PCR Tech and IT retail, distribution and vendor news
Karun Malik, vice president channel and strategic alliances at Qualys discusses IT security and cloud misconfigurations.
Companies of all sizes use the cloud. AWS, the biggest company in the market, has millions of customers worldwide, choosing from more than 200 services to meet their needs. More than 100,000 companies work with AWS as channel partners worldwide. The likes of Microsoft and Google have similar programs with their partners, all looking at how they can help customers achieve their goals.
Cloud deployments work based on shared responsibility – the cloud provider offers the technology and services you run on while the customer and partner are responsible for setting up the services and running the applications on top. However, this flexibility opens up some potential challenges. Cloud services depend on their configurations to work. This includes all the settings and security policies that keep data secure and prevent attacks.
Sadly, misconfigurations are all too common. The Center for Internet Security has created and published benchmarks for the three common cloud platforms that demonstrate security best practices. Yet misconfigurations are prevalent in company cloud environments – according to our TotalCloud Insights report for 2023, cloud deployments typically fail CIS benchmark checks all too readily. On AWS, the average failure rate (AFR) for benchmarks was 34 percent, while the AFR for Azure was 57 percent and 60 percent for Google Cloud Platform.
Typical problems include disk encryption, identity management, and security controls over external Internet-facing assets. For example, many companies don’t have encrypted data storage in their cloud deployments, even though cloud service providers typically provide encryption at no additional cost. When this security step is as simple as checking a box during deployment, it should be in place automatically, but it is often overlooked.
Similarly, implementing identity management for access control around cloud services should be a critical requirement for any deployment. Yet it is often missing or not implemented correctly, which leads to more risks around security breaches over time.
Why misconfigurations matter
These failure rates should be concerning. Misconfigurations amplify the risk that a customer will be breached or have unauthorised access to their account and installation.
There are many factors behind why this might take place. Cloud environments are complex, and many companies lack the experience to manage their environments over time. Keeping up with all the changes around cloud services can be a full-time job. Human error in the set-up process can lead to default conditions getting missed, insecure settings being used and permissions that are not strict enough. Couple all this with the rapid deployment approach cloud environments support, and it is easy to see how problems creep in.
Cloud environments are dynamic, changing from day to day, hour to hour and even minute to minute. Keeping track of all these services and deployments is hard for established security teams, so IT teams at smaller businesses will find it even harder as they are time poor and have other responsibilities. Yet failure to get control of these security “cracks” can quickly open a cloud environment and expose sensitive data and resources to attackers.
The role for channel providers
Providing cloud security help is therefore a natural fit for channel companies that already provide cloud deployment support and implementation services. Implementing these services securely is a value-add that should be in place, but keeping those deployments secure over time is an ongoing revenue stream that should also be considered.
Customers need help prioritising issues so they know what to mitigate first, based on how serious the risks are to their unique environment. Remediating the most serious issues first makes life easier for IT security teams, and it reduces the risk overall to the organisation.
Getting continuous insight into your customers’ deployments and configurations can show up where potential problems exist, and help you deliver any necessary changes in a fast and efficient way. This can provide ongoing service opportunities to help customers avoid misconfiguration problems and any resulting data breaches.. For partners, this long-term relationship opportunity is also a great way to differentiate from other cloud provider partners.
Misconfigurations represent a significant risk for company IT deployments that have to be constantly monitored. Checking vulnerabilities and misconfigurations has to be automated so that it can keep up with the speed at which changes are made in the cloud. Threat actors use automation to detect potential issues, so we as partners and providers have to work as fast as they do.
