Covid-19 accelerated cloud adoption in the enterprise in an unprecedented way. With the sudden move to remote work, organizations were forced to adopt cloud technologies to facilitate how we communicated, how we collaborated, and how our business was managed and operated, in a very short time. Our businesses needed not only the software and applications to support their operations, but also the underlying flexible and secure infrastructure the cloud offered. Frankly, many IT professionals have had very limited access to their on-premises data centers since the pandemic began.
Cloud services such as AWS, Microsoft Azure, and Google Cloud all offer flexibility, elasticity, and scale benefits. With enterprise spending on cloud infrastructure surpassing on-premises spend for the first time in 2020, the shift to cloud workloads only continues to accelerate. Other recent reports state that 90 percent of enterprises expect cloud usage to exceed prior plans due to COVID-19 and that 36 percent of enterprises spend more than $12 million per year on public clouds.
Cloud security challenges
As powerful and innovative as the cloud is, it’s also complex and ever changing. From a security standpoint, this creates a lot of challenges and loopholes.
According to the 2020 Cloud Security Report, the highest-ranking threat to cloud infrastructure was misconfiguration, with 68% of companies citing this as their greatest concern. Misconfiguration takes place when a cloud-related system, tool, or asset is not configured properly, thus endangering the system and exposing it to a potential attack or data leak.
Many other issues exist. Some are also common on-premises like unpatched software vulnerabilities, missing or inadequate use of security tools for protection, poor or shared passwords and over provisioned admin accounts to name a few. Some risks are more common in the cloud such as fragmented accounts, account access across regions, or simply a lack of visibility into the proliferation of cloud services, often due to activity by DevOps.
Cloud security is your responsibility
When it comes to cloud security, AWS and other public clouds operate on a shared responsibility model. If you’re using instances or virtual machines, you’re still responsible for the operating system, the applications running on that OS, your data and for the service configuration.
New Balbix Connector for AWS
With the newly announced Balbix Connector for AWS, you can improve your AWS security. The Connector for AWS allows you to continuously monitor the most popular AWS Cloud services by ingesting data from core services like Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Identity and Access Management (IAM); database and container services like Amazon Relational Database Service (Amazon RDS), and Amazon Elastic Kubernetes Service (Amazon EKS); and analytics services like Amazon OpenSearch Service.
It is easy to set up and use the API connector in minutes using a wizard-driven configuration process.
Security teams, including cloud security analysts and admins, can realize a number of key benefits from the integration.
1. Get comprehensive visibility into cloud assets
Balbix allows you to quickly inventory your AWS assets. Not only do you get complete visibility across your AWS environment but Balbix also accurately categorizes your assets into compute, storage, network and containers. Moreover, you can view and manage these assets through separate dashboards for workloads, storage and containers and K8s (see Image 2, below). Balbix can also describe over 400 attributes for each asset including general asset information, and information about its network, storage, open ports, system details, users, software inventory and any existing (or missing) security controls.
2. Discover exposure to common cloud attack vectors
For each asset, and for your AWS assets collectively, Balbix identifies their exposure to common attack vectors, especially misconfigurations – the most exploited attack vector for the cloud – for example misconfigurations in S3 and IAM. In total, Balbix identifies exposure to over 100 attack vectors broadly aligned to 5 categories:
- unpatched software
- weak encryption
- poor passwords
- admin trust relationships
Balbix provides a list of top risk issues for your cloud environment. The list of risk issues is automatically prioritized so you can efficiently remediate the most critical issues first. In addition, the search function in Balbix allows you to search your AWS environment, for example, for specific CVEs. You can also review each asset for a list of vulnerabilities affecting that particular asset.
3. Measure risks in terms of the likelihood and monetary impact
In addition to allowing you to improve your visibility and vulnerability management, Balbix also allows you to continuously report on, and refine, your overall security posture. Balbix provides your overall risk in terms of likelihood (in percentage) and breach impact (in monetary terms) to allow you to report the financial risk of a breach affecting your AWS resources. For example, in the example below (see image 2, above), the breach risk of this company’s AWS environment is $4.8 million. Reporting out in monetary terms allows you to use a common language when talking to the CFO, CEO, other company leader and/or the board of directors.
You can also report risk by geo, BU and asset type to break down overall risk into areas corresponding to the responsibilities of specific IT and business leaders. For example, image 4 shows the risk level for different AWS asset types. The risk is low with the exception of servers, where there is a medium level of risk.
Unify your Hybrid Cloud Security Posture
Of course, there are also additional benefits from uniting your AWS data with your on-premises data to have a single hybrid cloud security posture.