Cloud technologies are becoming more and more popular. Many companies shifted their workloads and their IT infrastructures into the cloud. The advantages are clear: more flexibility and scalability, less admin overhead and often cost savings. But with those advantages also come many risks.
Recent studies have shown several threats cloud technologies face. As data transfers to the cloud, the risk of unwanted access to that data increases. Cloud service providers guarantee their clients that they protect the cloud infrastructure, while the client has to take care of the data and applications in the cloud. But many clients do not configure their environments properly, which makes their environments open to risks they didn’t face within their on-premises environments.
Top threats to cloud computing
The Cloud Security Alliance (CSA) recently published a white paper on the current top threats to cloud computing. The list shows that, in general, misconfigurations and a lack of proper identity and access management (IAM) are leading threats to cloud security. A lack of expertise and the rapid expansion of technology makes it difficult to keep security in mind while moving to the cloud.
The complete list is:
- Poor identity, credential, access and key management and privileged account management
- Insecure interfaces and application programming interfaces (APIs)
- Misconfiguration and inadequate change control
- Lack of cloud security architecture and strategy
- Insecure software development
- Insecure third-party resources
- System vulnerabilities
- Accidental cloud data disclosure
- Misconfiguration and exploitation of serverless and container workloads
- Organized crime, threat actors and advanced persistent threats (APT)
- Cloud storage data exfiltration.
Tips from the list
CSA points out that, even if the cloud environments have proper security in place, attackers can still aim for the low-hanging fruit. They may attack misconfigured APIs or exploit overprivileged user accounts that don’t have the right policies in place. While it is always a challenge to put a secure architecture in place, implement a secure application development process and check third-party resources for vulnerabilities, the cloud adds new risks on top of those. In addition, serverless application developments and containers are a huge part of cloud computing, which completely change the way applications have to be secured.
When it comes to cloud security budgets, things don’t look any better. Companies can’t allocate their whole security budget to cloud security. However, ISC2 recently found that 57% of companies plan to increase their cloud security budget within a year. To better address the above-mentioned threats and improve training and education for their staff, the ISC2 report found that six out of 10 IT employees would feel more confident with cloud technologies if they had adequate training to improve their skills.
Some of the latest cloud breaches involve well-known companies from the tech industry. These cases underline that even for big tech companies, the cloud can be a challenge.
Learn about IBM Security Guardium Insights
Recent attacks on tech giants
The LockBit ransomware breached IT consulting company Accenture last year. Attackers gained access to several cloud storage servers that were not configured correctly and encrypted them in order to demand a ransom. Almost 6TB of data, including 10,000 user accounts and passwords, resided on the servers.
In the same vein, attackers hit the tech giant Facebook in 2021. Millions of user records, such as account names, images and check-in data, were exposed in misconfigured publicly facing cloud storage buckets. This enabled attackers to simply download the data via the internet. Facebook resolved the issue right away, but the data was already leaked.
Another famous example was the breach of the IT solutions provider Kaseya. It suffered a massive supply chain ransomware attack that aimed to steal admin control of Kaseya’s services from managed service providers and their downstream customers. The attack damaged the company’s servers and affected users all over the world. A lack of sufficient protection in their cloud environment made it possible for attackers to exploit vulnerabilities. This attack shows the importance of a secure architecture with a robust backup strategy.
Cloud-native tools
These are just a few cases that show the huge importance of cloud security today and in the future. The cloud will only become more important and prevalent in the next few years. That means that security assessments for cloud infrastructure, posture management, proper training of security personnel and assignment of skilled consultants will be crucial.
Last, cloud service providers have cloud-native tools to protect workloads, check for vulnerabilities and manage secure configurations. AWS provides tools like GuardDuty, AWS Inspector and AWS Shield. These tools help to protect against attacks, such as distributed denial of service (DDoS) attacks, and check for vulnerabilities. In addition, tools like AWS Config help to securely configure cloud resources.
Microsoft Azure provides similar cloud-native tools like Sentinel, Azure DDoS Protection and Azure Application Gateway. These tools help to secure the cloud infrastructure, protect against threats and check for vulnerabilities. Google Cloud, IBM Cloud and Oracle provide similar tools.
Identity and access management
Besides the tools, the first line of defense is a robust identity and access management (IAM) platform and strong governance policies. AWS IAM and Azure AD are tools where IAM policies should be properly set up. These policies should include revoking user access permissions if they are no longer in use.
Further protection can be achieved with proper application security tools while building and integrating security within the application development process in an ongoing manner. Set up DevSecOps practices in every stage of development.
Don’t forget containers
Besides cloud security management, secure handling of containers within the cloud is very important. This starts with the use of secure images and the proper setup of Kubernetes or Openshift clusters. Tools like Aquasec and JFrog are very useful to check for vulnerabilities within container images, and Openshift provides tools like ACS to manage overall container security.
These tools will prevent most of the damage and mitigate many risks. In addition, a robust cloud security architecture and IAM management, as well as the prevention of single points of failure and proper encryption of sensitive data, will make your cloud environments highly secure.
When the baseline security is achieved on behalf of all the helpful tools, a strict Zero Trust security strategy should be pursued. That’s one of the several important steps in making sure the highest security of your environment is guaranteed in the long run.
Cloud Security Consultant