cloud workloads security analysis
AWS partner network

Since 2011, we are Technological Alliance Partner of AWS and you may find our products on the AWS marketplace.

Cloud Workload Security Analysis

carrés SecludIT

PROBLEM

Enterprises need to protect workloads, it is a must have!

cloud workload security adoption barriers

For a start, you can’t protect what you can’t see. So, increasing visibility in order to be able to control is a foundational step.

Deploying applications and data in cloud infrastructures does not protect you from vulnerabilities and weakness in applications and data. Why are you exposed? Because the cloud provider is not responsible for the security of your Workloads.

Cloud infrastructures are elastic, scalable and automated. Workloads have their own vulnerabilities and they are risky assets because traditional security solutions do not integrate Cloud Workload Protection technology.

To address these new requirements, you need a new solution and approach.

Furthermore, the scale and concentration of workloads brings greater attraction to hackers. And on top of that, developers are reusing code and templates and are not aware of security best practices with new cloud services as shown by our study on AWS in 2011.

SOLUTION

ELASTIC WORKLOAD PROTECTOR

Alice Head in the Clouds identified the 3 main Security risks in IaaS Cloud: Misconfiguration, Vulnerabilities, and Shadow-Workloads.

1- Eliminate cloud misconfiguration and check for hardening best practices
By running security checks against your cloud infrastructure, we can check your compliance with standards and check for misconfigurations with the following best practices:

AWS_CIS_Foundations_Benchmark
CIS_Amazon_Web_Services_Three
cloud-controls-matrix

The CIS Security Benchmarks provides vendor-agnostic, consensus-based best practices to help organizations assess and improve their security.
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.

2- Be the first to spot vulnerabilities in your workloads
While vulnerability management is a must have in traditional or cloud environments, workloads change more rapidly in the cloud. Our approach allows for more recurring scans, full automation and deeper analysis, the devops way.

3- Identify Shadow Workloads
Our continuous analysis checks workloads installed within IT and makes a comprehensive inventory. The CISO gains complete visibility into all cloud services in use.

“SecludIT’s expertise, both in matters of AWS security best practices and technologies have been a valuable assistance to answer the security challenges of our PaaS and establish a solid security foundation.”

Samir Salibi, Wakanda.io Marketing Manager

EXAMPLE OF ELASTIC WORKLOAD PROTECTOR OUTCOME

Here is an example of a Configuration Entry test:

CIS-AWS – 1.1 Avoid the use of the “root” account
Service IAM – Risk Level High

Description
Using the “root” account entity is dangerous and should be avoided, if possible. Users should practice “least-privilege”, a technique where specific user accounts are created and assigned the minimum privileges necessary to complete their work. Additional privileges can be added to their account as their scope grows, but no user should have the limitless power of the “root” entity. We examine your account to determine if a non-root entity exists, ensuring that you have at least one IAM user configured to perform daily work functions.

Resolution
Create an IAM user and assign the basic role or privilege that you deem necessary to perform daily functions.

By checking cloud configuration with more than one hundred tests, we are able the get the hardest misconfigurations and find the easy entry points to attackers.