Cybersecurity Challenge
2022 Statements
CS03: Automated Prioritization of Cloud Drift Remediation in Multi Cloud Environment
Challenge
Develop a solution to detect, evaluate, prioritize, and remediate configuration drifts (CDs) in the multi-cloud environment.
Background
With mainstream Cloud Service Providers (CSPs) such as AWS, Azure and GCP, it is possible to generate reports of CDs detected in the various services utilised by organisations. These reports categorise CDs based on severity levels High/Medium/Low (or equivalent, depending on each provider’s terminology).
This categorization is based on the CSP’s standard assessment and inevitably overlooks several important parameters. For example, a CD may be categorised as High severity, but may be occurring within a completely sandboxed service thus have a lower remediation priority. Vice-versa, a CD with Medium or Low severity may have a higher remediation priority if the service is exposed to the Internet or is critical to the business. On top of this, the assessment criteria for CD varies between CSPs, further increases the difficulty of CD categorisation.
Because of these difficulties, manpower is required for manual analysis of each CD. This process is time-consuming, prone to human error, and may not be sufficiently comprehensive. As a result, critical CDs may not be properly prioritised, if left exposed and it could potentially lead to security breaches.
Requirements
With mainstream Cloud Service Providers (CSPs) such as AWS, Azure and GCP, it is possible to generate reports of CDs detected in the various services utilised by organisations. These reports categorise CDs based on severity levels High/Medium/Low (or equivalent, depending on each provider’s terminology).
This categorization is based on the CSP’s standard assessment and inevitably overlooks several important parameters. For example, a CD may be categorised as High severity, but may be occurring within a completely sandboxed service thus have a lower remediation priority. Vice-versa, a CD with Medium or Low severity may have a higher remediation priority if the service is exposed to the Internet or is critical to the business. On top of this, the assessment criteria for CD varies between CSPs, further increases the difficulty of CD categorisation.
Because of these difficulties, manpower is required for manual analysis of each CD. This process is time-consuming, prone to human error, and may not be sufficiently comprehensive. As a result, critical CDs may not be properly prioritised, if left exposed and it could potentially lead to security breaches.
Limitations
Automatic remediation might not be possible as the organisation would have to provide the proposed solution with write permissions. Thus the solution should offer both options:
- Manual remediation with detailed remediation steps listed
- Automatic remediation