We live in a multi-cloud reality where cloud computing has allowed organisations big and small to achieve rapid success with services and infrastructure that can scale on demand, across geographies and service providers, giving businesses access to best in class utility computing on a pay per use model.
Like everything else, there are considerations that need to be taken into account to ensure everything positive about adopting a multi cloud strategy is not negated by introduction of complexity, cloudiness (lack of transparency) and weak links in the chain.
The often forgotten, yet the most important point about public cloud providers is that they operate under the shared responsibility model; meaning according to the service level agreements (SLA), the service providers are typically only responsible for providing continuation of service with possible penalties for service disruptions. The protection and security of data is still the responsibility of the customer as the owner of that data.
This makes managing data and applications across multi cloud environments a cumbersome and complicated affair due to lack of any consolidated view of these environments making compliance and governance of regulatory and corporate policies a nightmare.
I recently had an opportunity to test a solution called DivvyCloud (acquired by Rapid7) that specifically tackles the challenges associated with multi cloud and containerised environments. Let’s talk about what this solution is and how it is helping organisations realise their multi cloud journey.
What is DivvyCloud?
DivvyCloud is a Cloud Security (and compliance) Posture
Management platform that protects organisations against misconfigurations, policy violations, threats and IAM challenges by providing real-time insights, enhanced compliance, automating governance and threat remediation across all major cloud and container technologies.
How does DivvyCloud Work?
At a high level, DivvyCloud’s work flow can be defined in 3 simple steps. Let’s discuss these steps briefly. (For techies interested in the solution architecture, please visit the product architecture page.)
Note: While DivvyCloud works across all major public and private cloud setups, we will be focusing on the three major hyperscalers; AWS, Azure and GCP.
1. Harvest (Data Gathering):
Harvesting involves plugging all your environments in to DivvyCloud by entering your cloud account credentials. Once you are done, you should see all your cloud environments listed and the harvesting can begin.
For Microsoft Azure and Google Cloud Platform (GCP), DivvyCloud uses a pull mechanism to poll data based on time intervals that are configurable through harvesting policies. For Amazon Web Services (AWS), users can choose between a pull (default) or push approach also known as Event Driven Harvesting (EDH).
EDH tends to be more efficient as it uses AWS APIs to push data to DivvyCloud platform when an event has occurred. For example, a user has provisioned a resource or changed permissions on a resource etc.
2. Visualise:
Visualise is about gaining visibility through rapid insights and a consolidated view of your multi cloud environment. This is achieved in two stages:
2.1 Unify (Data Normalisation) :
As data is ingested into DivvyCloud, it is normalised. That means a compute resource in DivvyCloud is called an instance (whether it’s referring to an AWS EC2 Instance, Azure VM or GCP Instance). Similarly, a database resource is called a Database instance (whether it’s referring to an AWS RDS, Azure Database, SQL Server or GCP Cloud SQL).
This allows DivvyCloud to apply compliance and governance policies and actions to standardised resources without having to worry about individual cloud provider’s naming conventions. Filters can then be applied to these resources to set a scope.
2.2 Analyse (Rapid Insights):
Once the data has been standardised (which happens automatically upon ingestion without any user input required), you can then use the following tools from the DivvyCloud toolbox for real time insights:
✅ Resources view:
provides a consolidated view of resource inventory across all your cloud and container environments connected to DivvyCloud.
✅ Filters:
provide a selection mechanism to set scope of the resources you would like to target. DivvyCloud ships with more than a thousand filters with new ones being added with every new release. For the odd edge use cases, you have the option to create your own using plugins (and a bit of python knowledge).
✅ Insights:
are a set of definitions or rules that allow you to check your current configurations against the desired state. DivvyCloud ships with over four hundred pre-built insights for most popular use cases but you can create your own insights for your personalised use cases as each organisation has their unique requirements.
Creating insights is super easy with no coding knowledge necessary. You start by applying filters (one or more) to select the scope and conditions you want to match. After applying the right filters you can then save them as insights.
For example, instances that expose SSH to the public or workloads that have been in a running state for over N number of days, have no owner tag associated and do not belong to Production or Development environments. (Needless to say, the accuracy of some of these filters depends on how well your resources have been tagged.)
✅ Packs:
Packs are simply a collection of insights packaged together to test your compliance posture. DivvyCloud ships with a large number of compliance packs targeted at: SOC 2, PCI DSS, NIST(CFS), NIST 800-53, ISO 27001, HIPPA, GDPR, FedRAMP and others.
Additionally, you can create your own custom packs by grouping insights into packs while using one of the in-built packs as a foundation to get a more personalised view of your business.
You can then easily apply these compliance packs to your resources for a heatmap (red, amber, green) view of your compliance posture.
3. Action (automation/remediation):
The best part of the DivvyCloud solution is that it not only gives you complete visibility into your multi-cloud environment but lets you take actions based on those insights. These actions allow you to provide remediation, enforce governance, mitigate threats and automate tedious tasks. DivvyCloud uses the concept of BOTS (short for robots) for this purpose.
✅ BOTS:
BOTS are the slaying warriors, i.e. automation robots that perform actions when triggered. BOTS can be triggered on a schedule, upon matching pre-defined criteria or manually.
Use case walk through
To make this discussion more practical, let’s run through a very real yet common use case that has led to many instances of data leaks/breaches and see how DivvyCloud would protect against, notify of and remediate such threats.
Scenario: A user accidentally exposes an AWS S3 bucket to the public.
Preparation: We need to create a BOT that will check for the above-mentioned condition and trigger actions when an exposed storage container is detected (this is a one time operation).
Actions our BOT will perform:
- Mark matching resource/s as Non-compliant.
- Send a Slack Notification (requires you to configure slack integration) or an email notification.
- Quarantine the exposed resource by removing public access.
Demonstration: Automatically quarantine publicly exposed S3 Bucket
As video speaks louder than words, here is a quick video demonstrating the whole process of detecting an exposed bucket, slack notification triggered by the BOT and automatic quarantine of the resource.
I hope by now you get a fair idea of what you can achieve with DivvyCloud. If you want to learn more please visit www.DivvyCloud.com
Conclusion:
In order to be successful, organisations looking to adopt a multi cloud approach need an ability to protect themselves against mis-configurations, policy violations, cyber threats and IAM challenges which can only be achieved through rapid insights, complete operational visibility, automated governance and enhanced compliance.
A consolidated view of your multi cloud environment is no longer a nice to have as the enemies in the cyber warfare are often invisible.
REMEMBER: “The greatest battles are fought with invisible enemies” – anonymous