Light Dark
November 12, 2020 By Sue Poremba 4 min read
Cloud Security

As more employees opt for remote work, organizations rely on cloud computing options for easy access to corporate data and applications. This dependence on the cloud also puts a new emphasis on cloud security.  

Yet, cloud security continues to be an afterthought for many companies. Industry leaders may be confused over who is responsible for security in public or hybrid cloud formats, but in general, the cloud service provider (CSP) is responsible for securing the cloud infrastructure and physical network. You, as a security professional at an organization, are responsible for securing all of the assets in the cloud, including data, applications, user access and supporting infrastructure. 

This confusion over accountability has led to a number of high-profile breaches and cyber incidents in recent years. While cloud security should always be a shared task, businesses need to step up efforts on their end to recognize potential cloud security threats and respond with best practices and good cybersecurity hygiene. 

Know the Challenges

Before you can put cloud security best practices in place, you have to recognize where the threats are coming from and the challenges they present. Within the cloud, one of the greatest challenges is the lack of a real perimeter. Another comes from questions about who is in charge of what aspects of cloud security. 

“Although CSPs, particularly the hyperscalers like Amazon Web Services (AWS), Microsoft and Google, provide some cloud-native security controls, they might not be enough to meet your security and compliance needs,” Luis Castro, offering manager, IBM Security Services writes. “It isn’t always clear where their security responsibilities begin and end.”

Cloud computing expands your attack surface as hackers and other threat actors are quick to exploit any open ports in a cloud system. It also obscures who has access. The CSP will need access into areas to provide security to the infrastructure, but there are weak checks and balances over who has trusted credentials on both the provider and client side. The bottom line is: the less control you have over your cloud setup, the more at risk it is. 

The Threats and Best Practices of Cloud Security

You can’t fix what you don’t know. Spotting the biggest security threats to your cloud setup is the first step. Once you know what types of challenges are threatening your cloud security, you can then take steps to mitigate risk with best practices.

Data Breaches

The challenge: A data breach is an organization’s worst nightmare. It results in the compromise or loss of customer information, intellectual property and employee’s personally identifiable information (PII), which in turn hurts the company’s reputation and can lead to financial loss. It can also mean the company will fail to comply with government or industry data privacy rules or rules set out in its contracts. 

The best practice: The best protection against data breaches is encryption. The breach may still occur, but the data won’t be compromised. Micro-segmentation of the cloud also won’t prevent a data breach, but it will limit the amount of data exposed. Regular audits and checks offer assessments of potential risks and can assess the most sensitive data first.

Cloud Leakage and Misconfigurations

The challenge: Sometimes data leaks out of the cloud and ends up exposed on the internet. This is most often due to a misconfiguration in cloud storage buckets, which is considered to be the greatest threat to cloud security and a top cause of cloud-based data breaches. The buckets are left unsecure or unencrypted. Often, after someone accesses the bucket, it is not properly configured or left open, allowing data to leak.

Best practices: Recognize that misconfigurations of storage buckets are the client’s responsibility, not the CSP’s (and this is usually written in the service level agreements). Users must learn how to configure and secure storage buckets and use unique passwords and authentication. There are also security tools available that will test for risks in storage buckets.

Logins and Trusted Accounts

The challenge: Credential theft is an increasingly popular attack method because anyone with proper credentials can gain access to the cloud environment without raising any red flags. Credentials are easy to steal, too. While some credential theft may involve keylogging malware, a drive-by threat actor could simply find a username and password written on a piece of paper. Unwanted logins with authentic credentials are difficult to detect.

Best practices: Deploy identity and access management (IAM) tools that can monitor users and look for anomalies in login behaviors. Cloud security awareness training is also useful. Employees should understand how to manage their credentials securely and not share or reuse passwords. 

Account Hijacking

The challenge: Account hijacking is a malicious takeover of cloud accounts. Threat actors tend to go after highly privileged accounts, often cloud service subscriptions. Account hijacking is often used for identity theft, too. In this case, the thief uses compromised credentials, most commonly an email, to take over the cloud account. Once hijacked, the threat actor can manipulate the data and applications in the cloud. 

Best practices: Know who has access to your cloud accounts, both within your company and with your CSP. Anyone who has access to the cloud should be required to go through a screening process, even more so if that person is using it as a third-party vendor. Back up cloud data often, and have a plan in place in case the account is hijacked. Encrypt all sensitive data stored in the cloud. Require multifactor authentication for anyone using the cloud environment. 

Insider Threat

The challenge: Sometimes your company’s worst enemy is coming from inside. The threat could be malicious, or it could be a mistake. Insider threats could be behind some of the other cloud security challenges, including data breaches, credential theft and misconfigurations. Or people could fall prey to phishing attacks and other social engineered attacks that result in data compromise. They could be moving corporate data from company clouds to shadow cloud formats on their personal devices. 

Best practices: Security awareness training will help employees recognize their own cloud security mistakes and how to identify and avoid social engineering tricks. Limit access so employees can only open applications and databases they need for work projects. Restrict access when you complete a project. Deactivate accounts and access when employees leave the company or move to different departments.

Keeping Cloud Security Best Practices In Mind 

As cloud computing becomes more common and remote workers depend on the cloud for network access, the security threats will increase and new challenges will emerge. Keeping security at the front of cloud adoption will make it easier to meet those challenges as they arise, rather than reacting to them after the damage is done.

 |  | 
Sue Poremba

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature