The cloud has quickly become one of the most important — and most exposed — spaces within your attack surface. With an ever-evolving attack surface that constantly impacts assets within cloud environments, it’s no surprise that 65% of high and critical security risks are found in cloud assets.
Unfortunately, many attack surface management solutions do little to nothing about cloud visibility, especially not outside of the big three providers. Cloud connectors within a cloud asset management solution can help import cloud assets into your larger asset inventory and keep tabs on vulnerabilities from one cloud space to another. Let’s dive into what a cloud connector is, why cloud visibility is important for attack surface management, and what to look for when exploring cloud surface management solutions.
What is a cloud connector?
A cloud connector is an application that can be installed to create a secure connection with cloud environments, predominantly the big three: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Azure. Cloud connectors allow you to continually import public-facing cloud assets into your asset inventory, comprehensively check cloud assets for security problems, and contextualize what has been found.
Attack surfaces within every organization are constantly changing; new employees are onboarded, other employees leave, applications are upgraded, and older applications are decommissioned. These changes create a rise in a number of factors that contribute to a shifting cloud attack surface, including:
- Cloud misconfigurations: Misconfigurations were the cause of about half of breaches in 2021, and system administrators and developers performed the misconfiguration action 85% of the time.
- Remote work: Without proper training in security procedures and social engineering indicators, remote workforces have been misusing the cloud or using it in inconsistent ways.
- Shadow IT: The shift to the cloud is accelerating Shadow IT, which means cloud asset risks are not staying within the big three cloud providers, the primary cloud environments that security tools are set up to analyze and protect.
- Unattributed cloud assets: It’s hard enough to secure the cloud assets that organizations are aware of, let alone the ones their security team doesn’t know exist or weren’t properly decommissioned.
With all of this in mind, cloud visibility must be an essential piece of your attack surface management in order to complete the full picture of what your attack surface truly includes.
What to look for in cloud asset management
To ensure that security teams have the most complete view of their attack surface which includes the cloud, they need a cloud asset management solution that checks all the boxes.
1. Cloud storage bucket discovery
Many organizations find large amounts of unknown and unprotected cloud assets within storage buckets. With Censys’ new Cloud Security offering as part of the attack surface management solution, we’ve added storage buckets as a new asset type and customers can now view their inventory of storage buckets and their associated risks and misconfigurations. After turning on the feature with one customer, we found 18 exposed buckets, one with a completely configurable access control list, meaning anyone on the Internet could have changed the settings and accessed the data.
2. Continuous import of cloud-facing assets
Many security teams scan for cloud assets as often as once per week or as little as once per month. Many cloud asset vulnerabilities, however, can’t wait a month or even a week to be resolved before a major breach takes place. Censys provides ongoing monitoring and importing of cloud assets into your asset inventory, ensuring your team never misses an important cloud exposure.
3. Centralized and complete cloud inventory across all providers
While many cloud security solutions only monitor the big three, Censys scans all public-facing cloud instances every 12 hours to give you the most accurate picture. Our Cloud Connectors empower teams to quickly determine any unmanaged cloud instances in Amazon Web Services, Google Cloud Platform, and Azure, as well as all other cloud providers.
4. Full integration with your existing workflows
The clearest picture is one that fully integrates into an existing security stack, harnessing vital data without disrupting established processes and workflows. Censys Cloud Security is designed to integrate seamlessly with your existing security solutions, including Cloud Access Security Broker (CASB), Cloud Posture Security Management (CPSM), Security Rating Services (SRS), and Vulnerability Management (VM) tools.
Integrate Censys cloud connectors into your cloud surface management
Censys invented internet-wide scanning and has built the best and most up-to-date perspective of global internet- and cloud-facing assets. We know more than anyone else when it comes to internet and cloud visibility, and now with our Cloud Security offering as part of our Attack Surface Management solution, your team will know every asset from every corner of your attack surface. To learn more about the importance of cloud visibility and how Censys can provide that visibility directly to your security team, download our Cloud Misconfiguration Report.
Need a way to understanding your cloud-exposed assets right now? Demo Censys ASM today.