Cloud Security Part 1: Why So Many Cloud Servers are Vulnerable
You wouldn’t leave your car unlocked in a public parking lot, so why are so many organizations leaving their servers unlocked in the cloud?
Security is the number one concern for cloud adoption. Deployment of cloud applications is daunting when you consider the risks of having your applications, infrastructure, IP and private information in the cloud. Yet the cloud bears an abundance of benefits to today’s enterprise – availability, agility, scalability, performance, and more. So, like every business decision, it’s all about finding a balanced and acceptable risk. Although this can sometimes be ambiguous, there are several things we know right off the bat: We must secure the cloud, including our applications and data used within it; and we must ensure that our security is simple and scalable – that our cloud security is as elastic as the infrastructure it protects.
You Can’t Secure if You Can’t Manage
First, when it comes to cloud security, elasticity and efficiency of management are as important as security itself. The cloud is infinitely and immediately scalable. In the blink of an eye you can scale from one server to one hundred. In a world of automation, if security is manual it will not be sustainable. And, generally speaking, security that’s cumbersome and complex is security that goes unused. Thus, if security management is not automated, controls are discarded, mistakes are made, and servers and infrastructure are left vulnerable.
Traditional, on-premise security fails to cover the cloud. Nearly every facet of modern security was designed to defend from outside the perimeter, yet when you consider security in the cloud there is no perimeter to defend. Our modern security solutions are designed to protect a legacy infrastructure – one where we have a physical corporate perimeter, with all of our infrastructure and applications safely secured therein. Conversely, however, the cloud is itself outside that perimeter, and one could argue whether the cloud itself has a perimeter and where it is – at the cloud, at the virtualization host, where? What’s more, now too is our enterprise as we place more and more of our applications and data in it. Hence, as we’ve known for years due to mobility, the perimeter is eroding. With mobility our concern was how to protect our users who, if compromised, typically had a relatively low threat impact. Conversely, today, cloud is eroding the perimeter and what’s left vulnerable is our core infrastructure and applications – a much more critical resource than a single endpoint, that has a tremendously high threat impact.
You Are Here!… Now How Do you Get There?
Cloud server firewalls are the best place to stop attacks and prevent exploits of OS and application vulnerabilities. They’re the first point of potential vulnerability at which any hacker would attempt to connect to and gain access to your application and data. That said, securing cloud servers can be very, very cumbersome and complex, and entail a laborious and manual process.
If you want to use your cloud, you need to be able to connect to and manage it. That means you need to punch (often many) holes in your cloud server firewall for administrative access, including SSH, Remote Desktop, and more. Opening and closing a firewall is typically done through the hosting or cloud service provider’s management UI, and is done manually. On the face of it, this isn’t a big deal. It sounds easy enough to do… you just need to do it time and time again with each new server you add to your cloud. If you have just a few servers this doesn’t sound difficult, but if you have many it can be exhausting. Still, once you configure your server to have your administrative ports open, you’re done, right? WRONG! What you’ve just done is expose your entire cloud server infrastructure to vulnerabilities and hackers.
To prevent unauthorized access and ensure your cloud infrastructure isn’t vulnerable, you need to close all your administrative ports, and open them only when, for whom, for what, and for as long as you need access. This is, however, where that manual firewall management process fails you, because using the hosted or cloud service provider’s UI to manually open ports to each and every cloud server you have every time someone needs to access and administer your servers is far too cumbersome and time-consuming. And remember, you have to close those ports as soon as access isn’t needed, or you expose yourself to being vulnerable. You might try it for a while, but in very short order you’re bound to forget to close a port, open the wrong one, or even give up and accept the risk that comes from leaving all SSH (or other administrative port) ports open by default, just to make your job easier.
In the next post we’ll share the secret sauce to cloud security, and how to make your security management as elastic as your infrastructure.
- » Marriott reported another data breach: Why cyber risk assessment is important
- » AWS makes Amazon Detective generally available for greater security awareness
- » Keep your foot on the gas: Maintaining momentum after your cloud migration
- » Realising the impact of unsecured container deployments: A guide
- » What is cyber insurance truly worth? Analysing the risks and responses