Share this article
- Your provider is responsible for the security of the cloud (e.g., global infrastructure, storage, databases, networking, compute, etc.)
- You are responsible for security in the cloud (e.g., data, platforms, applications, operating systems, firewalls, etc.) and we can manage it with and for you!!
The 3 main security risks in IaaS Cloud: Misconfiguration, Vulnerabilities, and Shadow-IT
1. Avoid Misconfigurations, Apply Security Best Practises in the Cloud
The Discovery process is high-speed and nonintrusive. Unlike traditional networks, we do not need to rely on Network Scans; we use the IaaS APIs.
The benefits: no impact on network transactions (latency/congestion), no risk of false positives. Stopped and suspended (i.e., without network activity) asset are detected.
For example in AWS, we will query your account, and compare it with a set of 52 security rules. Then, we give you the advice to fill the gaps to achieve compliance, to get a five stars security level, and minimize threats.
CIS-AWS – 1.1 Avoid the use of the “root” account
Service IAM – Risk Level High
Using the “root” account entity is dangerous and should be avoided, if possible. Users should practice “least-privilege,” a technique where specific user accounts are created and assigned the minimum privileges necessary to complete their work. Additional privileges can be added to their account as their scope grows, but no user should have the limitless power of the “root” entity. We examine your account to determine if a non-root entity exists, ensuring that you have at least one IAM user configured to perform daily work functions.
Create an IAM user and assign the basic role or privilege that you deem necessary to perform daily functions.
By checking Configuration with more than hundred tests run, we are able the get the best security misconfiguration cover and find the wrong or insufficient setup.
2. Detect and Mitigate Vulnerabilities in Workloads
While vulnerability management is a must-have in traditional or cloud environments, workloads change more rapidly in the cloud. We need to adapt our approach for more recurring scans, more automation and deeper analysis.
The benefits of using our Elastic Workload Protector technology:
- SCAN more often with no impact on workloads: with our patented technology, we can run deep intrusive server analysis with no impact on running servers.
- PRIORITIZE with quick evaluation of real and residual risk of your information system. Track your compliance evolution to the market security standards. (CVE, CIS, PCI, OWASP, ANSSI)
- REMEDIATE taking into account the cyber attack consequences on your company and setup an efficient action plan.
3. Uncover Shadow-IT in IaaS
The ability to detect servers or services with no activity. Probably, they have been started for tests and forgotten by their owner. They cost money, and presumably as they are unused, they are not updated and therefore are a point of vulnerability in the infrastructure. (Gartner says that 28% of servers are ghost servers)
Storage disks that are not attached to any computing resources and that anyone can attach to any servers. This storage can contain sensitive or critical data that can leak.
Example: using cloud to crack passwords or launch attacks
Example: Side channel attack detection from you own account can be detected with Elastic Detector, just by detecting a suspicious activity on your own account (several launch and termination on virtual machine).
This introduces a new attack surface. It is straightforward to make mistakes with lines of code that have a great impact (for example disabling all firewalls takes 1 line of code)
AWS has more than 50 different services, and it is releasing new ones every month. It is hard to keep the pace and easy to make mistakes at the beginning. You cannot be an expert on everything (from map-reduce to load balancing)
In Cloud IaaS, it is effortless to deploy a new server and just to stop the old one. This server is then not seen and not updated during the patching for example. In this case, when you start this server for any reason (checking old version of the website for example, restoring due to a server crash, etc..), this server become the riskiest and vulnerable server in your infrastructure.