Top Cloud Vulnerabilities: How to Manage Misconfigurations

Author: Kevin Mead

Cloud Misconfigurations

Misconfigurations in cloud environments are very common, and they create huge operational and security risk. The sheer number of potential configurations is staggering, and cloud providers release new services at warp speed, so optimization is a rapidly moving target. Here are some key measures you can take to address this threat.

Well-Architected Reviews

Remediating cloud misconfigurations requires knowing that they exist, and willful ignorance is not a strategy, but a recipe for disaster.

Use your cloud provider’s well-architected framework to conduct well-architected reviews on regular cadence (2 to 6 times per year). This is where you assess a specific workload against the framework to identify misconfigurations and determine their risk levels.

This is so important to your success in the cloud that AWS will pay to make it happen. Kinect facilitates well-architected review and remediate some of the highest risk issues uncovered during the process, and it’s funded 100% paid by AWS.

Cloud Misconfiguration Management Tools

Trend Micro Cloud One Conformity

To ensure day to day visibility, you should also implement a reliable tool that runs automated security and compliance checks on your cloud infrastructure, for the well-architected framework and your other regulatory requirements (HIPAA, PCI, GDPR, NIST, etc.). The tool we advise our client to use is Cloud One Conformity. When you combine the person-to-person well-architected review process with Conformity automation, it creates a perfect storm for optimizing cloud environments.

New Relic

You can also incorporate cloud misconfiguration management into your overall efforts around “observability”. For example, New Relic integrates with Cloud One Conformity to provide a single pain of glass for applications, infrastructure, and cloud misconfiguration monitoring.

Prioritize Misconfigurations by Risk

Once you have visibility, the number of misconfigurations discovered can be daunting. It not unusual for Conformity to identify tens of thousands of issues, but don’t panic. In reality, it’s a smaller number of discrete issues that keep happening repeatedly. Well-architected reviews and Conformity provide the risk level of each discrete issue, ranging from “Low” (you can live with it) to “Very High” (it should have been fixed yesterday). Then, it’s a simple matter of prioritizing your actions starting with “Very High” and working your way backward until you reach the risks that you can live with.

Cloud Misconfiguration Remediation

Uncovering cloud misconfigurations simply makes you aware the issues, but now you need to fix them, which requires resources. This includes staff with the right training, experience, and abilities. It requires effective capacity management and staff allocation. It also demands technology that enables your teams. For example, Cloud One Conformity not only identifies the misconfigurations and provides the risk level, but it also offers a comprehensive Knowledge Base that provides guidance on remediating the issues.

You should also leverage external resources that can serve as an extension of your team, or as a mechanism to build up your teams’ capabilities. Again, AWS’s Well-Architected Review program leads the way by providing funding that for pays Kinect to serve as an ongoing resource to remediate misconfigurations and enable your teams.

Misconfiguration Metrics to Measure Progress

Optimization in the cloud must be an ongoing discipline…not a one-time event. It requires continually measuring your performance using metrics like number of misconfigurations identified, and time to discover and remediate issues. It also means understanding progress by comparing results over time and tracking the skills development of your teams. This information is your gateway to continuous process improvement. Wherever possible, translate your metrics into business outcomes delivered. This helps clearly demonstrate the value your teams are delivering to the organization. Make efficient, effective misconfiguration management part of your cloud operating model and strive for continual improvement.

Kinect Consulting Can Help

Kinect Consulting is an AWS Advanced and Well-Architected Partner with deep experience designing and operating optimized cloud environments. We help you create ultra-high performing cloud teams with operating models that drive business value. For more information on how we can leverage AWS funding to support your efforts in cloud misconfiguration management, please contact us at [email protected].