In our recent Pulse video, we discussed the prescriptive approach iVision takes when developing a cloud security strategy. Throughout this blog series, we will break down this approach by covering each area individually: infrastructure, network, applications and data. In this blog, we’ll be highlighting securing infrastructure.
When leveraging the public cloud, the notion of infrastructure changes in many ways from its function in a private datacenter. The on-demand consumption model removes the traditional upfront financial and deployment burden, presenting potential for major increases in the quantity of provisioned infrastructure. This rapid provisioning can lead customers to uncover challenges with:
- Controlling IT Spend – dynamic provisioning leads to unpredictable monthly infrastructure spend.
- Preventing Shadow IT – ungoverned hosts introduce vulnerabilities into the environment.
- Managing Infrastructure Sprawl – increased infrastructure footprint increases the attack surface area.
Despite these challenges, proper infrastructure security and governance can improve security posture beyond the traditional walled castle of a perimeter defense model while enabling the increased agility and flexible scaling offered by public cloud.
Infrastructure as Code
The proper use and enforcement of Infrastructure as Code (IaC) helps organizations overcome the challenges of rapid deployment of unmanaged hosts. IaC allows the programmatic provisioning and modification of infrastructure resources in the public cloud, allowing infrastructure engineering teams to adopt the CI/CD practices leveraged by the application development teams. In turn, this use of deployment pipelines to standardized builds and deployments drastically reduces the variability across environments and allows for an automated checkpoint ensuring all provisioned infrastructure is configured, secured and managed in line with an organization’s controls and policies. iVision focuses on the following IaC practices for our customers implementation and adoption:
- Ensure a structured hierarchy for easy management, extension and auditability
- Use of parameterization to easily adapt deployments per environment and application stack
- Taking a layered approach to stack creation, breaking up environments at distinct layers based on:
- Integration with subsequent stacks
- Use by specific team(s) or role(s)
- Belonging to a functional unit that is deployed and updated together
- Planning and implementing checks at appropriate stages to validate prior to applying changes to an environment to reduce risk of business impact
- Store in their own source code repository, allowing for accelerated development, change tracking/auditing and roll forward/roll back capabilities
Initially, the use of IaC can often seem like a delay to cloud adoption, but the downstream returns far outweigh this initial investment through increased deployment speed, infrastructure consistency and inherent governance.
In addition to the use of IaC, immutable infrastructure is a critical practice for securing infrastructure. The approach of mutable infrastructure consists of servers being continually modified in place. These modifications are commonly made via admin actions leveraging SSH sessions to manually edit config files, deploy new code, upgrade packages and apply patches on a server-by-server basis. With the high touch nature of mutable infrastructure, high probability of configuration drift is accompanied by an increased attack surface from modification access points.
With an immutable infrastructure approach post provisioning modifications are never or very rarely allowed. When updates are required, configuration changes are needed, or new code is deployed, a new server is provisioned to replace the old server. After the needed validation is completed, the new server is placed in rotation and set to accept traffic, and the old server is decommissioned. Immutable infrastructure enhances an organizations security posture in the following ways:
- Reduction of internal and external attach surfaces through the removal of remote server access via mechanisms like SSH
- Easier anomaly detection via a highly consistent infrastructure baseline
- Improved “bad actor” remediation time through the rapid destruction and replacement of compromised servers
- Enhanced forensic investigation of compromised servers via isolation
This approach provides many benefits but using it effectively and efficiently requires both comprehensive automation and proper handling of stateful or ephemeral data.
Infrastructure Inventory Management
With the increased pace of infrastructure provisioning unlocked by public cloud, it is critical to maintain control and visibility of your infrastructure inventory. To achieve this, iVision works with our customers to apply tagging/labeling standards to their cloud infrastructure resources to provide the most insightful infrastructure inventory tracking experience. We work with our customers to identify the additional metadata (not provided by the cloud platform) that is useful in running your business and managing your environment. This infrastructure inventory data should then be reported against to check security health of the infrastructure estate, trigger alerting, and drive auto remediation. For example, when leveraging an immutable infrastructure strategy, one may want to monitor the age of the infrastructure in their inventory, as this can inform the potential for vulnerabilities found in outdated packages.
Our Cloud Architects and Engineers at iVision help organizations secure their cloud infrastructure using the above practices and more. For further information, read more about our cloud and security offerings or contact us directly. Also, check back for the rest of this series in the coming weeks!