Secure Your Cloud Infrastructure For Remote Workers

Tony MasonData Protection, Enterprise Security, Microsoft 365 Security, SIEM, Vulnerability Management & SIEM

Secure Your Cloud Infrastructure For Remote Workers
Remote Workers

As working from home becomes more long-term, it’s important to secure your cloud infrastructure for remote workers.

Cloud Infrastructure allows for great speed and ease of deployment. New infrastructure can be deployed in minutes.  The rate of change in cloud infrastructure is far quicker than with on-premise and it is so easy and quick to deploy. This is enabling businesses to move quickly and keep dynamic in this ever-changing world.

On the one hand, this is great, speeding up set-up and new solutions.  However, on the other, it leaves relatively inexperienced staff creating new infrastructure and leaves you vulnerable to misconfigurations that can be exploited.  DevOps & developers are now creating new infrastructure not just IT and security teams.

Companies Need To Consider Cloud Best Practices

Importantly, you need to minimise the chance of misconfigurations and be able to quickly remediate them should they occur.

At the same time, you need to ensure you don’t restrict the dynamism of a company, keeping your environment secure without impacting its flexibility.  In addition, you must ensure you don’t restrict and block developers as they will find a way around these and leave you even more exposed.

Create A Baseline

You need to create a baseline to define what your cloud environment should look like from a security perspective. This should include what services are and are not authorised to be used.

In addition, you should set how things should be configured and who gets what access and who can make changes. Fortunately, you can start with existing best practice recommendations such as CIS Benchmarks for AWS, Azure, and Google Cloud Platform (GCP). Plus each cloud provider has their own best practices.

You also need to create an incident response plan that everyone can follow when responding to incidents.

Enforce Your Baseline

To help enforce the baseline you can use a cloud security posture management (CSPM) solution. Rapid7 now work with DivvyCloud which help you to create & enforce baselines. These solutions help you with visibility of misconfigurations and policy compliance.  You can then remediate quickly.

Otherwise you can use infrastructure as a code solution.  Here you create templates for cloud infrastructure where everything is properly configured according to your baseline.

Developers can then use those templates to reduce the possibility of human error during configurations of new infrastructure. However, your cloud infrastructure can still be changed at a later date, so you still need to monitor for misconfigurations as you would for other software vulnerabilities.

Access Management

Ensure users are accessing cloud accounts with single sign on tools.  Plus consider assigning the same permissions at group or team level so no-one sneaks under the radar with an access they shouldn’t have.

Another consideration is to never use the root user if you can absolutely avoid it.  If this user were to be compromised, the system would be seriously vulnerable.  Check the credential reports from your cloud platform to check who has access to what and what they are doing. This can help you set up specific permissions if necessary.

Set Up Vulnerability Monitoring

Cloud networks need to be monitored and patched as much as on-premise networks do. As instances can be spun up and down so much more quickly in the cloud, you need regular monitoring to give you up to date information.

Log Everything

All cloud providers have logging facilities. It’s important to keep using these for all areas as someone could quickly and easily deploy something where you are not currently monitoring.  It’ll enable you to see what’s happening and whether there was any unauthorised access. Ensure this data is encrypted and no-one has access so nothing can be changed.

As cloud providers don’t monitor your on premise networks and remote workers, you’ll need to consider a 3rd party SIEM with threat detection capabilities such as Rapid7 InsightIDR or Alien Vault USM Anywhere.  This can then monitor your cloud and all other environments in one place. This will also help you monitor lateral movement.

Consolidate Your Team

When it comes to your IT team, ensure you have one unified team overseeing your security with clear accountability and responsibilities. Don’t separate this out to cloud and on premise or vulnerabilities will get missed.

Automate

As you can see, things in the cloud can move extremely quickly and humans can’t keep up. Therefore, automate where possible. The more you can automate, the fewer human errors you will get.

Data Storage & Microsoft 365

In order to maximise and enhance the security of the new cloud-based office, businesses must be aware of the shared responsibility of data.

Unfortunately businesses often incorrectly store their data in the same service and OS that operates the core aspect of their business such as Microsoft 365.

You need to back up data separately, to ensure there is a duplicate source available in case the original is compromised.  Your backup solution should also offer regular automated backups, rapid recovery and the capability to safeguard business continuity as well as meet compliance requirements (such as GDPR).  Barracuda Total Email Protection offers an all in one cloud based email security, with backup archiving and eDiscovery.

In summary, cloud-based offices are definitely our future with Gartner reporting 41% of employees planning to continue working remotely. However, this puts an immediate security concern on businesses as we are faced with increased risks of cyber attacks and ransomware threats.

Therefore, we need to put security at the top of our agenda and secure cloud infrastructure for remote workers, as we transition to long term remote working.  We need to be reassured that we have the sophisticated tools in place to monitor our networks, recover files from unexpected problems, and solutions in place to repair any damage.