In part two of our SOC-as-Service overview, we’ll look at how a cloud-based security operations center (SOC) can improve AWS and Azure security, and why you should consider this instead of build a SOC.
As we discussed in our previous post, many organizations are turning to SOC-as-a-Service to get the cloud security expertise they need without having to hire additional staff or add more work for existing SOC teams. In this SOC-as-Service overview, we’ll explore why that is, as well as some of the common risks introduced by IaaS. Finally, we will show how SOC-as-a-Service can help, particularly for small and mid-sized organizations (SMBs).
Is AWS or Azure Making Your Security More Complex?
If your organization is using Infrastructure-as-a-Service (IaaS) platforms like Amazon Web Services (AWS) and Microsoft Azure, it’s not surprising. These platforms make life easier for IT teams and application developers. They also make it simpler to scale resources up and down without worrying about hardware costs.
But one area where IaaS doesn’t make life easier is security. IaaS is often added alongside existing data center infrastructure. Security teams then have to juggle two sets of very different threat detection challenges. And most don’t have the luxury of doubling the size of their security operations center (SOC) team in response. That’s presuming they have a SOC.
Human Error: The Biggest Cloud Security Risk
By and large, cloud platforms like AWS and Azure are very secure. Amazon and Microsoft have compelling business reasons to maintain confidence in their platforms’ security. So both companies invest heavily in internal security best practices and protection against cyber threats.
Cloud infrastructure moves quickly, though. And even smart people with great security tools at their disposal make mistakes. Not too surprisingly, industry analysts predict that human error will continue to be responsible for almost all cloud security failures for the foreseeable future.
Here are some examples of common AWS and Azure security issues that you may face.
Storage Misconfiguration Errors
AWS and Azure cloud storage security misconfigurations have caused some of the highest-profile cloud security incidents. A few incorrect mouse clicks can give anyone with an Internet connection access to highly-sensitive cloud storage locations.
For example, a telecom giant was hit by two AWS cloud data leakage incidents in one year. One exposed 14 million subscriber records, and another revealed detailed proprietary information about the company’s infrastructure.
Compromised Admin Credentials
Stolen or leaked admin credentials are another major problem. Even as security teams and employees take more steps to protect usernames and passwords, simple oversights can have major consequences. Organizations face a never-ending wave of phishing attacks. Even savvy IT pros can fall victim to these attacks, which can lead to hijacked AWS or Azure credentials. Credentials are also sometimes stored in unprotected or compromised locations. Compromised credentials can be used to execute a broader attack or otherwise exploit cloud resources for personal gain.
For instance, security researchers discovered that attackers exploited Tesla’s publicly-accessible credentials for AWS resources. They were using them to mine cryptocurrency.
Security Key Exposure
Many interactions with AWS and Azure happen programmatically. Developers often write code that accesses cloud data and resources automatically using security keys generated by the IaaS platform. This introduces another category of human errors: security key exposure. Now that many development teams collaborate on software using platforms like GitHub, accidental sharing of security keys has become a regular occurrence.
Engineers at Uber unintentionally left some of the company’s AWS security keys exposed on GitHub, for example. As a result, hackers accessed more than 57 million customer and driver records. The company’s subsequent cover-up led to a $148 million settlement with the attorney general’s offices in all 50 U.S. states – plus the District of Columbia.
How Can SOC-as-a-Service Help?
In-house information security expertise is more valuable than ever. In today’s sophisticated hybrid cloud environments, though, it’s hard for internal security analysts to see everything in real time. It’s also increasingly difficult to find and staff dedicated security experts for every possible type of infrastructure or threat.
Engaging a SOC-as-a-service partner addresses these challenges by augmenting existing security personnel with outside monitoring coverage and specialized expertise. Some organizations choose to outsource their SOC completely. Larger companies may choose to build a SOC and use a managed security service as a force multiplier. Under a co-managed model, in-house SOC teams can spend more time on the security alerts that truly matter. With a managed SOC approach, they can benefit from insights drawn from similar organizations.
To illustrate this, let’s take a closer look at the SOC-as-a-service model. A SOC-as-a-Service provider invests in human expertise and advanced analytics systems that are applied across not just one, but multiple organizations. This puts specialized security expertise and analytical tools that were once only accessible to large enterprises into the hands of small and mid-sized organizations. This is particularly important for organizations adopting IaaS platforms like AWS and Azure, which may not align well with existing expertise and tools.
A SOC-as-a-service approach also helps in-house security teams become more proactive over time. With someone else responsible for 24×7 monitoring of security events, in-house staff have time for more strategic projects and incident response. More advanced SOC-as-a-Service providers like Delta Risk can also help put a structured training program in place. This enables you to tap into insights and lessons learned across multiple organizations, including peers in similar industries.
Summary
Use of AWS and Azure is exploding, but many security teams are struggling to implement effective cloud security controls and monitoring approaches. SOC-as-a-service offerings can help both large and small organizations monitor and protect their AWS and Azure environments more effectively.
If you’re considering a SOC-as-a-Service provider, look for one that combines advanced machine learning and a 24×7 managed security operations model. This will help you embrace AWS and Azure while maintaining a strong security and compliance posture.