There’s no shortage of content on the internet that extolls the great virtues of cloud computing.
And they’re largely correct. The cloud offers numerous major advantages like reduced cost, ease of scalability, and access to bleeding-edge tech services and creation tools.
There’s a good reason why so many are behind in cloud adoption, however. Much like the cloud, IT security practices are still new to many organizations, leaving their network infrastructure and development stacks vulnerable to cybersecurity infiltrations, which can expose their private data in the cloud. Organizations are finding they can’t keep up with innovation and growth opportunities because of shortcomings in their infrastructure, in this case security.
We call this phenomenon “security-as-a-blocker,” where development teams are tied to inefficient systems, processes, and technologies because they’ve been left unsecured, and, therefore, not “ready” for the cloud. This issue impacts enterprises even more broadly, as longer and more expensive development cycles means nixed opportunities for business expansion. The added cost leads to security debt.
For organizations looking to break through this block and enjoy the advanced development efficiencies seen in cloud providers like Amazon Web Services, read on to learn how threat modeling can get your development workflows ready for an upgrade.
Unsecured Digital Assets Are Commonplace
Due to uneven security practices among today’s businesses, the average organization contains a high volume of unsecured digital assets within its infrastructure, which are frequently targeted by hackers.
Forty-eight percent of IBM-surveyed IT security practitioners said their organization experienced a breach of more than 1,000 records containing “sensitive or confidential” data. On top of that, another IBM study found that cloud-related cyberattacks rose 424 percent between 2016 and 2017.
Threat Modeling, in a Nutshell
For the uninitiated, threat modeling is a process whereby the components of applications and underlying IT infrastructure are examined for likely security risks. This process results in identifying each possible threat and the steps needed to mitigate those threats in development.
The benefits of threat modeling are vast, but among its most exceptional advantage is enabling organizations to more easily bake security into the software design process. This method of development saves organizations from security incidents. What’s more, vulnerabilities become much more costly and time-consuming the later in development they occur. A proactive approach like threat modeling is likely to prevent security blockers and reduce the likelihood of security debt.
How to Perform Threat Modeling Manually
Before we delve into how manual threat modeling is done, note that the process requires a great deal of software development and security design expertise. For those lacking in such resources, we recommend automated threat modeling (which you can get to by skipping to the next section).
As a tool for the development process, manual threat modeling involves the creation of a representative diagram of software components, an accurate representation of data flows, and the paths users must take, among other factors.
To get started on your drawing, you’ll first need to draw a box for each main component and label them. If your software is user-facing, you’ll next represent each kind of user – i.e. “user,” “end-user,” “premium user,” “master user” – in the diagram, along with the components they’ll need to access.
Next, you’ll add another layer to the diagram that illustrates how and where data flows between components. Arrows should represent data flows, which should additionally start with the user. Note that many components both request and send data.
At this point you should start to see how various user levels might be exploited by hackers. In your brainstorming, you’ll need to learn how a trusted user could abuse trust and target components that a normal user would never know to look for.
A few more steps are left. With another color, draw dotted vertical lines to represent network boundaries; the porousness of which will show the most likely threats. Next, show where your valuable data assets or services are kept (like sensitive customer data) so they are represented on the diagram as well.
Finally, we have the threat brainstorming process. Here, gather your development team in a group activity to generate likely risks, which should be written down on sticky notes and placed at the points of vulnerability.
How Does One Go About Doing That?
There are several different methodologies available for conducting manual threat hunting. Among them is the process – and acronym – known as S.T.R.I.D.E. This method should help focus your efforts onto the most likely attack types, which are, as follows:
- Spoofed identity
- Tampering with input
- Repudiation of action
- Information disclosure
- Denial of service
- Elevation of privilege
Brainstormed vulnerabilities should be written on sticky notes. Next, risks should be prioritized by risk level. This, as well, is a collaborative process that should touch on both the business value of various assets and the likeliest method of attack. Your group should vote and prioritize the most significant risks, and make note of them.
Finally, the solutions to each potential threat must be built.
- For each recorded threat, concrete steps should be given to software teams to work into their backlog.
- Once all the fixes have been applied, the process should be repeated one last time.
Manual Threat Hunting Won’t Work for Many
While tried and true, many factors prevent manual threat modeling from being a viable option for many organizations. The barriers to entry are notable – the risk of human error in the planning process, the security expertise required and its relatively high cost.
