Data automation is going to be a major focus for my team of system administrators in 2021. Since I work for a financial organization, security is a paramount concern, so this is an area in which we intend to hit the ground running in the New Year.
Fortunately, writing technology articles for TechRepublic has put me in contact with a vast array of knowledgable industry experts. I spoke about data automation in the security realm with Chris DeRamus, co-founder and VP of Technology at cybersecurity solutions provider DivvyCloud by Rapid7.
Scott Matteson: How did you use data automation to address security?
Chris DeRamus: Considering the constant emergence of new threats and attack vectors, it is crucial that companies are able to respond to security lapses and issues in real-time—within seconds or minutes. Threat vectors are always changing, but the criticality of managing and reducing risk in the cloud is constant. When risk is reduced, the attack surface shrinks, resulting in a smaller blast radius, which helps diminish the costly repercussions in the event of a breach.
DivvyCloud customers consistently focus on reducing the potential of misconfigurations in cloud services from providers, such as AWS, Google Cloud Platform, and Azure, that have the largest blast radius. To avoid public cloud leaks that expose sensitive company-proprietary data or personally identifiable information (PII), security teams must ensure that there aren’t any cloud or container misconfigurations that leave vital resources open for anyone to access. For example, Capital One’s misconfigured firewall allowed a former employee of AWS to employ a tactic called privilege escalation, which allowed access to one of their S3 buckets and resulted in the exposure of over 100 million users’ data. Unfortunately, cloud misconfigurations continue to cause massive breaches. In 2018 and 2019 alone, nearly 33.4 billion records were exposed due to cloud misconfigurations.
Highly regulated organizations must implement automation to prevent, detect, and remediate cloud errors, especially in order to avoid costly repercussions. For example, it was recently reported that Capital One has agreed to pay an $80 million fine and enter into a consent order with the Office of the Comptroller of the Currency (OCC). This is especially relevant in today’s climate, given that more and more companies are rapidly adopting public cloud for its speed and agility, and to support business continuity while employees largely work from home.
Businesses that use advanced automation tools to protect data in the cloud have a distinct advantage because they receive immediate notifications of any misconfigurations or policy violations and they are able to easily define workflows that deliver remediation of human-centered processes and take prescriptive actions to fix the issues. Automation not only detects when data is misused or exposed, but it also initiates a quick response to the incident.
Specifically, automated remediation can perform actions, such as reconfiguring cloud services, updating cloud infrastructure, driving human-centered workflows that integrate with current systems, and orchestrating workflow actions in other systems. Automated remediation empowers companies to concentrate on the most critical issues while ensuring routine issues are resolved and reconfigured efficiently so data is effectively and continuously protected, and misconfigurations don’t turn into data leaks.
Scott Matteson: What were the end results of data automation?
Chris DeRamus: Providing a platform that secures cloud data through automation has resulted in companies becoming enablers of the cloud.
As an example, DivvyCloud worked with a multinational financial services corporation to help them securely ramp up operations in the cloud. Before utilizing our automated platform, the corporation’s shift to the cloud had plateaued. Constrained by the fear of a data leak, they were very uncomfortable with transitioning customer-sensitive legacy workloads into the cloud. This is a rightful concern, given that data breaches caused by cloud misconﬁgurations are rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. However, by using automation with DivvyCloud’s platform, the corporation was able to securely and aggressively accelerate in the cloud and and operate with increased efficiency. Additionally, by investing in automation security tools, their executive leadership has become more comfortable with sensitive data running in the cloud, which resulted in widespread cloud adoption across the organization. Automated cloud security strategies are critical to ensuring proper implementation and continuous enforcement of security and compliance.
SEE: 5 robotic process automation tools to eliminate tedium in your organization (TechRepublic)
Ultimately, the cloud provides the agility necessary for companies to operate in today’s digital landscape and is highly effective in running workloads when compared with traditional data centers. Yet, the cloud can cause costly damages when misconfigured. The impact of misconfiguring the cloud is resulting in costly damages—not the cloud itself. Therefore, corporations must use automated security tools to ensure proper configuration, to safely accelerate their cloud operations and to benefit from all that the cloud has to offer.
