Cybersecurity for Shared Cloud Environments
In its recent Cloud Workload Protection Platform (CWPP) research note, Gartner identified memory exploit protection as an essential component of any organization’s CWP strategy (Gartner, Cloud Workload Protection Platforms, 2020):
“Exploit Prevention/Memory Protection–application control solutions are fallible and must be combined with exploit prevention and memory protection capabilities…”—Gartner CWPP 2020
Cybersecurity Considerations for the Cloud
Cloud deployments introduce major new shared security considerations for organizations. This changes some key operational imperatives for development, security, and IT professionals. On one hand, commercial cloud providers’ “Infrastructure as Code” delivers multiple layers and types of network and server security out of the box. Paradoxically, that can create a false sense of security around applications, containers, and workloads—all of which come with vulnerabilities that cloud tools can’t catch.
Vulnerabilities replicate at light speed in the cloud via “golden images” that can massively expand the scale of the exploitable attack surface. Often, a significant amount of time passes – in the case of open source, many times it’s years – before a vulnerability is identified and fixed. And once deployed, it’s expensive and time-intensive to patch, remediate, quarantine, or roll back code. So, while cloud providers take ownership for the Infrastructure as Code elements of the stack, dev and devops teams inside the organization become responsible for a broader application security mandate than in traditional pre-cloud environments.
Workload Protection Strategy
Per the Gartner report, in the Risk-Based Hierarchy of Workload Protection Controls, exploit prevention/memory protection is a core workload protection strategy:
We consider this a mandatory capability to protect from the scenario in which a vulnerability in a whitelisted application is attacked and where the OS is under the control of the enterprise (for serverless, requiring the cloud providers’ underlying OS to be protected). The injected code runs entirely from memory and doesn’t manifest itself as a separately executed and controllable process (referred to as “fileless malware”). In addition, exploit prevention and memory protection solutions can provide broad protection against attacks, without the overhead of traditional, signature-based antivirus solutions. They can also be used as mitigating controls when patches are not available. Another powerful memory protection approach used by some CWPP offerings is referred to as “moving target defense” — randomizing the OS kernel, libraries and applications so that each system differs in its memory layout to prevent memory-based attacks.
Read the full post from RunSafe Security to learn more about securing your cloud deployment.
From Plant Floor to Cloud: Revolutionizing Data Integration for the Digital Age
At the Hannover Messe Fair 2024, Torey Penrod-Cambra, Chief Communications Officer at HighByte, delves into the latest developments of their Intelligence Hub. HighByte is advancing the interoperability of this platform with major cloud services, a pivotal shift poised to transform
Integrated Power and Process Management: A Leap Towards Efficiency and Competitiveness
At Hannover Messe 2024, one of the most anticipated industrial fairs globally, Hany Fouda, SVP IA Europe, Schneider Electric shares insights on the evolving landscape of power and process management. His vision for the future, where power and process systems
How to Use InfluxDB and PTC ThingWorx for Industrial IoT
One of the biggest challenges of implementing a digital transformation program is integrating with legacy systems for data collection. Another major challenge is presented in storing and utilizing that data to extract business value. In this article, you will learn about