Switching software applications, storage, and even security solutions to the cloud definitely has huge advantages for today’s enterprises, such as improved IT efficiency, flexibility, scalability, and huge savings on cost and manpower. Not only have these advantages made the cloud ubiquitous to today’s enterprise IT, this unprecedented level of expansiveness has brought with it a number of security challenges. Since traditional security controls don’t fulfil cloud security controls, an organization’s vulnerabilities to cloud security threats increase manifold.
While the cloud service provider might be responsible for a few security-related SLAs, the lion’s share of security responsibilities still falls squarely on the shoulders of the enterprise’s IT function. With cloud adoption clocking double-digit growth rates year on year, it is essential that organizations are aware of the potential security challenges they face when leveraging cloud computing. Recognizing these security challenges is the first step to finding solutions for them and protecting your IT infrastructure against them.
In an on-premise setup, your in-house IT team exercises absolute control over your network infrastructure and physical hardware. But when you move to the cloud, you inevitably cede some control over security to the cloud infrastructure provider. This increases vulnerability to security threats, and the number of cloud data breaches has been growing over the years. The leading cause of data breaches was hacking, and by a large margin. This underlines the importance of securing sensitive data.
A data breach can severely damage an organization’s credibility, reputation, and finances as well:
- Loss of proprietary data and intellectual property (IP), potentially to competitors
- Erosion of brand reputation and customer trust
- Financial losses due to regulatory implications, legal and contractual liabilities
How can you safeguard yourself against data breaches?
- Research the cloud infrastructure vendor thoroughly. Check their track record of implementing security measures
- Ensure all your data is protected through encryption. This minimizes the fallout of a potential data breach
- Be prepared with a well-tested incident response plan that you can implement at short notice
Insufficient Identity, Credential, Access and Key Management
When your entire infrastructure is on the cloud, the sheer volume of devices, identities, users and accounts spread across a mix of network environments make it necessary for an overhaul of IAM (Identity and Access Management) practices. Building inventory and monitoring your infrastructure can run into issues of:
- Provisioning-deprovisioning of accounts, certificates, et al
- Properly defining user/device roles and privileges
- Overlooked user accounts bypassing IAM controls
- Unused ‘zombie accounts’ that have not been deleted
- Mushrooming of admin accounts
How can you make your IAM practices cloud-ready?
- Deploy a central key management solution. This should automate key and certificate renewal, removal of unused credentials, and revoking access privileges
- Implement two-factor authentication. This will ensure only authorized users are able to access your cloud network resources
Certain cloud accounts such as that of an IT or network administrator are critical to the operation of your cloud environment. These accounts have the highest level of privileges. If attackers gain access to these accounts, there could be disastrous consequences. The most obvious outcome is a loss of sensitive data, as discussed earlier. Attackers can also commit serious financial fraud, or cause an outage of your production environment resulting in service downtime for customers.
Sensitive accounts could be compromised as a result of phishing attacks, and weak or stolen credentials. The responsibility of implementing safety measures against account hijacking is shared between both the cloud service provider and the customer.
How can you prevent account hijacking?
- Enforce strict password complexity requirements, and eliminate weak or reused passwords
- Adopt a defense-in-depth approach with strong IAM controls
Limited Cloud Usage Visibility
Like we mentioned earlier, the sheer volume of users and devices in a cloud environment makes it difficult to inventory and monitor the entire expanse of your cloud infrastructure. You could be dealing with several blind spots where malicious activity can go undetected.
This problem of limited usage visibility can be broadly categorized into two types:
- Un-sanctioned app use: Your employees could be using cloud applications without the necessary permissions/clearance from the IT team. Running applications/services in a ‘self-support’ model is termed ‘Shadow IT’. Cloud applications and services operating in an insecure fashion paired with sensitive corporate data is a huge security threat. As many as one-third of all security attacks on companies could originate from shadow IT systems and resources.
- Sanctioned app misuse: Your organizations could lack the ability to analyze how IT-approved applications are being used by insiders, or by malicious users with stolen credentials. In such a scenario, applications are either used without the organization’s explicit permission, or by attackers who target the service through Structured Query Language (SQL) injection, Domain Name System (DNS) attacks and other methods
Limited and/or insufficient visibility into your cloud environment leads to
- A lack of awareness about which applications/services are running, and who is using them
- A lapse in governance, as undetected applications/services cannot be monitored by security protocols, and hence may not be in compliance
- A security threat, as unmonitored applications and/or unauthorized users make your cloud infrastructure vulnerable to cyber attacks, data loss and breaches
How can you improve Cloud Visibility?
- Put in place a top-down cloud visibility effort that spans across people, processes, and technologies
- Have your cloud security architect conduct a thorough risk audit, to identify and review any non-approved cloud services
- Conduct organization-wide training on acceptable cloud usage practices and security policies
- Implement a zero-trust model across your organization
- Invest in a Cloud Access Security Broker (CASB), and a web application firewall
Abuse and nefarious use of cloud services
There is an emerging trend of threat actors using seemingly legitimate cloud applications and platforms to disguise themselves and launch attacks. For example, attackers could host their malware disguised as a code repository on sites like GitHub. They could impersonate the services of a CSP (such as a PaaS or IaaS vendor) to
- Launch DDoS attacks to cause service disruptions
- Send phishing emails to steal credentials
- Carry out a brute force attack to flood network bandwidth
Your organization could be vulnerable to financial losses, data breaches, or be used as a trojan horse for launching attacks. This could invite legal troubles and regulatory liabilities. Both you and your cloud service provider (CSP) should implement measures to safeguard against the abuse of cloud services.
How can you prevent abuse of cloud services?
- Stringently monitor employees’ cloud usage for abuse
- Employ a cloud data loss prevention (DLP) solution to monitor and prevent data exfiltration
- Have mitigations in place to prevent and detect abuse such as payment instrument fraud or misuse of cloud services.
- Have an incident response framework in place to respond to misuse and allow customers to report misuse
AppViewX provides end-to-end solutions that can automate workflows for monitoring your cloud environment and implementing robust security measures, while seamlessly integrating with your existing tech stack. Talk to an expert today to know how AppViewX can be your trusted partner in your journey to the cloud.