High Likelihood of Breaches Due to Human Error
One of the best-kept secrets of the cybersecurity industry is the degree to which ordinary accidents and everyday human error result in breaches.
Mistakes account for approximately 95 percent of all breaches, according to IBM. Most accidents occur by staff members, whether they mistakenly download malware from a phishing email, leave default credentials in place, or due to a foundational level of poor security design. Manual threat modeling is included in the causation for error.
Considering the propensity for humans to err, this as well represents a security risk worth resolving.
Security Expertise Is a High Barrier to Entry for Many
While manual threat modeling may appear straightforward, the security knowledge one must have to do so correctly represents yet another barrier to entry for many.
Here’s how researchers framed this roadblock in developing an early version of automated threat modeling software, in 2012:
“These methodologies require engineers to have deep software security skills to carry out some of the most important steps of this process, and training them on security is expensive.”
The core issue here is another often overlooked truth: software developers aren’t usually trained to consider security implications. The study’s authors point out that the average developer lacks the following:
- Understanding of how to think like a hacker, particularly the goals they might have and “the systems as sets of interest.” Developers think in terms of functional design and user accessibility – profoundly essential skills, but it’s not enough to plan security architecture
- Expertise necessary to imagine highly-sophisticated breaches
- Experience necessary to plan for the mitigation of common, cloud-based security risks
Of all threat modeling methodologies, the single one that supports enterprise-wide scalability is V.A.S.T., which stands for Visual, Agile, Simple Threat modeling. The V.A.S.T. methodology is founded on the idea that threat modeling is only practical if it encompasses the entire software development life cycle (SDLC) scaling the entire enterprise. There are three pillars that support a truly scalable threat modeling solution:
Read more about the different threat modeling methodologies and which one is right for you.
Manual Threat Modeling Is Labor-Intensive, Expensive
As we’ve noted, manual threat modeling is a time-consuming process best left to security expertise. However, manual threat modeling may still be too slow and risky, even for fully-staffed enterprises.
Thankfully, the process of threat modeling naturally lends itself to automation, being an incredibly detail-heavy and tedious process that calls for machine-like precision. Simply put, networked computers are way faster and more accurate at identifying network components plus comparing them to existing threats.
Much like how calculator users don’t need to remember long division, for most purposes, manual threat modeling serves better as an education tool for understanding security architecture than it does an efficient and reliable process.
For instance, ThreatModeler, our automated threat modeling tool, can scan all components of the network environment and compare them to security risks associated with those components in an ever-growing database. Users are then given clear instructions on the risks in the environment and ways to mitigate each risk.
The result: clients who use our threat modeling software were able to cut costs and time expenditures by 85 percent.
The Cloud Awaits
If knowledge is power, then knowledge of one’s vulnerabilities is a superpower. Threat modeling allows you to accelerate your development cycles, reduce your costs, and opens your organization to even more efficiencies and capabilities in the cloud.
For the aforementioned, those who are ready to migrate to the cloud but don’t know how to begin, AWS and its related cloud services is a great start. AWS provides on-demand, scalable and affordable cloud computing that, in 2020, has more than 200 services for storage, analytics, development and management, among others. AWS services are comprehensive and provide the tools necessary to develop powerful applications.
ThreatModeler’s AWS Security Epics Automated supports the exponential growth of global organizations by removing security as a blocker. The new offering enables technology development teams to design, build and manage AWS workloads with security baked in during the early stages. Once security requirements are defined, teams can make instant “go” or “no go” decisions on their migration to the cloud and, once prepared, generate CloudFormation Infrastructure as Code (IAC) templates. To scale secure migrations to the cloud, AWS ProServe S&I GSP takes organizations through a 30-day accelerated program powered by ThreatModeler to automate AWS Security Epics backlog generation.
AWS Security Epics is comprised of use cases and abuse cases that developers and security architects work through in order to achieve operational excellence, including security. Key tenets of AWS Security Epics include availability, automation, and audit. ThreatModeler’s AWS Security Epics Automated enables a self-service model to:
- Scale secure Cloud Development Life Cycles (CDLCs) by automatically converting an architecture diagram into a threat model.
- Increase sprint and Epic velocity with prescriptive guidance of AWS Security Best Practices through AWS-ThreatModeler integrations.
For more information, visit the ThreatModeler’s Security Epics Automated web page.