Does Cloud Automation Create New Enterprise Vulnerabilities?
While cloud automation can help organizations to become significantly more agile and improve security, it can also expand the enterprise attack surface, creating new vulnerabilities and risks in what becomes an increasingly dynamic and complex environment. It’s important to understand and address the vulnerabilities that can come hand-in-hand with automation.India is on the cusp of cloud revolution and each organization’s cloud adoption path will differ. Some organizations have an “all-in” or ‘cloud first’ strategy, but the majority will migrate to the cloud over several years moving individual business activities, processes and applications as the business demands. Automation needs will differ to match the requirements of the enterprise’s cloud strategy and drivers.
Common Drivers for Cloud Adoption
Analysts estimate that cloud adoption will grow at pace in India in the coming years, with some estimates running into the billions of dollars. Three of the most common drivers for cloud adoption are cost savings and efficiency, access to on-demand computing and increased agility.
To achieve cost savings, some enterprises take a ‘forklift’approach, simply moving their apps from their on-premises data centre to the cloud – and then shut their data centres. In this scenario,the enterprise does not take full advantage of the dynamic capabilities offered by cloud computing and, consequently, require only minimal automation. To achieve greater levels of efficiency, organizations need to re-architect and replace applications rather than simply move them. This agility requires a high level of automation, which is explained further in the third scenario below.
It’s increasingly common that enterprises want access to on-demand computing. This provides rapid access to significant computing capacity, for use in,for example, big data and analytics processes. To achieve this, application instances are created instantly to meet the demands of the business. It is automation that makes this possible, assigning and securing the required credentials and privileges when each new instance is created.
The third scenario is all about agility — enabling the enterprise to more rapidly develop and deploy applications to better support customers and the evolving needs of the market. As development practices such as Continuous Integration,Continuous Delivery (CI/CD) pipelines, and DevOps are adopted, developers also use orchestration
and automation tools to speed software development and deployment. Enterprises with robust CI/CD pipelines may do multiple and potentially dozens of code deployments each day using automated processes and tools that are critical in this scenario.
Potential Vulnerabilities Expand with Automation
Across each of these scenarios, the level of automation required increases. As automation is introduced, it is also important to understand some of the core vulnerabilities and risks that need to be addressed to protect an organization’s cloud environment.
Regardless of the primary driver for cloud adoption or the level of automation, every organization needs to protect the credentials and access rights for their cloud management consoles. These consoles are very powerful and they are used by both humans and automated scripts. Consequently, the console is vulnerable to phishing attacks and is a common entry point for attackers. All organizations will need to secure the privileged credentials used to manage the enterprise’s cloud-based infrastructure, including the operating system, database and other resources, as well as any embedded static application credentials.
With on-demand computing, there are additional vulnerabilities to protect. These include, for example, any dynamically-assigned application credentials, API keys, and cloud secrets, as well as the privileged credentials established when new application instances are created with auto scaling or other orchestration tools. When each new instance is created with auto scaling, it will need privileges to access other applications and resources, and this access must be automatically secured in order to reduce the level of risk introduced by this access.
In the scenario where agility is needed, there are yet more vulnerabilities and risks to add to those described in the earlier examples. The privileged credentials and secrets associated with the CI/CD pipeline, including all the administrative consoles for orchestration and other tools, must also be managed and secured. And the trust relationships must be fully automated by automatically storing, retrieving and managing secrets and credentials across the pipeline.
More Automation Can Mean a Larger Attack Surface
In summary, as the level of automation increases, the vulnerabilities and attack surface can also increase because of the complexity and dynamic computing and development environments. Consequently, it is important that organizations are aware of and defend against the vulnerabilities that can come with automation. No matter where you are in your enterprise’s cloud journey or the level of automation you are using, you will need to implement robust privileged account security policies to protect your cloud assets.
In India, many organisations consider cloud to be the catalyst they need as they look to accelerate their digital transformation journey. However,there are still some hurdles threatening to slow the pace of change. Security continues to be the biggest barrier to cloud adoption, and this is also the case in India. In our increasingly connected and digital world – in which, according to an industry report,by the end of 2017,60 percent of APAC 1,000 enterprises will have digital transformation at the centre of their corporate strategy – security should not be a barrier to cloud adoption, and it is becoming increasingly recognized that protecting privileged accounts, credentials and secrets are critical requirements for ensuring the security of an organization cloud workloads.
No matter where you are in your enterprise’s cloud journey or the level of automation you are using, you will need to implement robust privileged account security policies to protect your cloud assets
Potential Vulnerabilities Expand with Automation
Across each of these scenarios, the level of automation required increases. As automation is introduced, it is also important to understand some of the core vulnerabilities and risks that need to be addressed to protect an organization’s cloud environment.
Regardless of the primary driver for cloud adoption or the level of automation, every organization needs to protect the credentials and access rights for their cloud management consoles. These consoles are very powerful and they are used by both humans and automated scripts. Consequently, the console is vulnerable to phishing attacks and is a common entry point for attackers. All organizations will need to secure the privileged credentials used to manage the enterprise’s cloud-based infrastructure, including the operating system, database and other resources, as well as any embedded static application credentials.
With on-demand computing, there are additional vulnerabilities to protect. These include, for example, any dynamically-assigned application credentials, API keys, and cloud secrets, as well as the privileged credentials established when new application instances are created with auto scaling or other orchestration tools. When each new instance is created with auto scaling, it will need privileges to access other applications and resources, and this access must be automatically secured in order to reduce the level of risk introduced by this access.
In the scenario where agility is needed, there are yet more vulnerabilities and risks to add to those described in the earlier examples. The privileged credentials and secrets associated with the CI/CD pipeline, including all the administrative consoles for orchestration and other tools, must also be managed and secured. And the trust relationships must be fully automated by automatically storing, retrieving and managing secrets and credentials across the pipeline.
More Automation Can Mean a Larger Attack Surface
In summary, as the level of automation increases, the vulnerabilities and attack surface can also increase because of the complexity and dynamic computing and development environments. Consequently, it is important that organizations are aware of and defend against the vulnerabilities that can come with automation. No matter where you are in your enterprise’s cloud journey or the level of automation you are using, you will need to implement robust privileged account security policies to protect your cloud assets.
In India, many organisations consider cloud to be the catalyst they need as they look to accelerate their digital transformation journey. However,there are still some hurdles threatening to slow the pace of change. Security continues to be the biggest barrier to cloud adoption, and this is also the case in India. In our increasingly connected and digital world – in which, according to an industry report,by the end of 2017,60 percent of APAC 1,000 enterprises will have digital transformation at the centre of their corporate strategy – security should not be a barrier to cloud adoption, and it is becoming increasingly recognized that protecting privileged accounts, credentials and secrets are critical requirements for ensuring the security of an organization cloud workloads.
.jpg "Engeotech: Innovating Smart Ways to Offer Customized Water Treatment Solutions")
