03 Jun Cyber Security Threats Across Your Cloud Infrastructure
Black hat hackers are increasingly using sophisticated and complex methods to penetrate organisations’ cloud infrastructures.
We often read and hear about the ‘rise of the cloud’ – In the past decade the popularity and use of the cloud has experienced incredible growth. Big technology names are investing serious funds and energy in the area with Amazon and Microsoft leading the pack (other major players include Google cloud platform, Alibaba Cloud, IBM, Dell Technologies/VMware and Cisco Systems).
Traditional security controls and approaches are generally not effective in the cloud.
The use of cloud gained a strong momentum due to a number of benefits it offers namely:
The cloud offers better insight, aids in collaboration, offers better speed, its usage is fully measurable and overall it drives higher engagement. The flip side of the cloud is that as with most other technology set-ups there are security threats that need to be addressed.
In this article we touch upon the top cloud security threats.
Misconfigurations are one of the most common threats organizations face in their cloud-based systems. It stems from inexperience, overconfidence or lack of information about matters surrounding cloud-based infrastructure. These misconfigurations expose the cloud and the data within to breaches that can have catastrophic impacts on the company’s operations.
The leading reason behind such misconfigurations is the requirement to make the cloud data accessible and shareable amongst the various stakeholders of the organisation. Having rigorous access controls and well structured authority levels is of paramount importance. DevOps personnel and systems engineers need to know where the boundary lies when it comes to vendor-provided security settings. It is common practice for basic cloud storage devices to have (out-of-the-box) client-side encryption, intrusion detection systems and basic internal firewalls.
Insecure Interfaces (APIs…)
Interfaces and integrations are the order of the day when organisations strive to achieve a consolidated centralised depot of systems, applications and data. Usually cloud service providers provide a number of APIs ready to be used. These are normally documented and easy-to-use, however this leads to security weaknesses and vulnerabilities if not properly secured. These publicly available documentation resources are easily accessible to hackers, who in turn can use these methods to infiltrate the organisation’s cloud infrastructure (and its resources!).
Most cloud-based deployments are external to the organisation’s in-house networks and therefore accessible on the Internet. The mindset needs to be different from the ‘managing on-premises infrastructure’. One has to keep an eye on ex-employees, past collaborators or former suppliers, who might have had access to the cloud in the past and still have albeit not been involved with the company any longer. On one hand it has to be considered an asset for the accessibility of the infrastructure to employees, contractors and clients but on the other it is easier for hackers to gain unauthorized access to cloud resources.
Compromised credentials or poorly configured security can pave the way for an attacker to gain access to assets such as customer data and other sensitive information (possibly without the organisation noticing). Hijacking of accounts happens mostly when the credentials used are very weak and shared carelessly. Organisations are to have policies in place and enforce rules on credentials and their change on a regular basis.
Malicious insiders, such as disgruntled employees, are a major security threat for any organisation, as the person would already have access to the company’s network, systems and data. It is tricky to detect a malicious insider, but from well-set user rules and audit trails one can analyse and notice malicious behaviour from a mile away. The cloud, in general, makes many traditional security solutions less and less effective.
Limited Cloud usage visibility
Company’s cloud-based resources are (obviously) found outside of the internal corporate network thus many traditional tools for achieving network visibility are simply not effective for the cloud and its environments. Organisations commonly lack cloud-focused security tools – this limits the ability to monitor and protect cloud-based resources.
Understanding the shared security responsibility model
Cloud Service providers (CSPs) use the shared security responsibility model, meaning that a company’s IT security team is responsible for a number of elements related to the applications, data and workloads of the cloud. A commonly-found misconception is that IT teams think that CSPs are fully responsible for the security of their cloud infrastructure, applications and data therein. Not fully understanding the shared security responsibility can lead to severe negative consequences. Keeping the CSP’s default cloud configuration is another common weakness.
Companies need to deploy software solutions that monitor the integrity and performance of cloud security and configurations, to mitigate and protect against DDOS attacks and data breaches. CSPM solutions offer organisations peace of mind as they help organisations to identify and subsequently automatically fix security issues and threats across their cloud infrastructure including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
The cloud provides a number of advantages over on-premises data centres, but it comes with its own string of threats and risks. Ensure you have: strong change control, well configured firewalls that filter incoming and outgoing traffic, well defined authority levels (backed by well maintained access rights management), workload balancing tools and fraud / malicious behaviour monitors in place. Assess your cloud security soundness today! Speak to one of our experts!