Cloud adoption is a topic which we have published a number of blogs on; and have daily conversations about. The benefits of the cloud are well documented, from lower operational costs to better rates of availability.
But we can't help but feel this is sometimes against the behest of security.
So what can you do, now that your network is in a state of hybridity, to improve the overall security posture of these seemingly intangible, yet sensitive assets?
All is not lost!
We have whittled it down to three must-have solutions which you should have in-place, whether it be for AWS, Microsoft Azure, Google Cloud or another provider.
1. Secure Configuration & Benchmarking
We have said it before and we will say it again: Re-inventing the wheel is a foolhardy approach in an industry where everyone is lacking in time.
There are a number of well known and respected organisations offering secure configuration standards for everything from operating systems, to network devices to virtualisation software. The idea behind all of them is to provide you with a hardened version of your asset, so that any known vulnerabilities from the default configuration are removed. Thus reducing your attack surface.
The most popular creator of such standards is the Centre for Internet Security (CIS), also known as the CIS benchmarks.
Applying these secure configurations to your cloud assets have the same effect as they would on an in-house asset. Reducing any inherent vulnerabilities and attack surface.
With cloud assets having more exposure to outside threats; and the vast majority of breaches involving a exploit against a known vulnerability, the use of secure configurations is both common sense and essential.
Take a look at our blog for more information on secure configuration management and system hardening on AWS.
2. File Integrity Management & Change Monitoring
Sometimes overlooked as a nice-to-have. We believe that file integrity and change monitoring is essential in the cloud.
Consider that any exploit, installation of malicious software or change in configuration will always involve an element of change from a safe state to an unsafe one. With this in mind, change monitoring will always reveal undesirable actions and conditions arising in the cloud.
File integrity and change monitoring works by taking a snapshot of an accepted safe state and then comparing the current state to this until a change is detected.
Making it the perfect trap.
Would you like to learn more about how file integrity and change monitoring works? Take a look at our blog for more information.
3. Closed-Loop Change Management Processes
To extend on must-have number 2, there are two types of changes. Those which are mandated or expected and those which are unexpected.
When changes which are mandated or expected, they are still detected as a change, otherwise known as change noise, something which traditional file integrity and change monitoring solutions struggle with. More innovative solutions combat this by using closed-loop change management processes.
Pairing a file integrity and change monitoring solution with an ITSM tool, such as ServiceNow, results in a feedback loop whereby only unexpected changes are flagged as problematic.
Thus reducing the additional noise created by expected changes; and focussing your IT on genuine areas of interest.
In addition, there are a number of major benefits to implementing a closed-loop change management process.
- Changes which have been approved can be confirmed as executed.
- Deviations in changes from those that were approved are recorded and can be investigated as a follow up action.
- Reduce the industry average of 190 days to detect an unplanned change to minutes.
- Correct those unplanned changes quickly, to avoid unnecessary service outages which could result.
- Automate the entire change management and verification process, saving you time, resources and ultimately costs.
Are you interested in implementing a closed-loop change management process? Check out our blog on this topic for more information.
NNT Change Tracker
NNT's Change Tracker solution offers all of the above features and more. By installing a small agent onto an end-point or using a proxying service where this is not possible. those devices can be monitored for secure configuration adherence and any unauthorised changes.
To compliment cloud deployments, Change Tracker packs a number of features and options for this type of environment, including:
- Consumption-based licensing.
- Automatic un-enrollment for agents which have not communicated for longer than a defined period. Supporting decommission cloud assets.
- Automated enrollment which can be included in deployment images.
- Support for Unix, Windows and other devices and assets.
- Use of encrypted communication protocols between agents and management consoles.
If you would like to speak to one of our consultants about NNT Change Tracker and how it might be able to help your organisation improve their security posture, you can book an online meeting with us today.