Ensuring Data Privacy in Public Clouds

33
10040

Most enterprises spread data and applications across multiple cloud providers, typically referred to as a multicloud approach. While it is in the best interest of public cloud providers to offer network security as part of their service offerings, every public cloud provider utilizes different hardware and software security policies, methods and mechanisms, creating a challenge for the enterprise to maintain the exact same policy and configuration across all infrastructures. Public cloud providers typically meet basic security standards in an effort to standardize how they monitor and mitigate threats across their entire customer base. Seventy percent of organizations reported using public cloud providers with varied approaches to security management. Moreover, enterprises typically prefer neutral security vendors instead of over-relying on public cloud vendors to protect their workloads. As the multicloud approach expands, it is important to centralize all security aspects.

When Your Inside Is Out, Your Outside Is In

Moving workloads to publicly hosted environments leads to new threats, previously unknown in the world of premise-based computing. Computing resources hosted inside an organization’s perimeter are more easily controlled. Administrators have immediate physical access, and the workload’s surface exposure to insider threats is limited. When those same resources are moved to the public cloud, they are no longer under the direct control of the organization. Administrators no longer have physical access to their workloads. Even the most sensitive configurations must be done from afar via remote connections. Putting internal resources in the outside world results in a far larger attack surface with long, undefined boundaries of the security perimeter.

In other words, when your inside is out, then your outside is in.

[You may also like: Ensuring a Secure Cloud Journey in a World of Containers]

External threats that could previously be easily contained can now strike directly at the heart of an organization’s workloads. Hackers can have identical access to workloads as do the administrators managing them. In effect, the whole world is now an insider threat.

In such circumstances, restricting the permissions to access an organization’s workloads and hardening its security configuration are key aspects of workload security.

Poor Security HYGIENE Leaves You Exposed

Cloud environments make it very easy to grant access permissions and very difficult to keep track of who has them. With customer demands constantly increasing and development teams put under pressure to quickly roll out new enhancements, many organizations spin up new resources and grant excessive permissions on a routine basis. This is particularly true in many DevOps environments where speed and agility are highly valued and security concerns are often secondary.

Over time, the gap between the permissions that users have and the permissions that they actually need (and use) becomes a significant crack in the organization’s security posture. Promiscuous permissions leave workloads vulnerable to data theft and resource exploitation should any of the users who have access permissions to them become compromised. As a result, misconfiguration of access permissions (that is, giving permissions to too many people and/or granting permissions that are overly generous)
becomes the most urgent security threat that organizations need to address in public cloud environments.

[You may also like: Considerations for Load Balancers When Migrating Applications to the Cloud]

The Glaring Issue of Misconfiguration

Public cloud providers offer identity access management tools for enterprises to control access to applications, services and databases based on permission policies. It is the responsibility of enterprises to deploy security policies that determine what entities are allowed to connect with other entities or resources in the network. These policies are usually a set of static definitions and rules that control what entities are valid to, for example, run an API or access data.

One of the biggest threats to the public cloud is misconfiguration. If permission policies are not managed properly by an enterprise will the tools offered by the public cloud provider, excessive permissions will expand the attack surface, thereby enabling hackers to exploit one entry to gain access to the entire network.

Moreover, common misconfiguration scenarios result from a DevOps engineer who uses predefined permission templates, called managed permission policies, in which the granted standardized policy may contain wider permissions than needed. The result is excessive permissions that are never used. Misconfigurations can cause accidental exposure of data, services or machines to the internet, as well as leave doors wide open for attackers.

[You may also like: The Hybrid Cloud Habit You Need to Break]

For example, an attacker can steal data by using the security credentials of a DevOps engineer gathered in a phishing attack. The attacker leverages the privileged role to take a snapshot of elastic block storage (EBS) to steal data, then shares the EBS snapshot and data on an account in another public network without installing anything. The attacker is able to leverage a role with excessive permissions to create a new machine at the beginning of the attack and then infiltrate deeper into the network to share
AMI and RDS snapshots (Amazon Machine Images and Relational Database Service, respectively), and then unshare resources.

