Identifying & Remediating Security Issues Using Automation

Posted by Hunter Lynne, Security and Governance Practice Lead

Sep 09, 2020


If there’s one thing I could see and hear less of in 2021, it’s the word “unprecedented”. That one word has been maxed out in 2020. We’ve seen it in social media posts, on communications from work and school.

We’ve even heard it announced on the PA system at the local grocery store. And 9 times out of 10, “unprecedented” has been connected to Covid-19-type activities, such as wearing masks, social distancing, virtual learning, and working from home full-time. It’s not that it’s used incorrectly, it’s simply over-subscribed. 

“Unprecedented” has lost some of its meaning, much like “flex” or “salty,” which are (really) popular words used by teenagers in my home. 

However, “unprecedented” still has some oomph the one time out of 10 that it’s not overused. That’s because it’s been reserved for the cloud, and in particular, cloud adoption where unprecedented growth has taken place due to Covid-19 business impacts. 

According to a Flexera survey, public cloud adoption continues to accelerate with almost 57% of enterprises and SMBs increasing cloud usage, with 26% stating their organization planned “significantly higher” use of the cloud due to Covid-19 alone.

three colleagues discussing dataThis represents, literally, unprecedented growth. To protect your organization during this massive growth, you will need scalable security and operations management supported natively in the cloud. It’s a basic tenant of secure enterprise computing.

This isn’t an easy task, but it’s not impossible. Good planning, a focus on risk management and IT project risks, and being prescriptive about using cloud processes and controls that automatically identify and remediate risks are the keys to success when building your cloud environment.

Planning for Cloud Security

Any security initiative must start with a valid inventory of your environment. There are multiple cloud native and third-party tools that can assist with creating that inventory to ensure secure cloud solutions. 

Ultimately, you should have a list of all services, configurations, and resources to understand obvious gaps in security posture and what it is that needs to be protected. 

One note: Once you have an inventory, make sure the resources are properly tagged or labeled. There are numerous benefits from categorizing resources in the cloud, with one of the most important being able to quickly identify the asset’s role and data value during a security incident.

Next, a proper information security program should leverage a data classification matrix or equivalent that classifies the data stored on the inventoried assets in order to understand the criticality of it. 

SecurityFor example, data loss that would result in financial or reputational harm to the company that processes or stores it, may use a “confidential” label that indicates the data data will require more controls to protect it at rest and in transit than “public” information. 

This can be a major undertaking, but is highly recommended to ensure the right controls are applied to the right data sets using a consistent approach.

Addressing Risk Management

Once there’s clarity about what needs to be protected, it’s time to perform a risk assessment and understand the control deficiencies. This requires a few steps:

  1. Identifying the risk assessment scope.
  2. Outlining what is being protected (see steps above).
  3. Identifying the top, known risks in the organization.
  4. Developing a process for risk determination (usually based on one or a combination of data sensitivity, attack likelihood, or the amount of data being protected). 

The risk assessment will yield information about your organization’s weaknesses. Analyze the output from the risk assessment and prioritize the issues. The highest rated issues are the most critical and should be addressed based on the risk they present to the organization. 

With an understanding of the security weaknesses, your risk and security teams can then draft a corrective action plan outline focused on automated remediation to solve those risks. This plan will translate into the design and implementation steps to deploy the solution.

Examining Security Operations

Historically, security has been a challenge for organizations for two reasons. First, lack of visibility has created uncertainty about security activities in the environment. Second, a low degree of automation has restricted security teams’ ability to correct issues proactively.

assessing risk

In the cloud, event-driven security can eliminate those challenges by targeting specific vulnerabilities based on the risk in the organization and solving them automatically without fail. 

For example, if your cloud buckets require encryption and someone disables encryption on that bucket, an event-driven process will identify the control breakdown and remediate it by re-enabling encryption on the bucket. You can receive alerts or have a dashboard provide real-time notifications about changes that are occurring in your cloud accounts.

Infrastructure as code (IaC) makes this possible because all activities that occur in the cloud are driven by APIs that interact with cloud code/scripts that make up the resources and configurations in the cloud. IaC helps drive the automation that remediates the identified risk. APIs interact with the code and modify it based on the response to the event.

By focusing on the top risks identified in the risk assessment, and understanding the asset’s risk based on the steps in the planning section, it’s easy to target and implement event-driven security to automate remediation when controls fail. 

SecGov Checklist

Subscribe for Updates

Hunter Lynne, Security and Governance Practice Lead

An 8-time cloud-certified professional, Hunter is passionate about finding ways to shorten the time between idea and delivery for customers. He has 20 years of experience in the financial services industry, where he lead cross-disciplinary teams to solve strategic, operational, security, risk management, compliance, and audit problems for the business.

Popular posts

AWS 101: What is Amazon S3 and Why Should I Use It?

Kubernetes 101: What are Nodes and Clusters?

Update: How to Pass the AWS Solutions Architect Professional Exam