Businesses are enthusiastically adopting cloud computing as a cost-saving technology, and it’s no wonder, the business case for cloud technology speaks for itself: reduced asset depreciation, remarkably agile resources that can scale up or down within minutes, and fewer staff to maintain it.
Unfortunately, this is only part of the picture.
Many businesses are also recognizing that, along with the benefits, there are security risks inherent to cloud computing. Managing cloud security risks requires awareness, specific security tools, and a different approach to keeping data safe. Here are three ways that cloud computing security differs from traditional security measures.
Cloud computing happens on computers you don’t control.
Cloud computing introduces a new level of resource management that happens outside a business’ walls. Users of cloud services often fail to recognize the security implications of hosting software and data on computers they neither own nor control.
Cloud services come with their own set of technologies to configure and manage your cloud infrastructure, for example tools to allocate compute and storage resources, (like EC2 and S3 services on AWS) or to set up user accounts for the cloud itself (like AWS’ IAM). Administrators often forget to protect these tools or don't have the right resources to do so, making it easy for attackers to gain entry by declaring themselves an admin for your cloud.
Another example: when creating a file on AWS storage, security-conscious people will ensure that only the right users have permission to access the file. But, they often forget (or are not aware) that the AWS system for user-management also has to be secured. The most common attack on AWS is when the malactor takes over the user-management system for your AWS account, creates a new admin user account, then accesses all these perfectly secured files.
While cloud platforms do secure their own infrastructures, enterprises still remain responsible for protecting everything they put in the cloud. (Tweet this!)
Even tools related to the management of the cloud infrastructure are susceptible to attack and therefore require additional protection. This is where a solution like Uptycs comes in. Uptycs is a cloud-based platform which leverages the open source universal agent, osquery. Not only does Uptycs pull data directly from AWS (data about AWS services), but it also uses osquery to pull information about the resources inside AWS, ensuring the security of both aspects.
Cloud data is harder to monitor and scan.
A typical network environment receives a constant, high-volume stream of data. Analyzing this traffic for malicious content requires a lot of processing power. A conventional on-premise network uses a dedicated firewall or specialized security appliance for Intrusion Detection to handle the brunt of the task of filtering the network data, blocking unwanted traffic.
The challenge with cloud computing is that the network layer doesn’t belong to you; it belongs to and is managed by your cloud provider. You therefore don’t get to control the quality of data reaching your cloud computers.
In the absence of dedicated firewall hardware, a network environment requires an alternative solution for monitoring incoming data and identifying and flagging suspicious or unwanted activity. The alternative is to do all the network security processing on the compute node itself; unfortunately, network security processing is so heavy weight that, if you tried that, the compute node would do no real work, and instead spend all of its resources securing itself.
A solution like Uptycs continuously monitors and flags suspicious activity “on the inside.” Uptycs' solution is to use osquery to harvest only the relevant network data from the compute node and ship it off to the Uptycs datastore, where we have the horsepower to analyze the data.
On-demand cloud computing and conventional security software don’t mix.
Cloud computing brought on-demand computing to reality, and there is no denying the benefits of sources that can be purchased and retired in the span of seconds. That’s a clear win; however, the problem lies with conventional security software, which simply can’t keep up. It’s a catch-22. If you force security software to install alongside every new cloud resource, those resources become cumbersome and unresponsive. However, if you allow cloud resources to operate without security software, they’re highly vulnerable to attack.
Uptycs resolves the incompatibility of cloud agility and security. It uses osquery to collect system information from containers/servers and ship it to the Uptycs backend, where the actual work of security, which requires heavy lifting, is done on massive compute and storage resources. This whole idea of "collect enough data and offload the security work" is what makes it possible to solve the cloud security problem. This solution is also DevSecOps-friendly because it matches the speed of deployment for containers and cloud servers. Having Uptycs’ cloud scale compatible security and monitoring gives you insight into both real-time and historical state configuration data for all of your transient assets, making intrusion detection, vulnerability monitoring and compliance reporting possible even for assets no longer in production.
If you want to dive deeper into the specific challenges of securing cloud-native infrastructure, check out this white paper to learn strategies for building a secure cloud!
Improve your cloud security with Uptycs.
Cloud computing security risks require a different approach. Uptycs is uniquely capable of covering the blind spots introduced by cloud workloads:
- It pulls information directly from AWS to protect the AWS infrastructure as well as the resources within it.
- It uses osquery to collect relevant data for analysis, and then processes it on its own highly efficient back-end infrastructure.
- It monitors and stores the state of ephemeral assets that traditional scheduled scanners would never see, enabling historical recreation for incident investigation.