Wiz, the leading cloud security platform that rapidly enables customers to find and remove critical cloud risks, today announced its newest project, The PEACH framework, a tenant isolation framework for cloud applications. This framework will enable industry-wide collaboration and provide cloud customers and cloud application developers with the necessary guidance to build cloud services securely and prevent critical risks in the implementation process.
“Over the past year and a half, Wiz researchers and other members of the cloud security community discovered several cross-tenant vulnerabilities in various multi-tenant cloud applications,” said Wiz CEO Assaf Rappaport. “Although these issues have been reported extensively and were dealt with appropriately by the relevant vendors, we’ve seen little public discussion on how to mitigate such vulnerabilities across the entire industry. This is where we see an opportunity to strengthen the collaboration between members of the security community.”
Beyond offering a guideline for organizations, PEACH is a starting point for empowering security teams to work together to establish standard transparency and common language when it comes to mitigating cloud threats.
Serving as a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, PEACH manages the attack surface exposed by user interfaces and provides a clear standard for transparency on tenant isolation assurance. Wiz developed the following parameters based on lessons learned to address the rising cross-tenant vulnerabilities, lack of a standard for transparency, and missing common langue among vendors:
- Privilege hardening – ensure tenants and hosts have minimal permissions in the service environment.
- Encryption hardening – confirm the data belonging to each tenant is encrypted with a unique key, regardless of where the information is stored.
- Authentication hardening – validate that communication between each tenant and the control plane use authentication with a validated key unique to each tenant.
- Connectivity hardening – establish that all inter-host connectivity is blocked by default unless explicitly approved by the tenants involved.
- Hygiene – verify that unnecessary secrets, software and logs scattered throughout the environment are purged to avoid leaving clues or enabling quick wins for malicious actors.
The second part of the security review process consists of remediation steps to manage the risk of cross-tenant vulnerabilities and improve isolation as necessary. These include reducing interface complexity, enhancing tenant separation, and increasing interface duplication — all while accounting for operational context such as budget constraints, compliance requirements, and expected use-case characteristics of the service.