From no idea to know-how: Three ways of gaining visibility and insight to your cloud resources

In this post we explore three ways of gaining insight into your cloud resources. Ready to learn about cloud security solutions through visualization, automated workflows, and CSPM products? Let’s jump right in.

Your keys to a better career

Get started with ACG today to transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.

Picture this: your team is working on two concurrent projects. They need to deploy a new application, and they need a customized testing environment for end-user experience. 

Once upon a time, a single person or small group of people deployed the resources required according to a static set of criteria. So for this scenario, you would submit a ticket to the data center, specifying the service your team needs. The data center team would then validate and deploy the necessary resources according to predetermined criteria and send the login and system information back to the users. 

Nowadays, a larger group of people can deploy resources according to a dynamic set of criteria, and based on the needs of the project and deployment. Cloud tech has allowed for the rapid deployment of resources from any number of users by restricting deployments using Identity and Access Management (IAM) frameworks such as Role-Based Access Control (RBAC). 

A big benefit is that you can now deploy the resources you need, when you need them. Knowing what's being deployed and where is the challenge.

In an organization that uses a single cloud provider, there’s at least three different ways to deploy resources. That’s without considering the number of people able to use those methods. And teams must be able to get the resources they need as quickly as possible. 

So back to your scenario. The team is ready to deploy the resources they need. The data center team recommends where they put them, and everyone has the permissions they need. For those that understand cloud workload environments, this process has only set the stage for what comes next: cloud security.

It’s not enough to simply deploy the resources and applications needed. The moment a resource or application is deployed to a cloud environment, it’s immediately susceptible to compromise, especially if it has publicly accessible endpoints. So what’s a cloud security engineer (or other concerned cyber-citizen) to do? 

Below are three ways to gain visibility and insight to your cloud resources. There are benefits to both the built-in and customized methods outlined here. The third option attempts to leverage as many of these benefits as possible.

Each of the major cloud providers has built-in visualizations you can use when you deploy your resources. Microsoft Azure gives basic information on what is available for performance in a virtual machine (as do AWS and GCP). Here are examples of the metrics insights provided by Microsoft Azure.

Azure Virtual Machines (VMs)

Azure Virtual Network

Using two visualizations together like this can be helpful, but it lacks some of the context necessary. A spike in performance can be an indicator of legitimate traffic, a denial-of-service (DoS) attack, an internal compromise, or a glitch with the resource or application. 

Basic info doesn’t tell you enough to determine the root cause. These built-in visualizations and reports are a good start but are performance oriented, and often don’t give enough information about security actions that need to be taken.

Another way to reach into your resources and get the data you’re after is to use programmatic services like AWS Lambda, Google Cloud Functions, or even Azure Automation workflows. This method allows for extensive granularity in the data retrieved. Leveraging the log data directly through queries to then visualize it in the way you want can be extremely helpful. 

Add to this the custom actions that can be programmed through your code and you have a powerful tool at your disposal. But it takes a significant amount of engineering effort to get these workflows up and running and to maintain them.

Here’s what that looks like using Azure Automation runbooks. 

A CSPM product is designed to provide built-in visualizations and reports with meaningful data that can be used for decision making. They often come pre-configured with options based on known security best practices so that the initial evaluation of your security posture is helpful. From there, information can be acted on through a Cloud Workload Protection Platform (CWPP). 

Microsoft has developed multiple tools over the years to provide CSPM- and CWPP-like capabilities, such as Azure Security Center and Azure Monitor. 

Evolving these products further, Microsoft Defender for Cloud brings CSPM, CWPP, and multicloud into one offering to help gain visibility and insight into your cloud resources. 

Interested in learning more? Check out my new Introduction to Microsoft Defender for Cloud course to help get you started.