Automatically Managing and Securing Your Technology - Part 1
By Scott Gordon (CISSP) – Oomnitza Chief Marketing Officer;
What once was referred to as an asset has evolved alongside the role of IT. Visibility for endpoints, applications, infrastructure, etc. appears to never be accurate. A hybrid work environment and the move to cloud infrastructure can leave enterprises vulnerable. How are organizations contending with increased cybersecurity risk due to a wider attack surface and more organized threat actors – and where can a system for process automation move the needle to advance attack surface hygiene.
Cybersecurity leaders continue to calibrate and extend their attack surface mitigation capabilities. An attack surface comprises entry points where a user or system is susceptible to attack, and as a result, provides unauthorized access to a system and/or data. This encompasses understanding the range of internal and external attack vectors that could be exploited; such as endpoints and network infrastructure that are poorly maintained, improperly accounted for public-facing cloud infrastructure, systems with known vulnerabilities, and malicious sites posing as trusted sites designed to dupe users to provide access credentials.
The question is - with today’s accelerated hybrid workplace, multi-cloud, and digital business growth, how are organizations contending with increased cyber risk due to a wider attack surface, worsening threat landscape and more organized threat actors? Where could process automation be applied to improve security posture risk mitigation?
A recent 2022 Attack Surface Management Maturity report shed light on the current state, exposures, and priorities that organizations are considering to fortify their security posture. This survey, conducted by Cybersecurity Insiders, asked more than 350 security professions in enterprise organizations across industries their views on business outcomes, remote work, policy shifts and more, and revealed many useful findings.
While 40% have confidence with the measures their organizations have taken in attack surface management, the remaining have low to no confidence. The outcome of related security issues over the past 12 months resulted in a third indicating an impact on employee productivity and reduced business activity. Surprisingly, only 10% admitted to data leakage issues, but over 20% experienced increases in IT incident response expenditure – adding more pressure against anticipated shrinking budgets.
The survey results also indicated that 64% of organizations will continue to support a hybrid workplace. Recent resurging and new pandemic concerns, combined with the financial advantages of reduced office operating costs, support this trend. Remote employees not only need timely provisioning of endpoints and software, but also have increased security risks. More than half of respondents observed remote workers deviating from policy, which suggests the necessity for organizations to monitor policy compliance across multiple controls per asset type and user role.
Taking a deeper dive, the “Great Resignation” and uncertain economic conditions have fueled higher turnover of remote workers. Given the offboarding process complexities to coordinate and assure security, compliance, and financial controls for deprovisioning access and reclaiming technology across endpoints, applications (e.g. SaaS), network infrastructure, and cloud infrastructure - organizations need to advance their offboarding workflows capabilities from Separation to Recovery.
Cloud implementations grew exponentially in the past year. In fact, 80% of organizations have either a multi-cloud or hybrid IT strategy. However, 84% of those surveyed lack unified cloud resource visibility despite experiencing compliance, infrastructure, and misconfiguration visibility and control automation issues. This shows that IT and security staff are using a variety of tools to attempt to identify unaccounted for, unmanaged, or at-risk infrastructure in each of their private and public cloud environments.
Here too, business process automation, from Sprawl to Resolution, is essential to identify unmanaged, vulnerable and unaccounted for cloud instances and their underlying application, server, storage and network resources. With the wide adoption of multi-cloud infrastructure, it is not uncommon for orphaned and unmanaged instances across AWS, Azure, GCP and a hosted data center to be overlooked as they are often managed in separate tools. Some examples would include: an administrator of an instance may no longer be with the company, an instance created for test that has not been accessed for months, or an instance deactivated but still having resources operating. Each example introduces security risks. By centralizing cloud infrastructure intelligence and applying process automation, organizations can more efficiently discover these issues and enforce policy to mitigate these security posture exposures.