Given the interconnectedness of cloud environments and the accelerated pace at which cloud attacks unfold, if SOC teams can’t see everything in one place, they’ll never be able to connect the dots in time to respond. Within these trusted connections reside permissions to databases, S3 buckets, and many other resources, all of which are granted open or loose permissions so they can interact, unimpeded, with essential cloud services. One of the most challenging elements of cloud security is that cloud environments generate so much noise and are so complex that it’s easy for questionable actions to occur unnoticed. As security teams level up to support the transition, we’re seeing three specific issues that impede cloud detection and response. The amount of NHIs that reside in cloud environments, coupled with the fact that cloud providers employ different NHI authentication mechanisms and lifecycle management practices has caused the risk they pose to skyrocket. Cloud applications, workloads and infrastructure have become increasingly connected and communicate with each other via trusted connections across assets, developers and identities. Most SOC teams either lack the proper tooling or have so many cloud security point tools that the management burden is untenable. Cloud security teams are getting smarter and more experienced, and cloud security toolsets are maturing in lockstep with cloud adoption. Cloud attacks happen way too fast for SOC teams to flip from one dashboard to another to determine if an application anomaly has implications at the infrastructure level. Companies are shifting from testing the waters of cloud computing to making substantive investments in cloud-native IT, and attackers are shifting with them. While the latter is a legitimate concern, if we want to stay ahead of our adversaries, we need to get comfortable with the accelerated pace of the cloud. More importantly, because everything in the cloud happens at warp speed, we humans need to act faster, which can be nerve wracking and increase the chance of accidentally breaking something. The implicit trust that cloud workloads have between pod-to-pod and node-to-node communication may be essential to smooth operations, but it comes at a cost. According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. To protect the massive investment being made in cloud native IT, containing NHI risk MUST be a priority. Even though security teams are implementing the least privilege principle to ensure that every asset only has the connections they need, there will always be connections left open. Furthermore, since virtually all public cloud users are on AWS, GCP, Azure, and Oracle, it becomes easy for an attacker to know how an environment will be built. Security teams need to adjust their mindset beyond shift-left and get adept at shifting up and down the stack.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 03 Oct 2024 05:43:09 +0000