Why IaaS security should be a priority
Article by Bitglass senior marketing director Jonathan Andresen.
Why are CIOs and IT organisations prioritising investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains and partners.
Getting the most value out of legacy systems typically involves integrating them with cloud infrastructure and apps. As a result, cloud infrastructure in IaaS is projected to see an end-user spending increase of 38.5% this year alone — growing to $223 billion in 2025, making it one of the fastest-growing cloud services, according to Gartner.
Popular infrastructure services include Amazon's Elastic Compute (EC2), the Google Compute Engine, and Microsoft Azure.
There are clear advantages of IaaS cloud computing. IaaS infrastructure is elastic and scalable, letting businesses purchase extra capacity as needed without investing in hardware that must be deployed and maintained. What's more, IaaS enables an increasingly remote workforce, who can connect to their business from any place with an internet connection.
With unlimited computing resources only a click away, IaaS has become a tool of choice for developers. However, what's less well understood is how to best secure IaaS infrastructure and the data created and uploaded to it.
IaaS apps are designed for productivity with default settings geared towards ease of use — not security. As a result, the misconfiguration of cloud infrastructure is a leading contributor to data breaches. If an organisation's cloud environment is not configured properly, critical business data and applications may become susceptible to an attack.
Because cloud infrastructure is designed to be easily accessible and promote data sharing, it can be difficult for organisations to ensure their data is accessed only by authorised users. This issue can be exacerbated due to a lack of visibility or control of infrastructure within their cloud hosting environment.
Using IaaS safely requires that organisations address the three pillars of IaaS security: securing data at rest, securing custom applications, and cloud security posture management (CSPM) — which is designed to identify misconfiguration issues and compliance risks in the cloud.
An important purpose of CSPM is to monitor cloud infrastructure continuously for gaps in security policy enforcement.
Typically, IaaS solutions need extensive configuration to function well. Failing to apply even a single setting correctly can prove disastrous for any company. Fixing misconfigurations on these platforms is a critical step to prevent data leakage. When organisations fail to do this, data within storage offerings such as AWS S3 can be left public-facing and open to anyone who tries to access it — especially cyber-criminals.
According to Gartner, misconfiguration of the cloud environment is one of the more common mistakes in the cloud that can lead to a data breach — and the use of a CSPM tool can reduce cloud-based security incidents due to misconfigurations by 80%.
At a minimum, CSPM tools should include the ability to:
- Detect and automatically remediate cloud misconfigurations with an intuitive graphical interface;
- Maintain an inventory of best practices for different cloud configurations and services;
- Map current configuration statuses to a customised security control framework or regulatory standards;
- Work with IaaS, SaaS and PaaS platforms in containerised, hybrid cloud and multi-cloud environments; and
- Monitor storage buckets, encryption and account permissions for misconfigurations and compliance risks.
CSPM tools play an important role in securing a cloud environment by reducing the possibility of data breaches. For this reason, IT leaders should consider implementing CSPM in tandem with a cloud access security broker (CASB). CASB is a software tool or service that can safeguard data flow between on-premises IT infrastructure and a cloud provider's infrastructure.