Cloud Security at Scale

By Josh Neame, CTO, BlueFort Security

Widespread use of the cloud continues to transform business, and cybersecurity systems are racing to keep up. The cloud environment is exposed to a multitude of risks, ranging from ransomware and supply chain attacks, to insider threats and misconfigurations (according to Gartner, 99% of cloud failures are due to mistakes like misconfigurations). A recent report by Illumio found that in the last year, 47% of all data breaches originated in the cloud, and more than 6 out of 10 respondents believe their cloud security is not only lacking, but it poses a severe risk to their business operations.

The increasing adoption of cloud services and cloud-native technologies is heightening both the possibilities and risks. With most organisations now using three or more cloud service providers, cloud environments have become more complex than ever before. As more businesses transition their operations and sensitive data to the cloud, securing this dynamic environment against evolving threats, remains a constant and complex challenge for leaders.

Orca Security Shines a Light on the Issue

To underline the severity of the situation, a new report from Orca Security – 2024 State of Cloud Security adds significantly to the criticality of the situation. Using its Orca Cloud Solution, the team captured and analysed data from (literally) billions of cloud assets on AWS, Azure, Google Cloud, Oracle and Alibaba Cloud. You can read the report for yourself using the link above or watch the report breakdown in our on-demand webinar, but the findings that rang loud alarm bells in my head include: 

• 81% of organisations have public-facing neglected assets with open ports. Attackers routinely scan for open ports and known vulnerabilities, making these assets prime targets.
• 21% of organisations have at least one public-facing storage bucket with sensitive data – misconfigurations in sensitive data storage increase the risk of exposed customer data, ransomware, reputational damage and regulatory penalties.
• 61% of organisations have a Kubernetes API server that is publicly accessible – this can open up a path for attackers to reach underlying Kubernetes infrastructure and workloads, which could lead to data exposure and supply chain attacks.
• 62% of organisations have severe vulnerabilities in code repositories – vulnerabilities in code that make it into production environments can cause system compromises and data breaches.

It’s clear that cloud security poses a significant threat to organisations today – perhaps even more critical than many organisations realise. What can we do about it?

The Challenges of Cloud Security

Most senior decision makers with responsibility for cloud security recognise the challenges of securing today’s dynamic, highly dispersed multi-cloud environments. These include:

• Architectural complexity.
• Global shortage of cloud security expertise.
• Continual pressure to comply with fast-changing regulations for protecting data privacy.
• A lack of unified visibility across multi-cloud environments.

Tackling all of these issues at once is akin to the phrase “eating an elephant”. View the challenge as a whole and you might never get started. As with eating the proverbial elephant, the answer is to break the challenge down into bite size pieces.

First Steps to Cloud Security

Each organisation is different, and as a result there is no ‘one size fits all’ solution to tackling cloud security. However, the National Institute of Standards and Technology (NIST) has developed a set of best practices for establishing a secure and sustainable cloud computing framework. These guidelines create a foundational framework for organisations to self-assess their security readiness, and implement effective preventative and recovery measures. These principles are grounded in NIST’s five pillars of a cybersecurity framework: Identify, Protect, Detect, Respond and Recover. 

Modern businesses need a strategy to effectively manage and secure their cloud environments, and protect against the common vulnerabilities found in many cloud environments. I referenced misconfigurations at the start of this post as being the most common cause of cloud failure. A textbook example of what can happen was picked up by the media recently. More than half a million members of Australian investment fund UniSuper, were unable to access their accounts after a Google Cloud misconfiguration led to the firm’s private cloud account being deleted. 

Working Towards Securing Your Cloud Infrastructure

New cloud security platforms, frameworks and best practices, including: Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPPs), Cloud Infrastructure Entitlement Management (CIEM), Cloud Detection and Response (CDR) and Cloud-Native Application Protection Platforms (CNAPPs), all claim to tackle cloud security challenges. 

But knowing which option – or combination of options – matches your organisation’s own unique needs can be, at times, almost impossible. Cutting through the noise and marketing hype can drive you back to the “elephant eating” conundrum.

BlueFort Security can help. We have developed solutions that are driven by industry standard methodologies including NIST, but also ISO27001, CyberEssentials+ and CTEM. These solutions help organisations tackle the chaos of the cloud, and provide the requisite level of visibility across multi-cloud environments. 

Our best of breed partner Orca Security, is on a mission to provide the world’s most comprehensive cloud security platform. Designed for organisations operating in the cloud who need complete, centralised visibility of their entire cloud estate, and want to waste less time sorting through alerts; focusing instead on remediating the actual risks that matter most – Orca Security is the leading agentless CNAPP that allows security teams to work smarter, not harder.

Orca identifies, prioritises and remediates risks and compliance issues across cloud estates spanning: AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. Leveraging its patented SideScanning technology, Orca offers a single, comprehensive cloud security platform, detecting vulnerabilities, misconfigurations, lateral movement, API risks, sensitive data at risk, anomalous events and behaviours, overly permissive identities and more. 

Rooting out the Issue

As with pretty much every challenge in life, until you have a good understanding of the fix you find yourself in, it’s impossible to plot a path out. We refer to this as the ‘discovery’ phase of a cybersecurity program. Which, by the way, isn’t a point in time exercise. Discovery is never done. An organisation’s cloud environment is dynamic and always changing, with new threats appearing all the time. Continuous discovery helps cybersecurity teams find and tackle vulnerabilities in their cloud environment, before they have the potential to become a big problem. 

Below is a snapshot of some of the questions we routinely ask our customers when assessing the current state of an organisation’s cloud security posture.

1. How would comprehensive visibility and continuous monitoring of your cloud security posture enhance your overall risk management strategy?
2. In what ways could automated security assessments and remediation recommendations improve your operational efficiency and agility in the cloud?
3. What benefits could you envision from implementing a technology platform to provide real-time security insights and proactive threat prevention for your cloud environment?
4. What benefits would you get from agentless discovery of all cloud assets and workloads?
5. Would visibility of your security posture across all public cloud platforms increase security and productivity?

If you’ve asked yourself these questions, and the answers have raised concerns about the state of your organisation’s cloud security, get in touch. We can help.