence firm IDC, 98% of the companies surveyed had experienced at least one cloud data breach 18 months prior to the study. The Identity Theft Resource Center (ITRC) recently disclosed that due to unsecured cloud databases, during Q3 of 2021, the number of data compromise victims reached 160 million (higher than Q1 and Q2 of 2021 combined).
The rise is not limited to quantity. According to IBM, the severity and cost of breaches (from lawsuits, fines, reputation damage, customers and revenues loss) also grew, whether the breaches originated from a company, the company’s cloud provider or both. IBM’s 2021 Cost of a Data Breach Report (CODBR) found that the average breach cost reached $5.12 million for companies with high levels of cloud migration.
As more and more governments, companies and organizations move to the cloud and as the technology becomes more complex, so do the threats. This can be seen in microservice architecture, which has many security vulnerabilities and is difficult to scan for vulnerabilities and network security.
Since cloud environments have completely changed the way we access and store data, the old ways of “traditional security” are not enough and are sometimes irrelevant.
In a report from 2019 Gartner, Inc concluded that “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.”
They went on to define CSPM (Cloud Security Posture Management) as “a continuous process of cloud security and improvement and adaptation, which reduces the likelihood of successful attacks”. Thus, the term CSPM, became the common name for sets of tools, systems, processes, protocols and policies that are aimed at reducing the risk of public cloud data or compliance breaches. Here are the 10 best CSPM practices.
Unclear boundaries can result in misunderstanding, gray areas and eventually vulnerabilities. Cloud security posture management should start with creating and following a clear definition of responsibilities.
Cloud services (Google, Amazon, Azure etc.) have a shared responsibility plan that details responsibilities for security in the cloud, between the cloud provider and the customer (see for example AWS Shared Responsibility model, Google Cloud Platform: Shared Responsibility Matrix and Azure’s model ). In the most simple sense, the cloud provider is responsible for the security of the cloud, while the customer is responsible for security in the cloud.
Since cloud configuration is decentralized by nature, sensitive data is continuously created and processed by countless systems, applications and networks in many different locations. Before taking any security action, it is extremely important to identify, classify and map the data locations and flows.
This can be done using several tools or by using Polar Security’s “Cloud Data Security Posture Manager” (DSPM). Polar’s DSPM platform automatically locates, maps, and labels all relevant data (including undocumented data shadows that are often overlooked), i.e it allows you to constantly and automatically monitor for data vulnerabilities and compliance violations and fix them before they become a costly problem.
Misconfigurations are considered one of the main causes of data breaches. In order to avoid this problem be sure to take steps such as:
As will be discussed below, it is important to employ tools to automatically and proactively detect and resolve such problems.
IBM's Cost of a Data Breach Report found that almost half of data breaches originated from internal threats. These includes - Social engineering, data sharing outside the organization, use of informal undocumented channels (for example shadow data), use of unauthorized devices and apps, theft of company devices etc.
Employees should be constantly educated, briefed and trained in areas such as:
It is also important to take actions including:
A good cloud governance program (a set of rules, policies, direction, control, and activity monitoring) should create a delicate equilibrium - meeting the users' needs while ensuring the implementation of the strictest and best security rules and practices.
When creating such a cloud governance program, you should:
As discussed above, one of the weakest points is the human factor. Complying with rules, regulations and practices can be complicated and tedious, leaving room for human error in the management of cloud security. Moreover, attackers today rely extensively on ever faster and automated tools.
In order to minimize customer misconfiguration, mismanagement and mistakes, it is essential to incorporate automation into managing cloud security where possible.
Many problems can be detected and avoided in the development stages. It is important that developers build secure software by adopting verified uniform coding standards and integrating security configurations from the beginning of the development process (constant testing during all stages; continually use cloud security tools, etc.).
Secure coding standards can help developers locate, eliminate and prevent errors that could lead to software security issues. A good example is OWASP (Open Web Application Security Project) a nonprofit foundation that provides developers tools, resources, education & training such as a yearly standardized application security awareness document.
Other standards include:
Common Weakness Enumeration (CWE and CWE Top 25), a community developed list of software and hardware security weaknesses.
CERT Coding Standards, a site that supports the development of coding standards through a community effort.
DISA STIG, “Security Technical Information Guides” (STIG) of DISA (“Defense Information Systems Agency” of the American department of defense,) that stipulate how an organization should handle and manage security software and systems.
IEC 62443, a set of security standards created by the International Electrotechnical Commission (IEC) that provides a thorough and systematic set of cybersecurity recommendations.
NVD , a U.S. government repository of vulnerability management data (connected with the CVE list and provides additional content, including how to fix vulnerabilities, severity scores, and impact ratings)
PA-DSS (Payment Application Data Security Standard), a global security standard that applies to the development of payment application software. It was created by the PCI SSC (Payment Card Industry Security Standards Council).
Leveraging cloud security tools at all stages of the data protection process. Cloud security tools can be divided by the following categories: \
Spectral, a cybersecurity solution that uses a scanning engine and AI to detect harmful security errors in code, configurations and other artifacts.
Cloud Data Security Posture Manager (DSPM):
Polar Security, a DSPM solution that allows you to discover your cloud data assets (known and unknown), classify all sensitive data, map its flows, monitor data vulnerabilities, non-compliance and fix any issue quickly.
Endpoint Protection solutions:
Intercept X Endpoint, an endpoint tool that uses deep learning to protect against known & unknown malware attacks.
Network security solutions:
Restorepoint, allows automated network configuration backup, compliance audits, track and record of network access.
Secure File Sharing solutions:
Maytech Quatrix, a worldwide enterprise file sharing tool that offers security options, workflow automation, and audit.
SIEM (Security Information and Event Management) Solutions:
EventLog Analyzer, encrypts and retains all of the log data created across the system in a centralized repository.
If a cloud security issue is detected, remediation should take place as soon as possible. This could be done automatically or manually. In order to automate the process of remediation as fully as possible, security actions should be subdivided into small segments that can be completely automated or demand immediate human intervention.
System misuses and compliance violations should be monitored continuously using techniques such as:
Albert Einstein once said, “A clever person solves a problem. A wise person avoids it”. Avoiding cloud security issues by continuously finding and remediating problems before they can be exploited is the best way to implement your Cloud Security Posture Management.
Polar Security’s Data Security Posture Management (DSPM) was created precisely for that. It automatically and independently:
Interested in optimizing your Cloud Security Posture Management? We at Polar Security have the solution for the job.