Jul 24, 2019
Cloud computing is the new normal, and cloud spending continues to grow, making it the top investment area for enterprises in 2019. Even highly regulated banks and financial institutions are moving into the cloud or hybrid environments, lured by the scalability and agility payoffs.Moving to the cloud brings with it its own unique security challenges. Cloud isn’t less secure than traditional on-prem environments, but the challenges and tools needed to secure cloud environments are very different from what was required to secure pre-cloud architectures. For one, the features of cloud computing that make it a core driver of growth, i.e. scalability, agility, availability and distributed nature, compromise visibility and make human errors more likely.
IT security teams are often left in the dark when new cloud assets are created and new environments are scaled, which means that traditional security procedures and safeguards are bypassed in many instances.
One of the main advantages of the cloud in the corporate environment is the ease of access and accessibility to enterprise assets from anywhere. But this is one of its biggest vulnerabilities too; users expect unlimited access to any asset, and often bypass security policies for convenience.
The flip side of the coin is that unmanaged authentication to corporate assets becomes a serious problem due to malicious and unintended insider abuse. Staff and administrators are uniquely positioned to cause damage or exfiltrate information, especially when they’re not even aware that their account has been compromised. Recent research has illustrated that as many as 29% of organizations are potentially compromised in the cloud. And what’s worse, a compromised account may remain undiscovered for months, years, or even not at all.
ATO attacks exploit legitimate login credentials, which makes it hard to distinguish between a legitimate user and a malicious one at the point of login.
One of the main reasons for the prevalence of ATO in the cloud is inadequate policies for security and control over the technology used in organizations, such as insufficient Identity, Credential and Access Management (ICAM) controls. To prevent ATO attacks, ICAM best practices such as enabling multi-factor authentication should be required for all cloud assets.
In the cloud, assets can be easily deployed and just as easily forgotten – POCs and ad-hoc projects are often spun up without the knowledge or involvement of security teams.
Considering the ever-growing number of cloud applications that are used throughout the entire enterprise, it’s humanly impossible for the security team to keep track. More often than not, these assets are left unmaintained, unpatched and unmonitored, and as a result are riddled with vulnerabilities, creating an easy target for an attacker.
Enterprises soon find themselves struggling to maintain visibility of their cloud assets, as each department deploys, scales and uses SaaS applications. Gaining visibility is the first, and most important step for security teams to take back control. It is therefore imperative to ensure that your team has the tools and processes in place to ensure full-visibility into all of your company’s cloud assets.
According to Gartner, “through 2022, at least 95% of cloud security failures will be the customer’s fault.”
In the cloud environment, a single typo can take down half the internet, as happened in 2017 with the S3 downtime that caused major service disruption for cloud companies throughout the world. The smallest errors can have wide-ranging consequences; it only takes one wrong configuration to leave sensitive data exposed. It seems like almost every month researchers find yet another unprotected database containing personal data lying wide open on the internet. Therefore, we suggest implementing dual authorization for critical controls, in addition to implementing visibility tools that can verify the configuration.
Shadow IT (i.e. systems built and used within organizations without organizational approval) is a huge problem in the cloud. Gartner research shows that as much as 40% of all IT spending at a company occurs outside the IT department.
Since cloud applications often do not require internal IT support to deploy, the number of applications used by employees without the explicit approval or even the knowledge of the IT department is growing. For example, file sharing apps, collaboration tools, and even enterprise-grade SaaS solutions used for line-of-business support. This is problematic, as shadow IT can bypass security procedures and protocols, and introduce potentially vulnerable or infected software into the enterprise environment. Accounting departments monitor all spending; CISOs should be aware of this and utilize the data to stay on top of shadow IT.
Vulnerabilities are always a concern, regardless of whether your environment is on-prem or in the cloud. It is clear that regular patching and updates must be an integral part of any enterprise security strategy, especially given the severity of some recent vulnerabilities.
Cloud computing businesses which house mountains of data for their clients, are an extremely lucrative target for ransomware attacks. MIT Technology Review predicts that ransomware aimed at cloud services is likely to be a new development.
To protect against ransomware and phishing, it is important to raise awareness in your organization to such attacks with regular training. In general, ransomware found in cloud services generally derive from phishing campaigns, vulnerabilities and misconfigurations, which is why it is important to have proper multi-factor authentication, visibility and patching mechanisms in place.
Much like anything else in IT, security in the cloud is an ongoing effort that needs to be maintained, reviewed, and continuously improved upon. Cloud security demands stringent procedures and policies to protect the organization against the threats discussed above. But most of all, it demands full visibility into all cloud deployments across the enterprise.
Cloud visibility is a tremendous challenge, as assets are deployed, used and abused, and often forgotten without the knowledge of the IT team.
The Orca Cloud Visibility Platform delivers in-depth, full stack visibility into the cloud, including prioritized alerts to vulnerabilities, compromises, misconfigurations, and more across your entire inventory on all your cloud accounts.