Scott Matteson: How have your customers improved security with automation?
Chris DeRamus: Cloud operations will improve and become more secure once automation is implemented early on in the cloud development lifecycle, significantly decreasing the potential for human error. When companies shift left and proactively automate cloud security and compliance before provision, they can ensure that best practices for configuring the cloud are in place. Automation for security should also be implemented with a lowest-common-denominator approach to improve accommodation for the various limitations of humans as well as of each major cloud provider.
Also, when considering that the rate of change in the cloud is so high, automating both preventive and reactive controls provides the ability to innovate at the speed enabled by cloud environments. When day-to-day tasks and the orchestration of all cloud operations are automated, security teams can achieve both security and speed at scale with a single unified approach. Automation also allows organizations to redirect human capital for higher-level thought projects, such as auditing compliance.
Consistency is key for improving an organization’s cloud operations, especially in a fragmented and heterogeneous cloud environment. Given that most companies today have adopted at least two public cloud service providers, automation has been pivotal in providing one unified workflow that allows a company to seamlessly grow its cloud footprint, regardless of which providers it uses. Setting up separate configuration strategies in two clouds, two different ways, is a painful process that should be avoided.
SEE: AI decision automation: Where it works, and where it doesn’t (TechRepublic)
For example, a company is only one merger and acquisition transaction away from inheriting a new public cloud service provider. Thus, their automation strategy should not solely focus on one cloud provider’s native tooling. This is where third-party automation tools can really make a difference and not only improve, but solve for the multicloud fragmentation problem.
Scott Matteson: Were there any specific challenges to deploying automation?
Chris DeRamus: The first challenge is establishing trust. Businesses must be assured that automation tools will take the corrective action on noncompliant resources and not take action on false positives. In order to build that trust, as the vendor, it’s important to present clear evidence of accurate results. This can be proven by building custom reports and scorecards to showcase to auditors and stakeholders that all misconfigurations that were automatically identified were indeed open to the public and were not misidentified. The veracity of the results from automation must be correct to build trust and win over executives.
The next challenge is establishing buy-in from all business units of a large enterprise, given that each business unit usually runs its own separate cloud footprint. With various cloud permissions across different business units, it can be challenging to implement a single automation tool throughout the enterprise. Receiving buy-in and trust from numerous executives across the enterprise is difficult. However, this challenge can be overcome by successfully implementing automation within one business unit and then using that success to develop a strategy to expand to other units.
The third challenge is scale. A company will not be able to automate cloud security with stale, outdated data. With an event-driven approach to identify cloud risk and trigger remediation, a company can analyze issues immediately and fix misconfigurations in seconds. This approach allows cloud security platforms such as DivvyCloud to provide fast detection of changes that enables automated remediation in real-time. Nothing can throw off an automation strategy quicker than false positives, and avoiding stale data is crucial.
Scott Matteson: Were any special skills involved to benefit from automation to fullest extent?
Chris DeRamus: In order to successfully use automation to secure cloud data, companies must understand the complex and dynamic nature of the cloud. In cloud environments, everything has an identity: Users, applications, services, and systems. Even though this provides enormous flexibility, it also creates substantial risk, considering that every service is potentially reachable by every other one.
SEE: 10 golden rules for RPA success, and RPA and test automation (TechRepublic)
In order to reduce the amount of false positives, an automation tool must have a comprehensive understanding of Identity and Access Management (IAM)—the new perimeter. When granting access to cloud-level resources, IAM is necessary to properly delegate a specific level of access. DivvyCloud ensures that organizations can protect the identity perimeter at scale, which requires automated monitoring and remediation around access management, role management, identity authentication, and compliance auditing.
Businesses using automation should have a deep understanding of IAM to allow their tools to work as efficiently as possible.
Scott Matteson: How does data automation change a customers’ daily operations?
