It’s no secret — it’s hard to secure a cloud environment. It only gets more complex and easier to make mistakes when securing your workloads means working in multiple cloud environments.
There are three common multi-cloud mishaps that put your cloud security at risk. With cloud security being the top concern for organizations (75% identify cloud security as the number one concern), identifying ways to mitigate these risks is key. Let’s take a look at ways to avoid those mistakes.
[Related Reading: What Is Multi-Cloud?]
Top 3 Multi-Cloud Environment Mishaps
Being too generous with permissions and access
This is a big one and could easily be its own blog. There are a substantial number of ways in which access can create the greatest security risk. We won’t be able to cover them all here. However, we’ve highlighted a few that you should watch out for:
Failing to guard your secrets
Every organization has “secrets” or “keys to their castle” that could, if put into the wrong hands, cause irreparable damage to a business. These secrets can range from admin credentials to API keys to proprietary source code. Keep an eye on the following common mistakes:
- Storing API or encryption keys in unsecure location
- Exposing or making credentials easily accessible such as posting admin credentials on a publicly available server
- Exposing critical content in an S3 bucket or open GitHub repository
There are several tools and services available to help guard your secrets. Generally speaking, and as best practices, keep these “keys to your castle” secured, significantly limit who has access and maintain visibility to who/what/when/how it’s being accessed.
Failing to limit access or privileges
In a recent report, 58% of those surveyed identified unauthorized access as a leading security threat in their cloud environment. Unauthorized access could be the result of the following mistakes organizations make:
- Defaulting to admin rights on commonly used and/or shared resources
- Sharing admin passwords
- Trusting everyone (failure to follow the concept of least privileged access)
- Not securing containers & VMs
As a general rule, there are two best practices to follow to drastically mitigate risk:
- Follow the principle of least privileged access where users are given least amount of access needed to perform their job duties.
- Ensure you have access management controls in place, such as AD and SSO to reduce risk of credential compromise. This will add an additional layer of much-needed control.
Failure to adapt policies and processes to each cloud environment
If you’re already utilizing a public cloud vendor, you’ve likely established and implemented the appropriate security controls to address your responsibilities in the shared responsibility model. It’s easy to assume you can simply duplicate those security controls in another cloud environment. After all, there are a lot of similarities between the public cloud providers (PCPs), and therefore, they must be identical from a shared responsibility perspective, right? Unfortunately, that is not the case.
While there are similarities between providers, the way in which they are executed differs. Failure to understand the nuances between PCPs could lead to security gaps if guardrails aren’t properly adapted and implemented. Keep in mind, these policies and processes must also be adapted according to your delivery model (e.g., PaaS, IaaS).
Additionally, you’ll want to keep an eye out for and eliminate any overlapping or redundant processes early on. This can help to prevent misalignment on ownership (for example, one group assuming ownership belongs to another ground) as well as prevent oversight on identifying and responding to potential threats.
Lack of visibility across all applicable environments
If you have experience in AWS, Microsoft, or Google Public Cloud, you’re likely aware that each PCP has its own tool or interface for visibility into their respective services such as security, cost or usage metrics. AWS, for example, utilizes CloudTrail to log, monitor & analyze telemetry activity while Microsoft utilize Azure Monitor.
When relying on multiple interfaces or tools to get a view of your cloud environment, it’s difficult to get a complete picture of what is happening across the entire landscape. Different tools means security teams have to manually correlate and report activities, creating inefficiencies and potential for human error.
The ability to view and monitor the environment thorough a single pane of glass is critical to mitigating this security risks. Leveraging a tool or service, such as Alert Logic MDR, can provide:
- Ability to monitor and manage logs, such as account configuration changes and multiple authentication failures
- Visibility across network, log, configuration, vulnerabilities, etc.
It doesn’t do you any good if you have controls in place, but lack the ability to monitor for adherence to these controls. As with many organizations, users will inevitably find workarounds to the guardrails you’ve put in place (or someone from the outside finds a workaround). Maintaining visibility enables you to monitor adherence to policies and quickly identify when workarounds are attempted and/or successfully executed.
Multi-cloud environments present their own set of challenges, but can equally provide organizations with substantial benefits – from cost optimization to a more flexible IT stack. With 92% of enterprises adopting a multi-cloud strategy, understanding the complexities of these environments is critical. To learn more about security in multi-cloud environments, join us for our multi-cloud summit Mitigating the complexities of AWS, Microsoft & GCP.