5 Security Mistakes Cloud Engineers Make in 2022
![Run[X]](https://miro.medium.com/v2/resize:fill:48:48/1*VEMttWrPVPZr5J-sj1X57A.png){kind=small}
Cloud engineers are responsible for managing the security of valuable data and applications. However, due to the nature of cloud computing, even the most experienced professionals can make common security mistakes.
With that in mind, here are the top five security mistakes that cloud engineers make and how to remedy them.
1. Lack of regular patching practices
Ashley Leonard, Founder and CEO at Syxsense, identifies a lack of patching as one of the most common mistakes.
Leonard explains:
“Cloud and Virtual servers are equally as important as physical, premise-based servers to patch. Syxsense shows that over 50% of server administrators have at least one unpatched resource somewhere in the same network.
Recent breaches have shown that any weakness in an individual server equates to weakness in all your servers because it can allow a hacker into your trusted resources. Therefore, patch your cloud servers (and virtual machine servers) with more care than your premise-based, physical servers”.
Failing to patch systems regularly leads to six main problems, according to Rob Blanzy, Director, Cloud Security at 66degrees:
- Reduced productivity — This is a big one since extended outages can often cause significant disruption to your business.
- Increased cybersecurity costs will help protect your systems from potential threats, but it’s also likely to reduce your organization’s cybersecurity spending significantly.
- Reduced agility — It can often take weeks for patching programs to deliver updates to your systems.
- Reduced user satisfaction — This can often be a result of extended outages. Plus, it can often result in frustration from your customers, which is never ideal.
- Reduced security effectiveness — All of these issues can leave your organization with a less secure infrastructure
Fortunately, patching virtual servers is usually more straightforward than patching traditional servers. You need to download the latest patch from the vendor website and apply it to your virtual machines. However, it’s vital that cloud engineers make patching a regular part of their routine rather than merely responding to known threats.
If your organization uses a cloud provider like Amazon Web Services (AWS) or Azure, you may need to apply patches to your underlying infrastructure.
If you are not comfortable applying the patch yourself, you can contact your provider.
2. Not monitoring remote access/lack of visibility
The cloud has fundamentally changed how businesses operate. By moving processes and applications to the cloud, companies can access data and applications anywhere. However, with this newfound flexibility comes a new set of security challenges. One challenge is ensuring remote access to company data is adequately monitored and secured.
Survey after survey identifies lack of visibility in the cloud as its most significant challenge. But there are ways to overcome it, and you must do
As Thomas Pore, Director of Security Products at LiveAction, says:
“DevOps teams hold the keys to the kingdom, and a common mistake among cloud deployments is not monitoring who is accessing resources. Most cloud servers have remote access enabled, such as RDP, SSH, or web consoles, which can be compromised with credentials, insecure passwords, or exposed ports.
Organizations need to deploy a solution that watches and measures network traffic to all cloud resources by characterizing encrypted flows and behavioral pattern recognition of endpoints, assets, and end-to-end encrypted connections to identify suspicious and unauthorized access anomalies.”
There are a few key things you can do to monitor your cloud deployments:
First, make sure you have logging enabled for your app. This will help you track any errors that occur and troubleshoot them.
Second, use a monitoring tool like New Relic or AppDynamics to understand how your app performs; these tools can help identify bottlenecks and performance issues.
Third, use a tool like Cloudflare to help protect your app from attacks. Cloudflare can help block malicious traffic and prevent DDoS attacks.
Check out Opta, a new IaC built on top of Terraform where you work with high-level constructs instead of getting lost in low-level cloud configuration.
3. Using a ‘Lift and shift’ approach to cloud security
Cloud computing is an umbrella term for delivering hosted services over the Internet. Many organizations use a ‘Lift and Shift’ approach to the cloud to move their applications and data without re-writing or re-configure them.
There are many benefits to lifting and shifting.
First, it’s a low-risk way to move to the cloud, as you can test out the cloud without making significant changes to your applications or data. However, as Pore explains, it can come at a cost to your security.
“Many engineers still believe they can do something called a ‘lift and shift.’ This is the same approach to the cloud that they did when everything was on-premises, in their server room or data center. But unfortunately, this often includes their approach to security.
However, it’s never that simple, and many traditional security tools become ineffective in a hybrid environment. Instead, teams should be looking for purpose-built security tools to detect threats from core to edge to the cloud. This gives them a unified view of attacks, regardless of where they are.”
For monitoring and detection, Cloudflare is a popular choice. Another well-known tool is Amazon Web Services (AWS), which provides various services, including security monitoring, intrusion detection, and firewalls.
4. The Rule of Least Privilege
The rule of least privilege is a security principle that recommends limiting access to system resources based on need. The goal is to reduce the risk of accidental or unauthorized access, damage, or disclosure.
Ashley Leonard, Founder and CEO at Syxsense, explains:
Too many people don’t understand “The Rule of Least Privilege” and how it applies to cloud computing. The basic idea is to ensure that the permissions within your AWS/Azure environment are configured so that bad guys can’t get full access to your cloud resource”.
In cloud computing, the rule of least privilege means granting users only access to perform their tasks. This limits the potential for harm if a user’s credentials are compromised or an attacker gains access to the system.
Leonard explains how this works in practice:
“Essentially, you partition off various portions of your console with different credentials. So, billing and reporting have their accounts, EC2 (Elastic Compute Cloud) endpoint management has its account, and cloud storage has its account. And all of them are protected by login alerting, multi-factor authentication, and completely different usernames and passwords.
Geography locking is also good here. So, if you know that the person who is supposed to log into your reporting and billing account is located in the western United States, don’t allow connections from Russia or Sweden, etc.”.
5. Failure to segment resources
Segmentation allows for improved performance and enhanced security capabilities. However, as Lior Zatlavi, a Senior Cloud Security Architect for Ermetic, explains, many cloud users fail to segment.
Architects of cloud environments often forget about one of the best built-in security mechanisms available from cloud providers, namely the segmentation of resources into different container environments.
Often all the resources used in development, staging, and production — or resources that serve different projects — are maintained in a single environment. This creates a single point of failure or compromise. Segmenting resources provides powerful protection based on excellent and simple architecture design”.
Using segmentation allows you to establish robust rules and limits accessibility, helping to guard sensitive data.
Opta helps your startup fulfill cloud data security requirements like the SOC-2 compliance which a lot of companies need to adhere to.
Conclusion
As highlighted by the experts, cloud engineers make five common mistakes that can jeopardize the security of their cloud deployments. These include failure to adequately patch, lack of understanding around the rule of privilege, and not monitoring remote access.
However, as detailed in the article, there are various remedies you can put in place, including using tools like Cloudflare, introducing segmentation, and introducing/understanding the rule of privilege.
![Run[X]](https://miro.medium.com/v2/resize:fill:64:64/1*VEMttWrPVPZr5J-sj1X57A.png){kind=small}