By Jeff M.
What’s Going On?
ActioNet has helped multiple federal agencies successfully migrate to, and operate in, the cloud allowing them to close out on premises data centers. There are hurdles and none more concerning than security in the cloud. In many cases, the risks and threats are like on premises. Supply chain attacks are still happening. We’re not talking about cargo ships and tractor trailers. Instead, we mean when bad actors infiltrate software prior to it even being deployed. They inject malicious code into products which are then deployed into common operating environments. Some examples of this are Apple, Microsoft, Mimecast, SolarWinds, ASUS and Bitcoin.
However, the cloud has some specific issues which, while generically similar, pose a graver risk due to the ease of the mistake. We’re talking about misconfigurations. Specifically, two types are the most common. The first is Bucket Access. Improperly locking down buckets of data, like AWS S3, has been the cause of many of the data leaks reported throughout the industry. The second, and more difficult, is misconfigured Access Privileges. Roughly 83% of companies indicate at lease one breach was access related.
One of the major reasons for these misconfigurations and supply chain attacks is, ironically, success. This is a great thing! Movement to hybrid, multi-cloud infrastructure and operations, growth of applications, more rapid development for new initiatives all lead to growth. However, they also increase complexity and invariably introduce new attack vectors. Growth also means new technologies and new innovations. It’s easy to see how things can get missed with the constant and often rapid course corrections of most institutions. Process and training always run behind the curve of technology. This leads to even more mistakes. Lack of trained personnel and expertise is almost 30% of the implementation difficulty. Cross platform access privileges can be extremely time consuming to manage. Tie this to the generally overworked security staff and it’s a recipe for lapses in security. According to an ISSA study, “95% say cybersecurity skills” are in short supply and “44% say it has only gotten worse.”
Multi-cloud growth also causes significant problems with visibility into the environment. This is not a new issue but is as relevant as ever. The lack of visibility makes it easy to miss rudimentary configuration errors such as the S3 bucket public access issue which has plagued the industry. Even with built in native tools, the inability to visualize and access the data has led to many misconfiguration errors. From Least Access issues to unneeded open ports to publicly accessible data sources, it is often overwhelming to cyber security staff who often have the onus of evaluating these systems without the proper support. As new applications and services are introduced to help rectify this issue, or to cut costs, we introduce, or reintroduce, the potential for Supply chain vulnerability.
Is it Fixable?
As always, security is an ongoing effort. ActioNet recently attended the 2022 AWS Public Sector Summit as part of the ActioNet philosophy of continuous education for staff. Of all their sessions, seventeen were directly security related. Most of the rest had a security component to them as well. There are no magic solutions but instead, a group of strategies, which when applied minimize the risk. To be honest, it comes down to the usual People, Process and Technology. As part of the ActioNet principle of Security Everywhere continuous training is a must. If you read above, you will have seen that training is an ongoing issue. The concept of training once, getting a cert, and being done is long since over. So is the idea that IT and Security professionals must do all their training on their own time. Most professionals have one area to focus on and weekend reading may be enough. IT professionals often do not get that opportunity. They are at the whim of the CTO. Whence the CTO points, the IT army goes. This means a professional may be extremely well versed in one area but now must operate in another entirely. Senior level certifications often require years of study so expecting that to happen over the weekend is a non-starter.
AWS Secure Disaster Response Jeep Gladiator providing real time on the ground secure disaster response coordination
- Continuously train your staff, send them to courses, have gaming solution sessions, and allow them to identify where they want to go. This leads to more satisfied, eager, and knowledgeable staff capable of meeting industry security needs.
- Avoiding Shadow IT helps reduce the risk of supply chain vulnerabilities as the applications in use are well known.
- Process is key. Make sure your incident response process is not only up to date but have bi-monthly game days with new employees to ensure understanding, create awareness, and find shortfalls in the process. Continuous evolutions. ActioNet is CMMI Level 4 and we bring this maturity to our cloud security as well. Having a mature process management, including training, testing, and awareness, is key to successful cloud security and operations.
- Update your CMDB. ActioNet is a Premier Service Now partner and has vast experience implementing ITOM and CMDB solutions. CMDB’s provide acute visibility into systems and can help warn you of potential attack vectors as well as helping to control Shadow IT and save money.
- Move from DevOps to DevSecOps. ActioNet has implemented automated code scanning and vulnerability testing into its pipelines as far back as the development environment. This ensures awareness and remediation can happen early on and helps reduce failed deployments.
- Update your IT visibility. Invest in log visibility, not just log collection. Security information and event management (SIEM) tools are an essential part of security and cannot be an afterthought.
ActioNet has operated in unclassified, classified, and top-secret environments for over 25 years successfully. We are sharing this with you because we truly believe in Security Everywhere. Bad actors are constantly evolving, and you should, too. If you do need help with your environment, please feel free to reach out!