How to Secure Public Cloud and DevOps? Get Unified Visibility.
One of the most transformative changes in the IT industry over the last decade has been the adoption of public cloud (IaaS) services such as AWS, Azure and GCP.
Public clouds are more than “just” running servers in a remote data center. They’re all about using infrastructure as code. This means that the various building blocks they offer – storage services, virtual machines and containers – as well as the underlying network can all be modified via calls to the public cloud APIs. Companies using public clouds gain enormous velocity and elasticity advantages, which have, in turn, fueled the emergence of DevOps.
For all its advantages, public cloud and DevOps adoption also means the use of many new technologies – and a drastic increase in the velocity of change across the attack surface. This leads to reduced visibility into the infrastructure itself and often more complexity, which tends to be the enemy of security.
Cybersecurity starts with cyber hygiene
We believe that security starts with effective cyber hygiene – making sure every bit of the computing infrastructure is accounted for, configured properly and up-to-date. Keeping an eye on the state of the infrastructure and making sure it’s up-to-date reduces the cyberattack surface dramatically. After all, 99% of vulnerabilities exploited today are ones known by security for at least 12 months.
However, cyber hygiene is difficult to maintain in the dynamic world of public cloud. Many security teams we’ve talked to don’t know what’s running, let alone how up-to-date and tightly configured these components are.
Look no further than the many problems stemming from the misuse of public cloud infrastructure, such as default SSH credentials.
Public cloud is a boon to security
In spite of these high-profile incidents, we consider the disciplined use of public cloud as a boon to security – as long as DevOps methodologies and technologies are used wisely. Immutable containers, microservices and automated security testing can actually improve an organization’s level of security.
But, many security solutions are built with physical, on-premise data centers in mind – not with the vital levels of scale and visibility required for public cloud. Security teams need this scale and visibility to keep track of what’s happening in their public cloud infrastructure. It also provides the necessary background and data to properly engage with the DevOps teams – enabling what many in the industry refer to as DevSecOps.
Cyber Exposure: Providing greater visibility into cloud security
The discipline of Cyber Exposure will help security leaders embrace DevSecOps principles to manage and measure the cyber risk of public cloud infrastructure. Traditional vulnerability management practices must evolve to provide greater visibility into cloud security through:
- Live discovery and continuous monitoring of cloud assets
- Integration between the static and dynamic scanning of cloud assets across the software development lifecycle
- Automated, seamless workflow integration with DevOps
Today, we’re excited to announce new and important product capabilities in Tenable.io to help you embrace the use of public cloud:
- New Cloud Connectors for Microsoft Azure and Google Cloud Platform: Continuously discover and track asset changes in Azure and GCP cloud environments to ensure all cloud workloads are known and assessed for vulnerabilities. Together, with the existing Cloud Connector for AWS, these new connectors provide a unified view of cybersecurity risks across the top three most widely deployed public cloud (IaaS) platforms.
- New container runtime scanning in Tenable.io Container Security: Gain visibility into the Cyber Exposure of containers running in production. This important product enhancement is enabled by the combination of Tenable.io Container Security and Tenable.io Vulnerability Management working together to seamlessly integrate security into the end-to-end DevOps process – from build to production.
- New web application discovery in Tenable.io Web Application Scanning: Identify web applications owned and deployed across an organization, including previously unknown applications, to understand Cyber Exposure throughout your web application estate. This new capability solves a critical visibility challenge – the number of web applications deployed is often much higher than what the security team is aware of.
We’re thrilled with the growing use of DevOps, and believe it can really help security when done right. Public cloud is a pillar of DevOps. With the right insight and seamless integration, security teams can enable DevSecOps to provide the necessary guardrails for any organization to use these new technologies safely and responsibly.
Resources: How to secure public cloud infrastructure
For more information:
- Read the Container Security Best Practices: A How-To Guide ebook
- Read the press release
- Visit: www.tenable.com/solutions/cloud-security
Related Articles
Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action
April 12, 2024Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
Cybersecurity Snapshot: CSRB Calls Exchange Online Hack “Preventable,” While CISA, Others Warn About XZ Utils Backdoor Vulnerability
April 5, 2024Check out why the Cyber Safety Review Board has concluded that the Microsoft Exchange Online breach “should never have occurred.” Plus, warnings about the supply chain attack against the XZ Utils open source utility are flying. In addition, a report says ransomware attacks surged in February. And the U.S. government issues a comprehensive AI usage policy for federal agencies. And much more!
Cybersecurity Snapshot: U.S. Gov’t Unpacks AI Threat to Banks, as NCSC Urges OT Teams to Protect Cloud SCADA Systems
March 29, 2024Check out new guidance for banks on combating AI-boosted fraud. Plus, how to cut cyber risk when migrating SCADA systems to the cloud. Meanwhile, why CISA is fed up with SQLi flaws. And best practices to prevent and respond to DDoS attacks. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
Oracle April 2024 Critical Patch Update Addresses 239 CVEs
April 17, 2024Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.
Strengthening the Nessus Software Supply Chain with SLSA
April 16, 2024You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.
- Cloud