At the recent VMworld Europe 2019 event in Barcelona, VMware Secure State’s Hadar Freehling demonstrated how customers avoid misconfigurations in AWS and Azure. Freehling was joined in the breakout session by a customer who uses Secure State to reduce security risks in cloud deployments.
One of the key takeaways from this year´s VMworld conferences is the way in which VMware is embracing SaaS solutions in order to give existing customers more choice and attract new customers to its cloud computing and virtualization services. Nowhere was this more evident than at VMworld Europe 2019 where a SaaS-based “self-driving” operations and management solution was announced along with “Project Magna” – a SaaS solution for self-tuning customer’s infrastructures.
However, despite the keynote announcements centering on making customer´s infrastructures more intelligent, the underlying focus was on cloud security. Many showcase events discussed security in the cloud; and – between the keynote speeches, showcase events, and workshops – there were a number of breakout sessions led by VMware’s Cloud Security Solution Architect Hader Freehling. One in particular on how customers avoid misconfigurations in AWS and Azure was particularly interesting.
Avoiding Misconfigurations in AWS and Azure are a Major Customer Concern
Freehling started the session by discussing the state of public cloud security and a number of high-profile data breaches, and concluding “when you make a mistake, the world knows about it”. He attributed the high number of public cloud security breaches to a misunderstanding of the cloud – especially when businesses try to apply on-premises security processes to cloud environments.
According to Freehling, there is a much higher risk of data breaches in the cloud because misconfigurations in the cloud aren’t protected by an internal firewall as they would be in on-premises infrastructure. He noted there are bots combing the Internet for such misconfigurations that can take control of a business’s cloud accounts within thirty seconds.
Freehling acknowledged businesses are aware of the risk, and rank misconfigurations as one of their biggest security threats in the public cloud. He then went on to introduce CloudHealth by VMware’s solution for mitigating the risk of misconfigurations VMware Secure State – a SaaS interconnected cloud security solution that alerts businesses to misconfigured resources in real-time.
How Secure State Helps Customers Avoid Misconfigurations in AWS and Azure
Freehling opened his demonstration of VMware Secure State by stating that “to secure the cloud, you need to operate at cloud speed”. In order to achieve the required speed, it is important the right people are notified at the right time when mistakes are made and misconfigurations exist in cloud deployments. There is no point in sending notifications to the Security Operations Center according to Freehling because a) SOCs don´t own the resources in the cloud, and b) they are typically overworked.
Therefore, VMware Secure State sends an instant notification to the developer or individual responsible for launching the misconfigured resource rather than SOC. This enables the error to get fixed quickly at less risk and at less cost to the businesses; and, as well as monitoring new deployments, the solution notifies the responsible party when updates or changes are made to a resource that results in misconfigurations.
The way the solution does this is by analyzing events when a resource is deployed or modified. AWS and Azure automatically send events to the VMware Secure State solution, which compares them against the business´s security policies. If a misconfiguration exists, the notification not only flags the misconfiguration to the responsible party but also sends a violation map which indicates other resources affected by the misconfiguration.
Compared to cloud-native security solutions that might alert a business to a number of misconfigured RDS databases (the example given in the demonstration), the benefit of the violation map is that developers can prioritize the riskiest misconfigurations and deal with them first. The activity log (the column on the right of the above image) also provides further information about who or what was responsible for the misconfigured deployment and when it occurred.
How Discovery Avoids Misconfigurations in AWS and Azure
At this point in the presentation, Freehling introduces Johan Marais – the Virtualization Manager at multi-national financial services company Discovery. Marais is part of a security team managing 8,000 instances across fifty-two AWS accounts with more than nine hundred security groups between them. Marais confirms the biggest security threats in the public cloud mentioned earlier, and explains how his company uses Secure State for:
- Continuous security verification
- Security posture management
- Real-time threat detection
- Continuous compliance
Marais also describes the company’s cloud journey (which started in 2012) the rate at which problems manifested. He rated his toughest challenges as gaining visibility into the company’s cloud environment, standardizing procedures by implement guardrails, and pipeline integration into day-to-day operations. Although cloud-native security solutions provided some of the information he needed, the information was disparate.
Discovery was already using VMware in its five on-premises data centers when VMware Secure State was launched in August 2018, and – due to VMware Secure State having the capabilities to resolve many of Marais’ challenges – it was implemented immediately. Marais said that, due to Secure State being an SaaS solution, he was able to onboard it quickly and payback from the solution was realized in a very short space of time.
Find Out More about CloudHealth’s New Multicloud Security Solution
If your business counts misconfigurations among the biggest security threats in the public cloud, and you would like to know more about how to avoid misconfigurations in AWS and Azure with VMware Secure State, do not hesitate to get in touch. Our team of cloud experts will be happy to organize a demonstration of the interconnected cloud security model and answer any questions you have about protecting your environment from misconfigurations with VMware Secure State.