The Cloud Has Complicated Attack Surface Management

Posted: 3rd April 2023
By: Sam Langrock
The Cloud Has Complicated Attack Surface Management

As the use of the cloud has expanded, an organization’s attack surface, the sum of all potential digital doorways into the organization, has seen a corresponding increase. The average enterprise now uses over 1,400 distinct cloud services – a number that has tripled over the past five years. Cloud-first strategies have invaluable benefits to an organization, but they also increase the complexity of their digital environment and lead to more exposures in more places than ever before.

According to Geoff Brown, VP of Global Intelligence Platforms at Recorded Future and former CISO of New York City, companies need to be vigilant with their cloud assets. As more companies deploy more applications in the cloud, managing the attack surface becomes more complicated.

The Rising Cloud Tide and Attack Surface Management

It’s very easy for enterprises to spin up new cloud instances. Whether this is for DevOps to deploy new clusters for production, data storage, or the engineers building new products, cloud services are here to stay. In fact, 83% of new enterprise workloads are hosted in the cloud. Along with the ease of spinning up new cloud workloads, there's a corresponding increase in digital assets that must be defended.

However, that attack surface needs to be visible to be defended. This is a struggle for cloud infrastructure. Security teams must have a comprehensive understanding of how to monitor and configure the cloud assets their organizations use. Given that the average enterprise experiences 23.2 cloud-related threats per month, security teams need to develop this understanding fast.

Compounding this problem, cloud assets are often created without proper security oversight and hygiene, and left forgotten and unsecured. When any department can create a cloud instance or new web application, it’s easy for the attack surface to rapidly expand. In fact, enterprises often discover that their attack surface is 30% larger than expected when they conduct their first automated scan. This is problematic at best, and a major security risk at worst. To combat this challenge enterprises need a persistent view of their external attack surface.

This is where attack surface management tools become so critical. When security teams understand what assets comprise their external attack surface, then they can make more effective decisions about controls to deploy and where to spend their time. Insight into the size and scope of the attack surface can also inform decisions about where to invest to reduce risk.

Attack Surface Intelligence Is Necessary for Cloud Security

Think of defending the attack surface like playing a game of chess. On one side is the organization’s security team, and on the other is the various threat actor groups seeking to thwart their every move. For each move defenders make, threat actors make one in response. With the ability to enumerate vulnerabilities and exposures in minutes to hours, they currently hold the upper hand.

As digital transformation shifts more enterprise functions to the cloud, intelligence on an organization's attack surface becomes even more critical to shifting the balance of power. Enterprises have to understand where their exposures are before attackers do, and how to defend those structures against the kind of attacks that threat actors will ultimately deploy.

Request a demo of Recorded Future Attack Surface Intelligence to begin uncovering attack surface blind spots.