AWS Cloud Security Posture to Kubernetes Security Posture Reviews
Continuing with our security-first approach to Kubernetes data protection, in addition to Kubernetes Security Posture Reviews to scan your environment for vulnerabilities and misconfigurations, CloudCasa also added Cloud Security Posture Management for Amazon Web Services (AWS). Most attacks on cloud are the result of misconfigurations and mistakes, per industry analyst, Gartner. The research firm went on to forecast that through 2025, 99% of such attacks would be the customer’s fault. Cloud Security Posture Management (CSPM) is the process of identifying misconfiguration issues and compliance risks, and performing these checks in a continuous and automated fashion. AWS is the first public cloud environment that CloudCasa supports for CSPM, with Google, Azure, and Oracle Cloud support coming as part of the future roadmap.A key aspects of cloud computing is its ability to allow you to scale, however that also increases the attack surface. You need a tool to help detect the misconfigurations and compliance violations in cloud environments where architecture have become increasingly complex.
Cloud Security Posture Scans
CloudCasa now allows users to perform automated security posture scans on AWS cloud environments. CloudCasa provides this capability using a curated collection of best-of-breed opensource security tools that have been integrated and optimized into the CloudCasa SaaS service. Security scans can be configured and accessed in the CloudCasa UI under the new Security tab. The scan results are presented as interactive reports that can be searched, filtered, sorted, and flagged, as shown the screenshot below.
Reports can be easily browsed with several helpful views that group issues by severity or services. An advanced filter allows you to quickly narrow down the results. There is a convenient bookmark feature that allows you to flag issues for review, and results can also be exported in CSV format.
Free Service users for CloudCasa can perform one cloud infrastructure scan per month and store the results for 30 days. Premium service users can perform many more scans, schedule scans to run automatically, and store the results for longer retention.
Integrated Account Management
Managing your AWS infrastructure and workloads is already complex enough. Cloudcasa simplifies linking your AWS account to CloudCasa. CloudCasa performs AWS security scanning using agent-less access to your AWS account using a CloudFormation template. As depicted below, you simply “Launch” the cloud formation template stack from the CloudCasa UI, which will grant CloudCasa limited access to your AWS account using cross-account roles, with just the minimum permissions necessary to perform security scans and to manage RDS snapshots and restores. There is no need to setup EC2 instances, databases, or storage in your AWS environment. All necessary scan logic, storage and resources reside in the CloudCasa SaaS service.
Your Next Steps
Cloud Security Posture Management integrated with CloudCasa provides comprehensive AWS scans and reports. The scans cover security best practices across all AWS regions and major AWS services such as IAM, EC2, S3, RDS, etc. A security scan job can support multiple AWS accounts in one job and provide reports for each AWS account. In summary, we believe that protecting your environment is our key mission here at CloudCasa. With the addition of both Cloud and Kubernetes Security Posture Management, we have added even more value to the CloudCasa service.If you are an existing CloudCasa user, please login and update your CloudCasa agents to get immediate access to these new features. If you are new to CloudCasa, we invite you to sign up for our Free Service (no credit card required) and review your security postures and start protecting your persistent data with regular backups.
Bob Adair
Komal Nerurkar