Cloud Hosting

What is system hardening?

The Center for Internet Security defines system hardening as the process of limiting potential weaknesses that make systems vulnerable to cyber attacks. While hardware and software manufacturers strive to practice security by design principles, the reality is that the responsibility still largely rests on IT buyers and administrators to apply extra vigilance in vetting for vulnerabilities any time new systems are being integrated. Common examples of system hardening include configuring user privileges, enforcing strong password protections, setting account logins and lockouts, uninstalling superfluous applications and firmware, and implementing multi-factor authentication.

Thats why experts continue to stress the importance of system hardening as a fundamental baseline security discipline even for the cloud.

Many organizations are familiar with the benefits that moving to the cloud has to offer: increased production, faster services, improved security and analytics, and the flexibility to solve business-critical problems at scale. In the process of migrating workloads and applications to the cloud, however, organizations that do not take necessary steps to minimize their attack surface may find themselves easy prey to adversaries. System hardening plays an important role in securing cloud services.

Most cyber criminals are looking to exploit low-hanging fruit. To put it plainly, theyre banking on organizations to leverage cloud services by default without taking the extra measure to secure cloud-based components and features. These include exposed APIs, weak password controls, misconfigured storage containers, improper access management, and shadow IT or non-authorized devices.

Recent high-profile breaches make it clear that failure to harden systems puts organizations in the crosshairs.

Theres a pattern here. Organizations continue to shift applications and workloads to the cloud and many are failing to secure at scale as needed. Storage misconfigurations, overly permissive policies, and leaky APIs are the end result and these critical weaknesses open doors for otherwise easily preventable attacks.

The more people you have accessing [your cloud] and the more accounts you set up, the more you have to consider, said Michelle Peterson, who previously directed the Center for Internet Securitys Benchmark guideline series. Its not just a small group [anymore] utilizing these resources, but multiple tiers of your organization accessing these cloud environments and ensuring that theres no change when someone decides to add a new account or make a change as an admin [or thinking] what impact does that have across the board?

Fortunately, theres no shortage of resources that organizations can draw from to help harden their cloud operations.

A good first step to take is conducting a security configuration assessment, or SCA, as an extension of a vulnerability management program. When exploring the market for SCA tools, look for those that automatically scan for IT configurations and cross-check them against CIS benchmark controls. An effective SCA should be able to aid with enforcing the following steps, at the very minimum.

Organizations might also want to consider adding policy compliance management to simplify reporting of asset compliance. By embedding mandate-based reporting, security teams can ensure cloud configurations meet external regulations and multiple security mandates.

CIS Benchmarks are publicly available for download and can assist organizations when it comes to all aspects of system hardening, such as setting identity and access management controls, logging and monitoring, network hardening, virtual machines, storage, and cloud databases. Usefully, it also clarifies which of its recommendations can be automated versus provisioned manually.

System hardening should be considered an essential pillar of any cybersecurity strategy. By investing in automated security configuration assessment tools and adhering to published CIS benchmark guidelines, organizations can reduce unnecessary risk and prevent vulnerabilities from being exploited.

Read more:
Hardening and monitoring cloud configuration - SC Media