9 out of 10 customers scanning cloud storage – receive a straight F on their cloud assessment scan.
A cloud assessment scan is a tool that helps customers detect accidental misconfiguration in their cloud infrastructure.
Breaches due to cloud misconfiguration by users are common. A recent breach exposed 752,000 US birth certificate copy applications on Amazon Web Services (AWS) storage. In a separate incident, millions of SMS text messages were left exposed due to a wide-open elastic search database. Storage and Compute resources in the cloud are often deployed and configured with a multitude of tools and a default set of configurations, which leads to accidental exposure of cloud resources and breaches.
As an example: Most dev-ops teams prefer to use templates to deploy and re-hydrate infrastructure. It’s a common practice to build a template to deploy and keep re-using it. In such cases, if you are sharing a template, you also inherit security controls around the templates. In most cases, they come with a default set of configurations and open to the wide world.
For security administrators, misconfiguration, such as storage buckets left wide open or port exposure on PaaS and IaaS services, come back to haunt them as nightmares.
Most security practitioners have limited expertise in cloud security. They retrofit on-premise security and datacenter security to the public cloud and fail miserably. While most configurations look simple, monitoring them and applying policies across all services, subscriptions, and different cloud services can be complicated and challenging.
I would like to better understand and secure my cloud services, but where do I start?
It’s always good to start with CIS benchmark policies for Azure and AWS. CIS – Center for Internet Security – has come up with a set of benchmark assessments to keep your cloud assets secure. Implement these benchmark policies as a standard security practice.
Barracuda provides a free scanner that evaluates your public cloud and gives you a high-level overview of your cloud security posture.
To get a free Cloud Assessment scan Click here.
Even after a scan, there are still complexities to deal with:
- How do you deal with cloud subscriptions scattered across multiple teams?
- How do you deal with multi-cloud?
- How do you cope with changes that happen dynamically across all cloud subscriptions?
Barracuda Cloud Security Guardian (CSG) is a SaaS service that provides continuous monitoring across all cloud subscriptions for both AWS and Azure. A single pane of glass, where you can get a comprehensive view of all cloud assets and apply pre-defined security policies such as CIS, NIST, PCI DSS, HIPAA to all your cloud subscriptions. Also, a single pane of glass to review your native security alerts and compliance violations. Security auditors can get a holistic view of cloud security and remediate violations in real-time. With 80 percent of cloud breaches being self-inflicted by the customer, per a Gartner Research finding, CSG helps ensure cloud infrastructures are continuously secured—automatically.
Vinayak Shastri is a Sr Product Manager at Barracuda Networks. In his role, he runs product management for Barracuda Cloud Security Guardian. He has contributed the last five years on cloud security and the past 12+ years in various roles around sales and technical marketing. He holds a Masters in Business Administration from the University of North Carolina and a Bachelor of Engineering from VTU, India.
Connect with Vinayak on Linkedin here