It seems that just about every application resides in the cloud today. There’s little doubt that these cloud infrastructures need cloud security. But cloud infrastructures are dynamic—they change continuously. So, how do you protect something that’s constantly changing? With security that’s constantly changing.
Cloud infrastructures can change so frequently, it’s no longer possible for system administrators to make the changes manually. The result? Infrastructure as Code (IaC). By definition, Infrastructure as Code “is the managing and provisioning of [cloud] infrastructure through code instead of through manual processes.”
IaC solves a lot of problems in the cloud. It can save money by optimizing infrastructure usage. It can address both scalability and availability to accommodate for changes in load. And it can even be used to optimize cloud performance. IaC is the engine behind dynamic cloud infrastructures. But if cloud infrastructures are going to change continuously, then the security of that infrastructure will have to keep up.
Continuous Cloud Security
Things that change frequently tend to be insecure, and that’s no different in the cloud. The biggest culprit? Misconfiguration. With things changing so quickly, it’s easy to get a configuration wrong. And nothing makes cloud infrastructure insecure faster than a misconfiguration.
From Cloud Computing, “As cloud platforms often change daily, the potential risk of a misconfiguration is significant. According to Gartner analysis, by 2020, 80 percent of cloud breaches will be due to customer misconfiguration, mismanaged credentials, or insider theft – not cloud provider vulnerabilities.”
What’s the best way to address this challenge? Continuous cloud security. From The New Stack, “Minimizing overall exposure and preventing data loss and security intrusion on the public cloud is an ongoing process. The rate of change in AWS, Azure and Google Cloud dictated a constant feedback loop from different parts of the operational pipeline. It’s also important to add checks into the CI/CD process for misconfiguration risks. This “shift left” of security checks along with good hygiene of checking for application vulnerabilities significantly reduces the risk of breaches and data loss.”
Looking for misconfigurations and application vulnerabilities in cloud infrastructures will require some assistance. And one form of that assistance is threat modeling.
Threat modeling is a way of visualizing threats in your system before you deploy it. Before the days when almost everything resided in the cloud, that meant modeling server-based software. And for that, “regular” threat modeling was sufficient. But not anymore.
For cloud security to keep up with cloud infrastructure, threat modeling tools have to be able to keep up with cloud infrastructure too. And that means the threat modeling tool must have two new capabilities.
First, it must be able to detect changes in the cloud infrastructure and update the threat model based on the change, without any human intervention. Second, the threat modeling tool should be able to investigate the Infrastructure as Code used to create the infrastructure and identify the threats therein. This is the only way to threat model cloud infrastructure based on IaC before its deployed.
These two new threat modeling capabilities are no longer a luxury. They are an essential part of continuous cloud security. And they’re not the type of functionality you’re likely to find in open source threat modelers.
If you’re interested in seeing these two new capabilities in action, check out CloudModeler and IaC-Assist from ThreatModeler. It’s the modern threat modeling tool that can keep up with the pace of change in the cloud.