Analysis of public cloud accounts across Amazon Web Services, Microsoft Azure, and Google Cloud Platform reveals a silver lining when it comes to the protection of cloud data.
THE STATE OF CLOUD SECURITY 2020. 70% of organizations hosting data or workloads in the public cloud experienced a security incident in the last year with multi-cloud organizations reporting up to twice as many incidents’ vs single platform adopters.
New research shows that in the last year, 70% of organizations that use public cloud services experienced a security incident. These incidents included attacks from ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%).
The Sophos Cloud Security Provider (CSP) program provides the tools, training, recognition, and financial incentives to support and secure customers using or migrating to the cloud. Join Now Learn More Sophos Hybrid Cloud Security. Sophos Cloud Security Posture Management Easily identify cloud resource vulnerabilities, ensure compliance, and respond to threats faster. Asset and network traffic visibility for AWS, Azure, and Google Cloud Risk-based prioritization of security issues with guided remediation. A Cloud Access Security Broker (CASB) or Cloud Applications is a technology that sits between users and the cloud to monitor activity and enforce security policies. Therefore, it helps identify and eliminate risky behavior and data at risk. The feature requires the Web Protection Module. This article describes how to use the Cloud Applications. THE STATE OF CLOUD SECURITY 2020. 70% of organizations hosting data or workloads in the public cloud experienced a security incident in the last year with multi-cloud organizations reporting up to twice as many incidents’ vs single platform adopters.
Ninety-six percent of these organizations are concerned about their current levels of cloud security, with data security being the top concern for 44% of them. It’s a good time to address the fundamentals of cloud security best practices: access to cloud environments and the protection of sensitive data.
Secure who gets in
Identity security represents a huge challenge for organizations. A review of cloud accounts by the Sophos Cloud Optix cloud security posture management service discovered worrying trends in organizations’ security posture as it relates to cloud account access, with 91% of organizations having over-privileged Identity and Access Management roles and 98% without MFA enabled on their cloud provider accounts.
Managing access to cloud accounts is an enormous challenge and yet only a quarter of organizations in our research saw it as a top area for concern, while a third reported that cybercriminals gained access by stealing cloud provider account credentials
Why securing access matters
Granting extensive access permissions to IAM users, groups, and cloud services is a risky practice. If such credentials get compromised, cybercriminals may gain access to any services and data those permissions grant. All user accounts should have MFA enabled, as it adds an extra layer of protection on top of usernames and passwords.
Secure what can get out
You won’t have to look far to find stories of shared storage-related data breaches caused by misconfiguration, where security settings with public read/list permissions had been enabled. AWS has even released an update to help customers from running afoul of this – one of the biggest causes of cloud data breaches. In our review of cloud accounts, we discovered that accidental data exposure through misconfigured storage services continues to plague organizations, with 60% leaving information unencrypted. Organizations are making it easy for attackers to search for and identify new targets.
The silver lining in all this is that the number of organizations exposing data to the public internet is declining, with Sophos Cloud Optix identifying that only 13% of organizations left database ports open to the internet and 18% of organizations had storage services with public read/list permissions enabled. Assuming there will always be use cases for public access being available, organizations are starting to close the door on this, the most common attack method for obtaining sensitive company and customer data.
Why secure configurations matter
Sophos Cloud Security Posture Management (cspm)
Encryption is critical when it comes to stopping cybercriminals from seeing and reading stored information, and is a requirement for many compliance and security best-practice standards. “Public mode” – a setting that can be applied to databases, shared storage, and other cloud provider services – is a major cause of data breaches, and misconfiguring cloud services in “public mode” allows cybercriminals to automate their searches for security weak points. Guardrails should be in place to prevent such misconfigurations.
Think you know what you’ve got in the cloud?
Take control of your cloud security with a free inventory assessment and security check powered by Sophos Cloud Optix. Activate a free trial to get to get 30 days of commitment-free usage, including:
- Comprehensive inventory of everything you’ve got in the cloud: virtual machines, storage, containers, IAM roles, etc.
- Visualize IAM roles like never before and stop over-privileged access roles and stolen credentials from being exploited in cyberattacks
- Harden Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes clusters, and Infrastructure-as-Code environments to reduce your surface area for attack
- Automatically detect security and compliance vulnerabilities, suspicious access, network traffic and cloud spend anomalies
- No agent, no install, no tie-in
Once you have a Cloud Optix account set up, follow the step-by-step instructions on the screen, which will walk you through adding your AWS, Azure, and GCP environments. For more information, read the Getting Started guide.
Should you need help at any point, check out the community forum or reach out to our technical support team.
by Joe Panettieri • Jul 27, 2020
Sophos Intercept X for Server Advanced with EDR (Endpoint Detection and Response) has gained new multi-cloud security monitoring features to help partners and customers safeguard Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) workloads.
Sophos Cloud Security Posture Management
The effort leverages Sophos Cloud Optix, a public cloud visibility and threat response service that allows partners and customers to “detect, respond, and prevent” cloud security and compliance gaps, the company asserts.
The new Sophos offering empowers partners for fast-growing Cloud Security Posture Management (CSPM) opportunities.
The thesis: Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes, Gartner asserts. With those risks in mind, MSPs and MSSPs can leverage CSPM tools to help ensure customers correctly configure public cloud IaaS and PaaS services and mitigate cloud risks. CSPM security tools typically offer such capabilities as compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization, Fugue notes.
Sophos Cloud Security Posture Management (CSPM)
In the case of Sophos, the company offers a management console that allows partners and customers to “dive directly into assets to get more detail about your asset inventory and cloud security posture.”
Key capabilities, the company says, include:
- Cloud asset inventory – spanning cloud infrastructure such as cloud hosts, serverless functions, S3 buckets, databases, and cloud workloads.
- Access and traffic anomaly detection – unusual login attempts and suspicious traffic patterns are detected and blocked or flagged to the admin as appropriate.
- Security scans – daily and on-demand scans monitor, detect and automatically resolve issues where possible, with admin notification if manual intervention is required.
- Configuration guardrails – stop accidental or malicious tampering with configurations that could negatively impact security posture
- Compliance policies – ensures that a cloud environment conforms to Center for Internet Security (CIS) best practices.
- Alert management integrations – receive email notifications when manual intervention is required.
Sophos Endpoint Security Cloud
Sophos CSPM: More Details.
The new capabilities are available with all Intercept X Advanced for Server with EDR customers at no additional cost.
Current customers using Sophos Central that would like to try out this new functionality – in addition to the recently released EDR IT operations and threat hunting capabilities – can start a trial from within the Sophos Central console, the company says.