Why IaaS security needs to be a priority

Friday, 27 August 2021 14:51

By Jonathan Andresen, Bitglass

GUEST OPINION: Why are CIOs and IT organisations prioritising investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains and partners.

Getting the most value out of legacy systems typically involves integrating them with cloud infrastructure and apps. As a result, cloud infrastructure in IaaS is projected to see an end-user spending increase of 38.5 percent this year alone – growing to US$223 billion in 2025, making it one of the fastest growing cloud services according to Gartner.

Popular infrastructure services include Amazon’s Elastic Compute (EC2), the Google Compute Engine, and Microsoft Azure.

There are clear advantages of IaaS cloud computing. IaaS infrastructure is elastic and scalable, letting businesses purchase extra capacity as needed without investing in hardware that must be deployed and maintained. What’s more, IaaS enables an increasingly remote workforce, who can connect to their business from any place with an internet connection.

With unlimited computing resources only a click away, IaaS has become a tool of choice for developers. What’s less well understood, however, is how to best secure IaaS infrastructure and the data created and uploaded to it.

IaaS apps are designed for productivity with default settings geared towards ease-of-use – not security. As a result, the misconfiguration of cloud infrastructure is a leading contributor to data breaches. If an organisation’s cloud environment is not configured properly, critical business data and applications may become susceptible to an attack.

Because cloud infrastructure is designed to be easily accessible and promote data sharing, it can be difficult for organisations to ensure their data is being accessed only by authorised users. This issue can be exacerbated due to a lack of visibility or control of infrastructure within their cloud hosting environment.

Using IaaS safely requires that organisations address the three pillars of IaaS security: securing data at rest, securing custom applications, and cloud security posture management (CSPM) – which is designed to identify misconfiguration issues and compliance risks in the cloud.

An important purpose of CSPM is to monitor cloud infrastructure continuously for gaps in security policy enforcement.

Typically, IaaS solutions need extensive configuration to function well. Failing to apply even a single setting correctly can prove disastrous for any company. Fixing misconfigurations on these platforms is a critical step to prevent data leakage. When organisations fail to do this, data within storage offerings such as AWS S3 can be left public facing and open to anyone who tries to access it – especially cyber criminals.

According to Gartner, misconfiguration of the cloud environment is one of the more common mistakes in the cloud that can lead to a data breach – and use of a CSPM tool can reduce cloud-based security incidents due to misconfigurations by 80%.

At a minimum, CSPM tools should include the ability to:

• Detect and automatically remediate cloud misconfigurations with an intuitive graphical interface;

• Maintain an inventory of best practices for different cloud configurations and services;

• Map current configuration statuses to a customised security control framework or regulatory standards;

• Work with IaaS, SaaS and PaaS platforms in containerised, hybrid cloud and multi-cloud environments; and

• Monitor storage buckets, encryption and account permissions for misconfigurations and compliance risks.

CSPM tools play an important role in securing a cloud environment by reducing the possibility of data breaches. For this reason, IT leaders should consider implementing CSPM in tandem with a cloud access security broker (CASB). CASB is a software tool or service that can safeguard the flow of data between on-premises IT infrastructure and a cloud provider's infrastructure.

For more information on how to fully secure your IaaS infrastructure, see here.

Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

Why IaaS security needs to be a priority