The speed and scale of cloud computing has provided companies around the globe with more flexibility, lower overhead costs and quicker time to value for a wide variety of applications. While the business value of cloud adoption is undebatable, this rapid transition can leave security teams in the dark and sensitive information exposed.

Crawl, Walk, Then Run to the Cloud

Eager organizations often rush to address pressing business needs by moving data to cloud environments, but in many cases these moves are made without the knowledge of central IT and security teams. While the business motivations are positive, unmanaged adoption of new cloud services can leave sensitive data uncontrolled and exposed. Below are some of the most common challenges associated with cloud adoption.

Shadow IT

If you’ve ever worked for a company that used a clunky, slow enterprise collaboration tool, you know how amazing solutions such as Box, Dropbox and Google Drive can be. Your employees likely feel the exact same way.

If your company uses tools that generate friction and slow down productivity, chances are high that your users have adopted shadow IT applications to avoid the frustration. When users start adopting cloud-based tools instead of company-sanctioned ones, they often access these solutions with personal login credentials. Once this happens, you lose control of your proprietary data, which can result in unnecessary security and compliance risks.

IaaS Adoption Without Expertise

When lines of business experiment with cloud services for one-off projects, they often lack the security expertise needed to ensure that projects are both operational and secure. While many security experts are familiar with the need to share security responsibilities in infrastructure-as-a-service (IaaS) environments, business teams tend to assume that everything is taken care of by the provider. As new projects spin up and leave basic security requirements unaddressed, these IaaS environments can unintentionally expose data or be hijacked by attackers for nefarious purposes, such as bitcoin mining.

Make the Unknown Known

Most security executives know that they’ve got data in the cloud, but they don’t know how much data, what types of data or what cloud it is stored in. To effectively manage risk, the first thing you need to do is make the unknown known. Then, determine effective policies to secure data and workloads in these environments and proactively monitor them for ongoing risks and threats. Let’s break these steps down further.

Bring IT Out of the Shadows

Before you can take back control of your data, you need to find out where it lives. Network traffic can provide meaningful insights into which users are using which cloud services. By looking at outbound network traffic, you can figure out what software-as-a-service (SaaS) applications and IaaS environments have been adopted and take a baseline inventory of cloud usage within your organization.

Armed with this insight, you can then make risk-based decisions about which services should be authorized as is, which should be authorized but company-managed and which should be blocked. While you’ll likely recognize most cloud services that are discovered, you may uncover some services that you’ve never heard of. Threat intelligence feeds can help you understand potential risks associated with unknown applications.

Take Back Control

Once you’ve determined which services your users are leveraging and which you want to allow, it’s time to start proactively monitoring these cloud environments for risks and threats.

A good security analytics solution should be able to monitor SaaS applications and IaaS environments to provide you with insights into misconfigurations, risks and threats. For example, you’ll want your security team to make sure that Amazon Web Services (AWS) Simple Storage Service (S3) buckets are properly configured and that identity and access management (IAM) users have the appropriate privileges.

You’ll also want to monitor the behavior of your cloud admins and developers. If their credentials are compromised, either through spear phishing or in the process of lateral movement, behavioral analytics can help your team spot breaches early so they can contain and block the attacker’s progression.

Choosing the Right Tools to Manage Cloud Environments

Cloud environments demand the same level of security oversight as on-premises ones — if not more. The fewer point solutions involved in the security monitoring, detection, investigation and response processes, the more effective your team can be.

A strong security analytics solution can help you extend your existing security operations program into cloud environments without requiring separate tools. As you start taking steps to gain visibility into your cloud environments, look for solutions that can span your entire IT environment — be it traditional on-premises, private cloud, SaaS or IaaS — and enable you to manage security across multiple systems from behind a single pane of glass. Cloud is the new IT frontier, and your security analytics vendor should be able to support you throughout each stage of the journey.

Learn more about Cloud Security & Analytics and request a demo

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…