Chris DeRamus: As a result of businesses investing heavily in security and compliance automation tools, focus has shifted more on ROI. Thus, members of the security team are prioritizing the collection of data from these automation tools. There are dozens of team members across the enterprise using automation, and it’s important to aggregate all that data to deliver an easily digestible and succinct report that showcases how success with automation is achieved.
Vendors can provide some of that reporting, but customers will also need to use custom reports. Therefore, day-to-day tasks revolve more around collecting and reporting than on operating the tools themselves. Furthermore, those who run cloud software need to change and expand their focus to include how automation can support additional areas within the organization. Considering that automation is always evolving and expanding, additional administrative staff are needed to manage new policies and workflows across various departments.
Scott Matteson: Do you have any advice for other companies seeking similar solutions?
SEE: Cloud data storage policy (TechRepublic Premium)
Chris DeRamus: For companies seeking cloud security solutions that use automation, they must ensure that such solutions provide dynamic scoping as well as a unified definition of success. This definition might vary by organization, but should provide confidence that a certain solution can deliver the correct outcomes. The main concern should not be on the technological merits alone, but whether the automated solution is agile enough to support specific, defined results.
Given how configurable the cloud is, every company is working in the cloud differently and using the cloud to solve different problems. Thus, cloud security software should offer adaptable features and should not be brittle or prescriptive. Adaptable tooling enables and amplifies a company’s ability to support the unique needs of its cloud footprint.
Also, such solutions must provide consistent automation across a company’s entire cloud footprint. A homogeneous setup is crucial in today’s multicloud environments, and is much more seamless than a heterogenous setup that requires constant maintenance and updates. A single definition of success will allow for a unified approach to automation. One cohesive strategy will work across the board that does not require separate automation for each cloud provider.
Further, companies should look for solutions that provide the broadest coverage, ensuring that all data is protected. Tooling must embrace and address the majority of cloud services, if not all, and must approach the varying nuances of cloud services broadly.
A company’s rate of cloud adoption is quickly changing along with cloud service providers’ offerings. Security solutions that leverage automation must be able to mature, scale, and quickly adapt to new cloud services in order to properly serve their customers and solve issues instantly.
Scott Matteson: Where is data automation for security headed?
Chris DeRamus: There is a growing security achievement gap when it comes to securing the cloud with automation. This is caused by the rate of change and the growing amount of information within the cloud, the accelerated cloud adoption rate, and the sudden digital disruption caused by remote work policies amid COVID-19.
The adoption of cloud has ballooned in the past four to five months, and new trends have arisen from the rapid shift to remote work. For example, businesses are aggressively moving into the cloud faster than planned, and consequently are embracing services they previously would have spent six to 12 months vetting. That review process either isn’t happening or is done too hastily. Companies are embracing cloud services at unprecedented speeds without the proper security tooling in place to safeguard and protect from misconfigurations. In addition, the flexibility of remote work can also lead to an abnormal pace and less review. Unfortunately, both of these anomalies will lead to more mistakes and cause the risk of misconfigurations to rise.
Secondly, we can expect to witness more cloud-native offerings that embrace the power and benefits of automation. Increased adoption of cloud-native automation will help build trust among management in terms of using automation to secure cloud data. Tools will then be used to pinpoint exactly what to automate against and identify remediation actions.
Another trend is a further embrace of serverless automation. Event-driven, serverless computing programs like AWS Lambda are a perfect fit for automation given that such programs are out of band, can respond to a trigger, and can be assigned permissions. Whether it’s commercial software or cloud native embracing serverless, it will be the vehicle used to achieve automation at scale in the cloud.
Finally, the trend of shifting cloud security and compliance left will continue to gain momentum. With self-service access to cloud resources, developers, analysts, and engineers are able to provision and configure cloud infrastructure on their own. Thus, companies must empower developers and engineers to proactively incorporate security and compliance early on in the development lifecycle—way before cloud resources are deployed. This ensures that cloud misconfigurations, risks, and compliance violations are proactively identified and fixed before provisioning—not at runtime. What’s more, shifting cloud security left also enables developers to be more productive and work together with the security team, resulting in even better cloud security at scale.