Year over year in Radware’s global industry survey, the most frequently mentioned security challenges encountered with migrating applications to the cloud are governance issues followed by skill shortage and complexity of managing security policies. All contribute to the high rate of excessive permissions.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

33 COMMENTS

  1. I’m impressed, I have to admit. Rarely do I come across a blog that’s
    both equally educative and entertaining, and without a doubt, you have hit the nail on the head.

    The issue is something which not enough men and women are speaking intelligently about.
    I am very happy I found this in my search for something concerning
    this.

  2. Superb blog! Do you have any hints for aspiring writers?

    I’m planning to start my own blog soon but I’m a little lost on everything.
    Would you suggest starting with a free platform like WordPress or go
    for a paid option? There are so many choices out there that I’m completely confused
    .. Any suggestions? Cheers!

  3. I do not even understand how I stopped up right here, but
    I thought this submit used to be good. I don’t know who you might be however certainly you are going to a well-known blogger if you aren’t already.
    Cheers!

  4. Excellent beat ! I would like to apprentice while you amend your website, how can i subscribe for
    a blog web site? The account helped me a acceptable deal.

    I had been a little bit acquainted of this your broadcast provided bright clear idea

  5. Nice post. I learn something totally new and challenging
    on websites I stumbleupon on a daily basis.

    It will always be interesting to read through content from other authors and use
    something from their sites.

  6. І have to hank you for tthe efforts yyou have put in penning
    tһis blօg. I aam hopping to check out the same high-grade blօg posts
    from you in the future as well. In faсt, ʏour cdeative writing abilities has motivated me to get my own ԝebsite
    now 😉

  7. It’s nearly impossible to find experienced
    people in this particular topic, however, you seem like you know what you’re talking about!

    Thanks

  8. What i don’t realize is actually how you’re not really a lot more neatly-preferred than you may be now.
    You are very intelligent. You realize thus significantly with regards to this matter, produced me individually imagine it from
    so many various angles. Its like men and women aren’t involved except it is something to accomplish with
    Girl gaga! Your own stuffs outstanding. Always care for it up!

  9. Greetings I am so delighted I found your blog page,
    I really found you by mistake, while I was researching
    on Digg for something else, Regardless I am
    here now and would just like to say thanks a lot for a tremendous post and a all round interesting blog (I also love the theme/design), I don’t have time to go through it all at the minute but I
    have saved it and also added in your RSS feeds, so when I have time I
    will be back to read a great deal more, Please do keep up
    the fantastic work.

  10. YouTube’u bilmeyen yoktur. Ne siz de bir YouTuber olmayasınız?
    İnternetten para kazanmak karınin en çok uğraş verilen maslahatlerden biri bile YouTube kanalı açarak videolar paylaşıp izlenen bu videolar üzerinde gösterilen reklamlardan para kazanmaktır.

    Yanıt: Bu baştan sona size rabıtalı; yani ne
    denli çok himmet harcar ve hin ayırırsanız o derece çok kulaklıırsınız.
    Ne mı? Şöyle:

    Salık linkinizi özendirme ederek para kazanabilirsiniz.
    Birisi web sitemize bağlantınızdan her giriş yaparken para kazanırsınız.
    Her zaman gerçekleştirmek dâhilin çok iş var ve uhde başına
    5 $ ve bonus başına 20 $ ‘dan doğmak bağırsakin çok okkalı ikramiye var.

    Lütfen majör beklentiler muhtevaine girmeyin! Para kazanmıştırran uygulamalar
    sizi asla zengin etmez fakat denemek isteyenler olur diye bir liste hazırladım.
    İlla ki basitçe para kazanmak istiyorsanız anket doldurmak daha avantajlı.

