Although solutions exist to increase visibility in multicloud environments, some are not necessarily ideal for overcoming all types of cloud security visibility issues. Furthermore, when a business implements an unsuitable solution, the business can develop a false sense of security and overlook other cloud threats.
Because of privacy concerns in multi-tenanted environments, Cloud Service Providers don’t enable businesses to monitor activity in the cloud below the level of abstraction. This lack of visibility can lead to application and network performance issues, delays with resolving the issues, and no guarantees the steps taken to resolve the issues actually work. The lack of visibility can also mask security threats.
In recent years, Cloud Service Providers have tried to help address cloud security visibility issues by offering solutions that give businesses the option of attaching agents to resources. For example, Amazon’s Inspector solution, Azure’s Cloud App Security Service, and Google Cloud’s Stackdriver Monitoring Agent can all be configured to provide information about what’s going on “under the hood”.
Cloud Service Providers have also acknowledged that an increasing number of businesses operate in hybrid and multicloud environments, and have introduced services—or increased the capabilities of existing services—to cater for businesses requesting visibility across two or more infrastructures. Unfortunately these services do not resolve every cloud security visibility issue.
Why cloud security visibility issues still exist
Typically Cloud Service Providers’ multicloud services work by collating metadata collected by the agents. This is not the same as deep level packet data required to identify unused “zombie” resources or the causes of application and network performance issues. It’s also the case the metadata doesn’t provide the depth of information required to identify security issues such as publicly-accessible data.
In addition, blind spots still exist when traffic travels over the Internet between public clouds or between public clouds and on-premises infrastructures. This cloud security visibility issue not only means businesses are unable to monitor and address threats such as man-in-the-middle attacks, they may also be in breach of compliance regulations if they don’t know where their data is at all times.
One final consideration when evaluating Cloud Service Providers’ multicloud visibility services is their limitations. For example, neither Amazon’s Inspector service not Azure’s Cloud Security App Service is compatible with Google Cloud Platform, and although Google’s Apigee service is genuinely cloud agnostic, it doesn’t allow you to apply proactive security policies to prevent security issues—it just tells you that they have happened after the event.
The solution for overcoming cloud security visibility issues
A problem with implementing the above Cloud Service Providers’ multicloud visibility services is that businesses can develop a false sense of cloud security. If a business believes it is being protected from every kind of cloud security threat by a solution that has limitations, it may take its foot off the pedal with other cloud security measures (i.e. IAM management).
The solution for overcoming cloud security visibility issues is to implement an agnostic cloud management platform such as CloudHealth by VMware that allows you to deploy granular agents and apply customized security policies (which Amazon’s Inspector solution doesn’t allow you to do) in order to better protect your cloud environment from all nature of security threats.
The CloudHealth platform can be configured to notify you of less serious security issues (i.e. when it is time to rotate passwords) or initiate a function that prevents a violation of your security policies. For example, CloudHealth can be configured to automatically encrypt sensitive data stored in the cloud, block the deployment of resources outside specific hours (to help prevent crypto-jacking), and revoke user access when suspicious activity is identified (i.e. log-ins from unrecognized IP addresses).
With regards to the biggest threats to cloud security—misconfigured applications—CloudHealth can prevent the deployment of resources that do not comply with approved configurations and—when used in conjunction with VMware Secure State—continuously verify the status of applications to ensure they remain in their approved status.
Cloud Security Alliance is hosting an educational workshop highlighting successful strategies for organizations looking to improve their security posture while empowering developers to stay agile throughout their development pipeline.