Cloud security fundamentals part 2: Prevention and secure design

In our previous blog breaking down The 5 Fundamentals of Cloud Security, we discussed the importance of knowing your environment. Teams need to have a comprehensive inventory of their cloud environments to have a clear understanding of the security risks that might exist within.

With that in mind, let’s explore the importance of vulnerability prevention and secure design working together to keep threat actors from gaining meaningful access to your organization’s cloud control plane. This concept is fundamental to effective cloud security because cloud native architectures have no distinct boundary between application and infrastructure.

This means taking the proper steps to mitigate control plane compromise upfront is vital. ixing security and design issues later on is 1) time and resource intensive, and 2) inherently dangerous because it introduces significant risk that could lead to a major breach. These attacks can happen in a matter of minutes, and Identifying and stopping them in progress isn’t a viable strategy.

This post addresses:

• Why prevention and secure design are essential, interlinked concepts

• How your organization can design a more secure cloud environment 

• Best practices for misconfiguration vulnerability prevention and secure design

Why are prevention and secure design essential?

Headlines around infamous cloud security breaches can be deceptive when they suggest that major security incidents are caused by a single vulnerability or misconfiguration. Preventive measures, such as identifying and fixing misconfiguration, are one important piece of the puzzle. The other crucial (and often overlooked) element is implementing a system architecture design that helps keep a cloud environment's management and orchestration controls out of the hands of attackers.

Organizations must take the proper steps to prevent resource misconfiguration, and design cloud environments so that attackers can’t get meaningful access to the control plane. In the absence of secure design, malicious actors will be able to move laterally through the system to locate and extract valuable data. In addition to mitigating the effects of a security event, secure design reduces strain on your security team by empowering developers to implement guardrails early on in the software development life cycle (SDLC).

When a malicious actor is able to execute lateral movement throughout your environment, it’s much easier for them to avoid detection, increasing their dwell time and chances of stealing sensitive information and high-value assets. This has become a serious problem in recent years: Sophos’ Active Adversary Playbook 2022 found that the median intruder dwell time was 15 days in 2021, up a significant 36% from an 11-day median in 2020.

This is why the effort required to design a secure cloud infrastructure upfront will pay dividends down the road. Coupling preventive measures with secure design not only helps the inevitable security incident from turning into a major, newsworthy breach — it keeps your teams from having to carry out painful application rework associated with fixing an insecure deployment.

How can my organization design a secure cloud native environment?

Designing a secure cloud native architecture comes down to one core directive: always operate under the assumption that security penetrations are inevitable and you will never have a 100% success rate in avoiding them. Yet you should still remain vigilant about preventing misconfigurations that can be used to access your environment.

Infrastructure as code (IaC) checks against industry best practices and compliance frameworks are a powerful way to ensure that templates conform to secure design guidelines. Development guardrails that automatically fail a build or update when security-critical issues are present are another recommended tool for preventing the introduction of vulnerabilities into the environment.

Best practices for vulnerability prevention and secure design

To design secure cloud environments and prevent misconfigurations from being deployed, you should:

• Thoroughly map resource relationships

• Increase visibility into identity and management (IAM)  

• Build security guardrails into CI/CD pipelines and IaC

• Level up your team’s cloud security architect skills

Thoroughly map resource relationships

To make secure design a priority in your SDLC, map out your environment to identify deeper risks in your design, IaC, and running environment. Being able to connect the dots among logical-, network-, and policy-related relationships is vital because every major cloud security breach involves a control plane compromise that exploits complex misconfigurations across different resources.

Maintaining your cloud configuration state in a queryable format will help you understand complex  risks. It also also allows you to create a shared understanding across teams of the resources running in a cloud environment, including all configurations, resource relationships, and security vulnerabilities.

Increase visibility into identity and management (IAM)  

Many teams lack visibility into the IAM layer of their environment and any misconfigurations that might be negatively affecting other resources. As a result, they are unable to accurately estimate the blast radius of a potential penetration event or understand the changes required for minimizing existing risk.

Custom IaC rules can help you ensure that IAM role resources are configured correctly. For example, you could create rules that confirm all existing or future IAM role resources have an owner, description, and type tag. The same rule could also be used to notify app developers when they forget to add tags.

Build security guardrails into CI/CD pipelines and IaC

Other automated checks can be incorporated into your CI/CD pipelines to prevent misconfigurations pre-deployment. Such guardrails are also useful for continuously monitoring your environment for potential issues and can be paired with a feature like automated rollbacks, which revert your production system to a previous state when a vulnerability is detected. This minimizes the blast radius of a potential security incident.

Level up your team’s cloud security architect skills

In addition to enhancing your processes and technology to facilitate better vulnerability prevention and secure design, you should also consider leveling up your people. Cloud security architect skills are a great investment for members of your engineering team. Some of the most popular trainings and certifications include:

• Google’s Professional Cloud Security Engineer certification

• Microsoft’s Certified Azure Security Engineer Associate certification

• Amazon’s AWS Certified Security Specialty certification

• ISC’s Certified Cloud Security Professional certification

• CSA’s Certificate of Cloud Security Knowledge

Learn more about The Five Fundamentals of Cloud Security

Every cloud breach involves the exploit of some type of vulnerability. However, initial penetration events don’t immediately yield the sensitive data threat actors are after, so misconfigurations and other vulnerabilities are just a means to an end. That’s why it’s so important to focus on prevention and secure design simultaneously: to deny attackers meaningful access to your control plane and your most valuable and sensitive data.