The self-service and dynamic nature of cloud and container infrastructure creates challenges for risk and compliance professionals who protect their organization with security and governance controls. It is far too common and too easy for a developer or engineer to misconfigure AWS or Kubernetes and create a vulnerability. Take for example the recent security incident at Weight Watchers where an unsecured Kubernetes console was left exposed. Luckily this vulnerability was discovered by security researchers who alerted the company rather than exploit it. These misconfigurations are just a further continuation of the same old stories we have seen repeated weekly in the media about AWS S3 bucket leaks.
So why does this happen so often?
1. When you have dozens or hundreds of engineers and developers provisioning and configuring cloud and container services, this creates risk by itself. Not all of these people will know how to configure these services correctly, they won’t necessarily know what security and compliance standards they need to adhere to, and even further they may not know how to apply those standards to these diverse services. On top of all that, even the best person can miss a step in a SOP or flat out make a mistake.
2. The security teams are often overwhelmed by the rate of change that occurs in cloud and container environments. Added to that, the tools and controls that worked well for security and compliance in the traditional datacenter do not translate to the public cloud. This lack of translation means that security and operations teams are unable to get visibility into the security and compliance posture of these environments, and are often left doing the best they can do manually triaging issues when they come to their attention. Manually having to sort and solve these problems is a frustrating approach and leaves companies open to substantial security and compliance risk.
At DivvyCloud we offer a better way. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).
First, our software performs real-time, continuous discovery of infrastructure running in cloud and container environments allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom native policy guardrails for cloud and container services that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.
Request a demo of DivvyCloud today if you are looking to mitigate the risk of operating workloads and applications in cloud and container services.