Identify Unsanctioned Cloud Usage
Many organizations have a list of sanctioned CSPs that development, operations and marketing teams use to run their business systems.
Infrastructure in unsanctioned clouds introduce risk into an organization’s external attack surface because they are often unknown to IT and security teams and are therefore not managed.
In the Censys ASM platform, there are several ways to identify unsanctioned cloud usage:
-
Cloud Connectors: Use Cloud Connectors to distinguish between managed and unmanaged cloud assets.
-
A manually curated list: Assemble a list of sanctioned cloud names in use across an organization in order to distinguish between managed and unmanaged assets.
This guide will walk through how to identify hosts in unsanctioned clouds using the methods above.
Use Cloud Connectors
First, set up a Cloud Connector to import external asset identifiers from each sanctioned cloud your organization uses into the ASM platform.
Next, you will filter the cloud assets on the hosts and domains lists to assets not present in one of the cloud accounts you connected to the platform.
Identify Hosts in Unsanctioned Clouds
-
On the Dashboard page, click the "Cloud" card.
-
Scroll down to the Known and Unknown Hosts card.
-
Click the portion of the pie chart representing your unknown hosts to go to a filtered view of the Host List page.
-
Assess each of the hosts in the list:
-
Determine what it is.
-
Find out who is responsible for it.
-
Make a plan. Should it:
-
Migrate to a known account?
-
Be removed?
-
Stay where it is with a new IT/security policy?
-
-
Identify Domains and Subdomains in Unsanctioned Clouds
-
Filter the Domains list:
-
Set Source to "is not Cloud Connector."
-
Set Cloud Provider to "is Any Cloud."
-
-
Evaluate each unsanctioned asset. Should it:
-
Migrate to a known account?
-
Be removed?
-
Stay where it is with a new IT/security policy?
-
Use a List of Sanctioned CSPs Instead
If your organization cannot integrate your cloud accounts into the ASM platform, you can still follow the steps above, you will just need to use the filters to exclude hosts and domains in your sanctioned cloud providers.
Comments
0 comments
Please sign in to leave a comment.