As companies adjust to the new normal during this COVID-19 pandemic crisis, it’s business as usual for cyber attackers. They’re still probing for vulnerabilities to exploit, and the rapid transition to a fully remote workforce has likely increased the risks to your organization. If you’re operating in the cloud, it’s critical that you examine access policies and security protocols because they may no longer be sufficient.
Here are five steps you can take to help ensure you maintain a strong cloud security and compliance posture for distributed team operations.
If everyone on your team already uses secured laptops and other devices at home for work, you can probably skip to the next recommendation.
If not, it’s possible that some users may be connecting a spare laptop or family computer to your cloud environments for the first time. Extend your organization’s antivirus solution to all devices they’re using. Adopt or clarify policies regarding the use of personal devices to access company data or accounts and prohibit it if you can’t ensure their security.
Secure these devices via disk encryption and direct users to use a strong password management service. Educate them on the importance of taking simple security steps such as locking their device screens. Set policies that encrypt a lost or stolen device and use a mobile device management (MDM) tool.
It’s time to audit your access policies for your cloud environments or create one if you don’t already have one. Cloud access patterns have changed considerably, increasing the likelihood that someone will make an innocent but dangerous mistake.
Use VPNs to enforce secure communications to critical network spaces. Make sure your access policy covers team members’ use of insecure networks. Make VPN access required so that your team can access company resources even if they are using a less trusted WiFi network.
One of the most common causes of cloud misconfiguration is team members creating new security group rules or IP whitelists so that they can access shared team resources in the cloud. When they do this they can open the door to attackers. Enforce security group rules to ensure you have full oversight over the creation of bastion hosts and lock down source IP ranges. Set up notifications for configuration changes to monitor for things such as SSH access to inappropriate CIDR blocks or, even worse, unrestricted access (e.g., 0.0.0.0/0 on Port 22).
In the public cloud (e.g., AWS, Azure, GCP), identity and access management (IAM) services act as a pervasive network, guarding resources from unauthorized use and providing secure access for approved use. The exploitation of IAM can lead to catastrophic results, including data breaches and the compromise of entire cloud accounts. Follow the principle of least privilege and make IAM changes only according to your standard change management process.
Additionally, consider taking the following measures:
- Leverage privileged identity and session management tools.
- Enforce multi-factor authentication (MFA) for every service you use.
- Enable single sign-on (SSO).
- Practice good cloud hygiene—delete unused user accounts and clean up unused services (i.e., orphaned infrastructure).
- Do not share root access keys to your cloud account and avoid using them at all during normal business.
Get Serious About Secure Processes
Many changes are happening at once, so it is important to have documented processes in place to guide everyone while they’re working remotely.
Leverage teleconference tools to conduct peer reviews of code and configuration checks. Consider requiring more than one person to review pull requests in your code repository before merges are executed.
You can also expand the use of your internal ticketing system. Remote team members are going to need changes made to their devices and cloud environments. Use a ticketing tool that enables users to easily open a ticket and to help you track all requests and actions.
Visibility and Control
No matter what security processes and procedures you put in place, people will inevitably make mistakes. The cloud threat surface is complex and dynamic, and the rulesets can be expansive. Automation can relieve the burden of relying on manual reviews and checklists, especially as your company adapts to new routines.
Use tools to gain continuous visibility into your cloud environments and configurations. You should be receiving immediate notifications when configuration changes are made to security-critical resources so you can spot dangerous misconfigurations when they occur.
One way to gain control over your cloud security posture is by eliminating bespoke, manual processes. Review and update your software deployment processes and look for opportunities to make more use of infrastructure-as-code for critical assets so that there are few, if any, manual actions taken to manage cloud accounts.
You can save time, eliminate errors and strengthen your security posture by using a policy-as-code tool such as Open Policy Agent, an open source standard that can be used for cloud infrastructure and a wide variety of other use cases. Trust your team, but verify using policy-as-code!
Support Your Team
Stress and anxiety levels are high and having to work from home full time can exacerbate those feelings for people who aren’t used to it. Reach out and listen to them. Understand their unique situations and work with them to accommodate their needs.
We can’t stress this one enough: Rituals are still extremely important in a remote setting, especially during transitions. For example, schedule regular video conference team meetings and “Ask Us Anything” sessions when team members can pose questions to management. Make it a point to include security policies (and updates to those policies) a part of these sessions.