    Sınırlı bir anket veritabanına sahip anket siteleri arasında arazi düz
    Daedalusonline’da anket kullanıcıları beyninde çekiliş binalıp yalnızca sınırlı adetdaki kişilere tablet fiyat edilmektedir.

    Adidaki adreslerden istediğinizi seçebilir ve anket doldurarak para kazanma
    haricinde bir çok yöntemi aynı anda kullanarak hasılat elde edebilirsiniz.

    Burada önemli olan ne kadar izleyici toplamış olduğunız.
    Maalesef millet bunu yapabilecek kabiliyete
    mevla bileğil.

    Siteniz ziyaretçi almaya sarrafiyeladıktan sonrasında, sitenize reklam alacaksınız ve
    reklamların gösterimlerinden ve tıklamalarından para
    kazanacaksınız.

    Buraya kadar her şey alımlı çalımlı hoş amma gelin bir de anket doldurarak para kazanmanın gerçeklerini şu demek oluyor ki madalyonun öteki yüzeyüne
    delik atalım arkadaşlar. Anket doldurarak para kazanmak beli çok olağan ve minimum seviyede zaman kocaoğlanrarak hasılat elde edilebilen en pop
    online para kazanma yollarından birisidir.

    İnternetten para kazanmanın en tesirli yollarından biri bile web sitesi kurarak
    para kazanmaktır. Kendi sitenizi harisarak ve dâhilerik yazarak geniş kitlelere ulaşırsınız ve ziyaretçi çekersiniz.

    Sizler sinein hazırlamış olduğum evde para isabet yolları beyninde belde düzlük yazgıları
    inceleyerek aramış olduğunız yöntemi rahat bulabilirsiniz.

    GÖRÜŞLERİNİZ BİZİM İÇİN ÖNEMLİDİR… EVET 5
    HAYIR 9 Etiketler: anket doldurarak para kazanmaköte para kazanmak için ne uygulamak
    lazımevde para kazanmanın yollarıgeliriddaa para kesp yollarıinternetten para isabet katılmışşiinternetten para edinim forumİnternetten Para Kazanma Yollarıinternetten para edinme
    yolları nedirinternetten para kazanmak istiyorumkolay para kazanmaKolay Para Iktisap İçin 10 Müthiş Yolmail okuyarak para kazanmakmüzik dinleyerek para kazanmüzik dinleyerek para kazanmaparapara kazanmaPara edinim oyunlarıpara
    isabet siteleripara isabet yolları öğrencipara kazanmakpara kazanmanın yolları öğrenci

    İnsanların sevdiği layihamlara sahipseniz bu internetten para kazanmanın mutlak
    ve enikonu yararlı bir yolu mümkün.

    Blog yazarak evde para ihraz ile ait behemehâl hatlara
    hemayar mevrutsinizdir.Blog yazmayı bilmiyor olabilirsiniz.Bu
    sadece bir örnek.Blog yazarak evde para kazanmak istiyorsanız en az 6 ay boyunca çkırmızıışmanız gerekiyor.İlk 6 ay
    hiç hasılat elde edemeyeceksiniz.

  11. I was curious if you ever thought of changing the structure of
    your website? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people could connect with it better.
    Youve got an awful lot of text for only having 1 or two pictures.
    Maybe you could space it out better?

  12. What i do not realize is in fact how you’re no longer actually much more smartly-favored than you might be right now.
    You are very intelligent. You realize therefore significantly when it comes to this subject, made me in my
    opinion imagine it from so many varied angles.
    Its like men and women aren’t interested except it’s
    something to do with Girl gaga! Your individual stuffs nice.
    At all times handle it up!

  13. Admiring the persistence you put into your website and detailed
    information you provide. It’s awesome to come across a
    blog every once in a while that isn’t the same old rehashed information. Wonderful read!
    I’ve saved your site and I’m including your RSS
    feeds to my Google account.

LEAVE A REPLY

Please enter your comment!
Please enter your name here