Associations frequently establish security regulations to aid in diminishing cybersecurity vulnerabilities and hazards. The 2024 Cost of a Data Breach Report disclosed that 40% of all data breaches encompassed data dispersed across diverse environments, indicating that these meticulously devised strategies often fall short in the cloud setting.
It is not astonishing that numerous organizations encounter great difficulty in maintaining a solid security stance in the cloud, particularly due to the necessity to consistently enforce security protocols across fluid and extensive cloud infrastructures. The freshly unveiled X-Force Cloud Threat Landscape 2024 Report investigated the most prevalent rules that are underperforming. By having insight into critical vulnerabilities, organizations can then determine the optimal method for minimizing their risks.
“Regulations are escalating, compelling organizations to institute additional compliance policies with security at the forefront, which places substantial demands on these organizations,” declared Mohit Goyal, Product Management at Red Hat Insights. “The Compliance service within Red Hat Insights furnishes a more sophisticated approach to overseeing and deploying these policies on systems to proactively address any deficiencies.”
Impact of Environment on Security Rules Failures
In the course of the study, X-Force scrutinized two sets of data in the cloud — one set functioning in 100% cloud-exclusive environments and the other with a mixed composition of 50% to 99% of their Red Hat Enterprise Linux (RHEL) systems in the cloud. Remarkably, researchers identified a distinct set of frequently unsuccessful rules for each of the two diverse groups.
Goyal mentioned that the team intentionally examined both environments as Red Hat caters to clients across the hybrid cloud. In the process of their study, the team discerned that in the 100% cloud group, security rules often faltered due to asset misconfigurations, signifying that organizations should concentrate on adhering to configuration guidelines. Conversely, in the hybrid setting, most unsuccessful rules were centered around authentication and cryptography policies.
Upon inquiring about who typically handles the configurations, Goyal remarked that it differs at various organizations. In smaller enterprises, a single staff member commonly assumes multiple responsibilities. Conversely, in larger organizations, roles are typically well-defined with involvement from multiple individuals, such as a system administrator, a security/risk administrator, and a compliance administrator.
Primary Rules Failures in Organizations with 100% Cloud Systems
Researchers observed that in instances where all data was stored in the public cloud, the rule that was most recurrently violated pertained to configuration and security guidelines for Linux systems. Researchers delineated this rule as focusing on configuring crucial security and management settings in Linux systems. Instances include setting the default zone for the firewall and segregating the /tmp directory on a distinct partition to enhance security and efficiently manage disk space. The remedy involves configuring the default zone for the firewall service to ensure the network security is aptly configured in Red Hat-based systems.
Other commonly breached rules comprise:
- Ensuring secure mount options for critical directories
- Managing user home directories
- Supervising service management
- Administering NFS service
Read the Cloud Threat Landscape Report
Primary Rules Failures in Organizations with Hybrid Environments
After evaluating data within a hybrid environs, researchers noted that authentication and cryptography policies often were unsuccessful. These rules are focused on standardizing and securing authentication mechanisms and cryptographic requirements in a given policy. Organizations set forth these rules to ensure uniform and robust security practices throughout the system. The resolution involves utilizing authselect to standardize and streamline the management of authentication settings.
Other frequently defied rules in hybrid environments encompass:
- Configuration of accounts and SSH
- Implementing SSH security measures
- Adjusting umask configurations
- Enforcing process debugging limitations
Reasons for Frequent Failure in Mitigation
Because each rule encompasses mitigation, a prevalent inquiry from the report was why these mitigations often fell short. However, the response is not a straightforward one. The rationales could span a wide range of factors, including misconfigurations, lack of training, and varying environments.
“Security, in general, comprises a complex realm, and given that the threat landscape is constantly evolving and changing, it is challenging to uphold the current state,” remarked Goyal. “With the emergence of new technologies and new requisites alongside an expanding footprint, it invariably adds layers of complexity.”
Goyal conjectured that policies are poised to proliferate in number and will only heighten in complexity. Organizations necessitate solutions to navigate the complexities in a manner that alleviates the operational burdens. By shining a spotlight on the deficiencies, leaders can identify where risks loom and devise a strategy to address these gaps.
Diminishing Rule Failures
Validation that all rules are adhered to and the mitigation is executed correctly when a rule falters is a labor-intensive endeavor, elucidated Goyal. Within larger corporations, cybersecurity professionals shoulder significant responsibilities with intricate processes. Team members must continually refine and scrutinize security measures while also fulfilling other duties. Enterprises are progressively adopting Ansible automation, such as with Red Hat Insights, for more potent and streamlined remediation.
Through Red Hat Insights, an organization can deploy its compliance policies (e.g. a PCI or HIPAA data governance policy, etc.) on RHEL systems. Subsequent to analyzing these systems, Insights then presents the level of compliance/non-compliance of the systems to the organization’s policies; moreover, it suggests actions to rectify the non-compliance. Organizations can choose to deploy the Ansible playbook on the systems with just a few clicks to achieve compliance again. Since the process is automated, it is more efficient and effective than manually identifying and rectifying each system individually.
“Large corporations require this capability to help manage their costs and prevent security vulnerabilities from being exploited by malicious entities,” affirmed Goyal.
Cloud Security: A Shared Obligation
As multiple organizations are engaged in a cloud milieu, a fundamental query often revolves around who bears the onus for security — the organization or the vendor. Goyal contended that security is a shared onus.
“As a vendor to our clientele, there exists a responsibility to ensure they possess a product that is engineered with its security posture as a paramount consideration and possesses functionality that is feature-rich, enabling organizations to efficiently oversee their organizational IT security strategy. Nonetheless, they must also configure and deploy the product correctly,” propounded Goyal. “Furthermore, organizations need to ensure that their cloud provider places emphasis on operational security. Simultaneously, organizations must also undertake responsibility for the security of the configurable constituents of their environment.”