It’s that time of year again when the weather is turning cold, things are starting to get a little spooky, and National Cybersecurity Awareness Month is wrapping up. We thought this would be a good time to list our top cloud security tricks and treats. So, grab your broomsticks, light up your Jack-o’-lanterns, and come trick or treating with Orca Security!
Top 5 Cloud Security Tricks
Beware of the following bad practices that can get you into a whole lot of trouble.
#1. Overexposing Assets
In our 2022 State of Public Cloud Security Report, we found that 72% of organizations have at least one S3 Bucket that allows public READ access. This setting has been the cause of many data breaches. Even though by default an S3 bucket is always created as “private,” misconfigurations and human error can sometimes lead them to be exposed to the public.
Before you configure any cloud assets to be public facing – such as storage buckets, virtual machines, web services, and databases – Beware: Make sure you’re 100% sure that this is absolutely necessary and there is no other way.
#2. Assigning Excessive Permissions
Organizations tend to over assign privileges in an effort to avoid productivity issues. Orca discovered that 33% of organizations grant full administrative privileges to more than 10% of Identity and Access Management (IAM) roles in their cloud environment, with 10% of the organizations even granting administrative permissions to more than 40% of their roles.
It’s always best to avoid defining an IAM role with full administrative privileges, since if you do so, anyone who assumes the role will have the ability to perform any action on any resource in the account. This is not in line with the Principle of Least Privilege (PoLP) and greatly increases the attack surface.
#3. Not Patching Vulnerabilities on Exposed Servers
Although it’s true that you can’t patch all vulnerabilities, you must make sure you patch vulnerabilities on exposed servers, in particular web servers. Orca found that 36% of organizations have an unpatched web service in their cloud environment that is exposed to the Internet and therefore easily accessible by attackers. Beware that unpatched services, with known vulnerabilities and bugs, are actually the main attack vector into cloud environments.
#4. Not Encrypting Sensitive Data
Orca research found that 36% of organizations have unencrypted sensitive data such as secrets and Personal Identifiable Information (PII) on their cloud assets. Even if an attacker is able to breach the environment, encrypting sensitive data greatly reduces the likelihood that an attacker gains access to the data.
#5. Unsafe Key Storage
Nearly half of organizations have sensitive AWS keys stored on a file system inside a virtual machine. By default, sensitive AWS keys are stored on the file system. If these keys are obtained by a malicious actor, they can be used to access sensitive resources and perform unauthorized operations. Even worse, AWS keys provide indefinite access unless they are manually revoked. Therefore, it’s not surprising that sensitive AWS keys are one of the main exploits that attackers use to move laterally in the cloud environment.
Therefore it’s highly recommended that security teams use temporary credentials (generated using the Security Token Service) instead of AWS keys.
Top 5 Cloud Security Treats
Hopefully you haven’t been tricked by any of the bad practices above. Now for the opportunity of a treat: If you follow these five best practices, go ahead and treat yourself to some Halloween candy!
#1. Strong Identity and Access Management (IAM) Practices
By adhering to the principle of least privilege, maintaining good identity hygiene, and monitoring user activity, overall security in cloud environments is greatly improved. Good identity hygiene includes revoking permissions that haven’t been used for 90 days, disabling roles that are no longer used, and ensuring strong passwords and Multi-factor Authentication (MFA) on user accounts. It’s also important to enable logging on all your accounts and establish a monitoring system that will flag anomalous events and behaviors.
#2. Prioritizing Protection of Sensitive Data
The first step in your cloud security strategy should be to identify which of your cloud assets are business critical and/or contain sensitive data. These are your ‘crown jewels’ and should always be protected by the highest security standards. Any threats that endanger these assets should always be addressed above all others. By utilizing attack path analysis, security teams can understand how attackers can combine different risks in the environment to get to their eventual target – your crown jewels. Teams can then remediate strategically and effectively block the attack paths.
#3. Monitoring Cloud Activities
Even if you have a very robust cloud security posture, the reality is that a security incident can still happen. Therefore it’s very important to have active logging and monitoring in place that can automatically detect when there is possibly malicious behavior in the environment, so security teams can respond as fast as possible.
#4. Patch, Patch, and Patch Some More
Whenever possible, systems with known vulnerabilities should be patched. Since it is impossible to patch *all* vulnerabilities, it is important to understand which vulnerabilities enable dangerous attack paths and make sure those are patched first.
#5. Know What’s in Your Environment
Cloud security starts with continuous 100% asset visibility without any blind spots. In addition, security teams should be able to easily perform granular searches on cloud assets. For instance if there is a zero-day threat, organizations need to first understand their exposure before they can start to respond.
How a Cloud Security Platform Prevents Your Team from Getting Spooked
To ensure that you’re adhering to best practices and keeping your environment secure, you need the help of a cloud security platform that can detect, prioritize, and remediate all the cloud risks across every layer of your cloud estate, including vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and overly permissive identities.
Using one central platform instead of multiple, siloed point solutions, not only improves efficiency and reduces licensing costs – it also provides insight into how attackers can leverage different types of risks in your environment to form dangerous attack paths, something that can only be understood from a platform with comprehensive insights.
The Orca Cloud Security Platform is trusted by hundreds of organizations and provides complete, AI-driven cloud security that is easy to operate and brings value from day one. After a simple 30-minute deployment, Orca will start scanning and within hours show you all the risks in your cloud workloads, configurations, and identities and which ones are the most critical – all from a single platform.
While Halloween is a time of anticipation, where every doorbell ring can either bring a delightful treat or a playful trick, the choice to be secure in the cloud is ultimately yours. So, as you embark on your spooky adventure this Halloween, remember to stay safe!