As cloud migration continues to expand exponentially, so do security risks stemming from its scope and use in organizations of all sizes and sectors. Leveraging these risks are attackers, who exploit the myriad vulnerabilities and misconfigurations that are endemic to cloud infrastructure. Attackers are now able to successfully compromise cloud configurations in under 24 hours, making misconfigurations the third most common attack vector in breaches analyzed by IBM’s Cost of a Data Breach Report. Security leaders have become increasingly aware of and concerned about these risks as they continue to grow, and cybersecurity innovators have introduced groundbreaking cloud security posture management solutions that strive to provide visibility and detection capabilities to help organizations manage these risks. While these solutions have become the bedrock of the cloud-forward organization’s security posture, there remains a concerning gap where the third part of the security puzzle should be. Security professionals know what they need to fix and what risks they need to mitigate -but they lack a comprehensive plan for remediation in the cloud. This critical gap can mean the difference between a successful attack and a thwarted attempt.
It is increasingly challenging for security practitioners to drive remediation efforts across a highly complex and dynamic cloud environment. With the introduction of Infrastructure as Code, Kubernetes, and a variety of other cloud-native technologies, the cloud environment has become a mix of both one-off and code-driven resources. Security teams must use their limited resources to trace the organization owner as well as the underlying cause of every single security issue in order to correct it, but these makeshift guardrails are few and far between - and comprehensive remediation remains unattainable. The remediation process is currently too long, convoluted and taxing, and security teams don’t know what needs to be fixed, where and how - and who owns responsibility for doing so. With minimal context and an increasing number of manual tasks required to make sense of this cacophony of alerts, we need a new approach to remediating in the cloud.
Digital transformation and a dispersed working environment have placed cloud resources in the hands of DevOps or application teams. Before these shifts in the way business is conducted, remediation efforts would mostly be centralized, end-to-end. Today, security teams might no longer have the visibility, context, or technical ability required to govern these processes. Remediation has been transformed from a security responsibility into a cross-organizational effort in a rapid evolutionary process that is still missing some essential building blocks. DevOps and application teams want to get on with pushing out code at the speed of light rather than be weighed down by security tasks that seem secondary to their jobs, rarely include the necessary context and usually lack any actionable insights on what needs fixing and how. The resulting friction between these teams impedes the remediation process and generates silos that are not conducive to both security and development efforts.
Reframing remediation means creating a lasting bridge between security and engineering, driving the right remediation efforts by understanding the right context and potential impact and providing distributed engineering teams with validated and relevant remediation tasks, including actionable context and practical solutions. An effective risk reduction process cannot be based on fragmented tasks, frustrated (and unmotivated) teams, or one-off band-aid solutions. Automation is also a key factor in enabling effective remediation efforts at scale by validating, de-duplicating and contextualizing findings as well as by eliminating any critical risk that makes its way to the cloud.
A new approach to remediation should view it as the ultimate goal of a sound security posture. Remediation should be the product of a collaborative effort, with the underlying understanding that remediation of risks and obstruction of malicious activity is the foundation of business continuity. These changes cannot happen overnight, but that’s a good thing. Security practitioners should focus on changing their remediation mindset for the long haul, viewing remediation as a continuous cross-organizational effort and not running after security findings with corrections that become irrelevant as soon as new issues sprout up. Optimized remediation processes should make security work for the organization - and not the other way around.
