Why misconfigurations continue to plague public cloud network services and how to avoid them?

Oren Amiram, Director of Product at AlgoSec, explains why misconfigurations continue to plague public cloud network services and how organizations can address these shortfalls with AlgoSec Cloud.

Cloud security as a strategy is constantly evolving to meet the needs of organizations for scale, agility, and security. If your organization is weighing the merits of the use of public cloud versus private cloud, here are a few facts to keep in mind.

Data shows that the public cloud is the preferred choice. Here’s what’s driving it.   

Public cloud security has become more ubiquitous thanks to IaaS platforms such as Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. According to Gartner, worldwide end-user spending on public cloud services is expected to grow by 20.4% in 2022 to a total of $494.7 billion, up from $410.9 billion in 2021

It is easy to see why public clouds are so appealing. Unlike private clouds, public cloud platform solutions allow organizations to provide business applications fast and reduce the costs associated with purchasing, managing, and maintaining on-premise hardware and application infrastructure. Furthermore, public clouds enable businesses to set up the required infrastructure much faster than on-premise and provide unmatched scalability, as well as extra security capabilities. 

Public cloud benefits are abundantly clear, but there’s more to this than meets the eye.

As robust as a public cloud platform, there are also challenges that organizations need to overcome. According to a recent global survey on public cloud security risks, just under a third of organizations (31%) were not confident or only slightly confident about their ability to protect sensitive data in a cloud environment and another 44 percent reported they were only moderately confident. Another survey focused on top threats to cloud computing showed that misconfiguration of the cloud platform was one of the top three concerns among respondents. This challenge is even more amplified as evidenced in a separate survey, with nearly 76% of respondents stating their organization uses two or more different public cloud providers. The findings suggest that security teams often have to manage multiple native security and management consoles to enforce security and compliance across different environments. 

How profound is the impact of misconfigurations on your network? All it takes is a single hole 

It is no surprise that enterprise IT teams find it difficult to keep their applications secure. Migration of applications to public cloud platforms involves many potential pitfalls. Misconfiguration errors can occur at many different points on the network as part of the migration process, especially when moving from traditional firewalls to cloud security controls.  

Ongoing management of applications and workflows within the public cloud presents a unique challenge. Many organizations have multiple teams using different methods to manage the applications and the security controls that should protect them, such as Ansible, Chef and Terraform, in addition to manual changes. 

Even if you are using a single public cloud platform, you still need to manage multiple security controls protecting a multitude of applications. Organizations may have hundreds of separate public cloud accounts, each with multiple VPCs, spread across different regions. These VPCs are protected by multi-layered security controls, from Cloud Infrastructure, such as security groups and network ACLs, cloud-native advanced network firewalls, to Security Products offered by ISVs, such as NG Firewalls.  

It is easy to see why misconfiguration occurs if IT teams attempt to take on this complex, tedious and labor-intensive process themselves. A single mistake can cause outages, compliance violations and create holes in your security perimeter. Digital Shadows detected over 2.3 billion files that had been Misconfigured storage services have exposed more than 30 billion records and contributed to more than 200 breaches over the past two years. It is safe to assume that as organizations seek to optimize their public cloud deployment, cloud breaches will increase in velocity and scale. According to a recent Accurics report, misconfigured cloud storage services were commonplace in 93% of hundreds of public cloud deployments analyzed.

Avoiding misconfiguration risks is easier said than done, but there’s a solution

Given that organizations are so concerned about misconfiguration risks, what steps can they take to avoid making them? There are two basic principles that should be followed:

• Ensuring that only authorized, qualified personnel can make network or security control changes

• Following a clearly defined change process, with mandatory review and approval for each stage. 

It’s also important to keep in mind that errors are still likely to occur even while you’re still carrying out your processes manually. Luckily, there is an easy solution – hybrid network-aware automation. This solution enables you to employ network change automation, eliminates guesswork and error-prone manual input, while also simplifying large-scale, complex application migration projects and security change management. 

Is there a much more holistic solution? Yes, meet AlgoSec

AlgoSec’s cloud offering seamlessly integrates with all leading brands of cloud security controls, firewalls (including NGFWs deployed in the cloud), routers, and load balancers, to deliver unified security policy management. With the AlgoSec Security Management Solution, users benefit from holistic management and automation spanning on-premise, SDN and public cloud. 

AlgoSec cloud offering, including CloudFlow, allows organizations to seamlessly manage security control layers across the hybrid network in three key areas:

• Visibility across your hybrid network

With our cloud offering, you can obtain a full network map of your entire hybrid network security estate, as well as identify risks and correlate them to the assets they impact. You can also achieve instant visibility of cloud assets and security controls, pinpointing and troubleshooting application and network connectivity issues resulting from security policies.

• Change management

Organizations can leverage a uniformed network model and change-management framework that covers the hybrid and multi-cloud environment, with an automated policy push for “zero-touch” automation. You can securely migrate workloads from on-prem to the public cloud and discover the power of CloudFlow’s central policy management, allowing you to orchestrate multiple similar security controls in a single policy.

• Cloud-centric risk analysis and remediation

You can proactively detect misconfigurations to protect cloud assets, including cloud instances, databases and serverless functions. Also, you can easily identify risky security policy rules, the assets they expose and whether they are in use. You can also remediate risk, including cleaning up bloated and risky policies and enjoy audit-ready compliance reporting, including vast support for diverse regulations. 

Find out more about AlgoSec cloud offering or start your journey through AlgoSec’s hybrid cloud hub.