Cloud security is the hottest topic in the security world right now, as an increasing number of organizations make a shift to go cloud-native or see the benefits of a hybrid environment. If you ever find yourself confused about the meanings of the different terms, you’re in the right place. This article will walk you through ten of the most common cloud security terms, and the Lightspin approach to incorporating them for your own unique business context. Let’s begin!
Cloud visibility is the idea of an accurate view of everything that’s happening inside your cloud environment, including the users who are accessing the environment, the data and assets being stored on the cloud, and the movement of traffic, data and policies as you utilize the cloud.
Traditionally, many cloud security companies have touted the advantages of cloud visibility, saying the more visibility the better. However, with a dynamic and complex environment like the cloud, (and growing more complicated all the time!) more cloud visibility often just means more alerts. Smart-thinking organizations are moving away from the idea of increased visibility, and towards the idea of increased prioritization. This allows for prioritized, contextualized alerts that might not tell you everything, but that do tell you everything that matters.
CI/CD Pipelines (and Jenkins)
CI stands for Continuous Integration, and CD stands for Continuous Deployment. These are processes of adding automation to software delivery, to speed up releases, updates, and new products when working on the cloud. CI/CD are considered to be best practices when working within a DevOps environment, and the pipeline usually goes from build, where the application is created, to test, release in pre-production, and then deploy to live production. There are many tools that you can use to make CI/CD even simpler to benefit from, such as Jenkins, a free, open-source automation server or all kinds of container security tools.
While this DevOps process makes it faster to bring out new features, many developers feel that security has become a hurdle to this speed and innovation, and therefore often, organizations end up with overly permissive rules and policies on their DevOps workstations. Lightspin uses a unique Guardrail solution so that DevOps teams can work without impediment, but security on the cloud remains as tight as possible.
Terraform is used for building, modifying and versioning your cloud infrastructure in a secure and efficient way, using infrastructure-as-code. It can be utilized to access an execution plan from initial state through to any desired infrastructure, making the changes and then keeping a log of what has been changed. Terraform can be used to manage individual instances, networking or storage on the cloud, as well as features of a SaaS solution, DNS entries and more.
At Lightspin, our dynamically built Guardrails are provided inside the Terraform, to make it even easier for your developers to add security at the earliest possible stages of the CI/CD process. We’ve found that this covers about 95% of the work that DevOps teams need to do, a true shift left for today’s cloud security teams.
SSH Key Pair
SSH stands for Secure Shell, and is a network protocol that allows for secure communications, by creating a tunnel from one place to another. In cloud security, a key pair is two security credentials, one public and one private which users will need in order to access and make changes to their cloud environment. It is made up of a public key, owned by your cloud provider and stored by them, and a private key, which is your own unique password.
For many organizations, it can be a huge task to keep track of multiple private keys, so bad practices are rife, where the same key pair is used across multiple cloud instances or assets. In this case, attackers will be able to uncover a single private key, and gain wide access. Think of this like using the same password for multiple users or accounts. The attacker can now breach everything secured by this password with a single credential.
At Lightspin, we recognize this risk, and therefore highlight any instances that are using the same key pair. We then prioritize them for you by the real-world attack paths that they open, allowing you to make smart changes to eradicate key pair misuse across the organization.
Data Leaks and Data Breaches
Data is now one of the most valuable commodities on the planet, if not the most valuable. Today, a single data record can be worth as much as $150 on the dark web. The loss to companies can come in the form of brand damage, loss of business, compliance fines, and even class-action suits. Organizations are doing everything that they can to stop their data being accessed by attackers.
The difference between data leaks and data breaches is that a data leak can happen by mistake, while a data breach is a purposeful attack by a hacker who manages to brute force their way into your cloud environment or actively steal data in another way. In contrast, a data leak can happen due to misconfigurations on the cloud, such as open S3 buckets, or overly loose permissions. While you may not be able to stop a data breach, a data leak has happened because of a weakness on the inside.
Infrastructure as Code (IaC)
Infrastructure as Code (IaC) is the process of managing your cloud infrastructure through textual code, rather than through manual and time-consuming processes. This relatively new technology allows developers to build faster, more accurately, and according to templates, using code to manage servers, networks, identities, data and more. With tools such as Terraform, this has become quick and easy, without replication, speeding up the DevOps cycle exponentially.
Security teams are continually looking for a way to secure the IaC environment, especially without being seen as a hurdle to the pace of development and deployment. If dangerous network configurations or permissions are included in the code, this can open the environment up to risk, especially in a dynamic environment. Lightspin allows security to be an enabler of innovation rather than a blocker, by offering innovative security solutions that are integrated with the DevOps pipeline, not tacked on after the fact.
CWPP stands for Cloud Workload Protection Platform, and it is a common approach to securing a cloud environment. The way it works is similar to on-premises endpoint security, where the network is scanned for known attack patterns, including all traffic and audit and event logs. However, signature-based detection and looking out for anomalous behavior is not enough, especially not on the cloud.
Lightspin takes a different approach, starting the journey from the attacker’s point of view, and blocking the attack paths that the hacker could take to reach your critical assets. Rather than wait for the attacker to be inside your cloud environment before you get an alert that you might be in danger, Lightspin provides the tools to prioritize according to context, and achieve a much more proactive approach.
CSPM stands for Cloud Security Posture Management, and is used for a group of security tools and technologies that works to reduce the risk of creating and working with cloud environments. It is an evolving category, and is characterized by its proactive approach to finding misconfigurations and vulnerabilities, supporting compliance efforts, and providing mitigation for any open risks. The best CSPM tools will find attack paths that come from areas such as storage, credentials, IAM and more, and will also provide automation, visibility and context to their findings.
CNAPP is a relatively recent addition to the cloud security landscape, created by Gartner. It stands for Cloud-native Application Protection Platform. As companies increasingly look for ways to protect their cloud-native environments, CNAPP technologies and tools bring context into the search for visibility on cloud environments.
For many, CNAPP is where CSPM and CWPP meet, offering the ability to scan all configurations and workloads at the development stage, and protect workloads during runtime. This new category can also be identified by its robust automation and orchestration capabilities, and more layered defenses.
CIEM stands for Cloud Infrastructure Entitlement Management, and was provided by Gartner as a way to talk about a category of cloud security tools and technologies that focus mostly on Identity and Access Management. This could be anything from reducing overly-permissive cloud access policies, to supportive least-privilege initiatives.
At Lightspin, we believe that the emphasis on least privilege is a concept that is best kept on-premises, and that on the cloud, prioritizing based on real-world attack paths does an organization a lot more good. While CIEM tools might identify overly-permissive access policies, it is of limited value as a siloed solution, and a more robust and holistic view of all misconfigurations and attack paths is likely to be necessary for a strong security posture overall.
Want to learn more about Lightspin’s contextual cloud security? Schedule a demo.