Cloud security
As businesses increasingly migrate to cloud environments to leverage flexibility, scalability, and cost-efficiency, the need for robust cloud security measures has never been more critical. This shift presents unique challenges and vulnerabilities that require a tailored approach to security.
- 94% of enterprises use cloud services, highlighting the ubiquity of cloud computing. (Source: RightScale 2020 State of the Cloud Report)
- Cloud vulnerabilities have increased by 50% over the past year, emphasizing the growing security challenges. (Source: Skybox Security 2020 Vulnerability and Threat Trends Report)
Attackers have two avenues of attack to compromise cloud resources; accessing systems inside the enterprise network perimeter, or by compromising credentials from an administrator account that has remote administrative capabilities or has CSP administrative access.
When visibility is available in the cloud infrastructure, it is much easier to detect attacker behaviors in compromised systems and services that are clearly operating outside of expected specifications.
Differences between network security and cloud security
Cloud environments change fundamental assumptions in how to perform threat detection and response.
The highly dynamic inventory of cloud workloads means systems come and go in seconds. When system configuration errors are introduced during a build, they can be exacerbated and amplified when automation replicates the errors across many workloads. Shared responsibility with the cloud service provider (CSP) creates potential threat detection gaps in the attack lifecycle.
Everything in the cloud is moving to an API data access method, and traditional approaches to monitoring traffic flow no longer apply.
In addition to challenges in threat detection and response, the pace of innovation in the cloud leaves businesses consistently behind the curve. Increasing business competition means organizations focus more on shipping features first and outsourcing non-core capabilities business models – often at the expense of information security.
An explosion of cloud services means the concept of a perimeter is gone and using perimeter controls becomes futile. A growth of new infrastructure and deployment tooling results in new environments with new security models and attack surfaces.
The complexity of cloud security tools
The tools offered by CSPs are complex and are still new to many enterprise tenants, which leads to accidental misconfigurations. And finally, the existing shortage in security expertise becomes amplified with all the newly released features and services.
Most critically, the introduction of multiple access and management capabilities creates variability that adds significant risk to cloud deployments. It is difficult to manage, track, and audit administrative actions when those users can access cloud resources from inside or outside the corporate environment.
Without a well-thought-out privilege account management strategy that includes well-segregated roles for gaining administrative access from only approved locations, organizations are susceptible to misuse of administrative credentials and privileges.
Traditionally, accessing a server required authentication to the organization’s perimeter and monitoring could be implemented inside the private network to track administrative access. The cloud management systems are accessed from the public internet via a web interface or API. Without appropriate protection, the enterprise tenant could immediately expose the crown jewels.
Attack lifecycle in cloud security
Attackers have two avenues of attack to compromise cloud resources.
The first is through traditional means, which involves accessing systems inside the enterprise network perimeter, followed by reconnaissance and privilege escalation to an administrative account that has access to cloud resources.
The second involves bypassing all the above by simply compromising credentials from an administrator account that has remote administrative capabilities or has CSP administrative access.
This variability in administrative access models means the attack surface changes with new security threats via unregulated access to endpoints used for managing cloud services. Unmanaged devices used for developing and managing infrastructure exposes organizations to threat vectors like web browsing and email.
When the main administrative account is compromised, the attacker does not need to escalate privileges or maintain access to the enterprise network because the main administrative account can do all that and more. How does the organization ensure proper monitoring of misuse of CSP administrative privileges?
Cloud Security Best Practices
Organizations need to review how the system administration and ownership of the cloud account is handled. How many people are managing the main account?
- How are passwords and authentication performed?
- Who is reviewing the security of this important account?
- Who is at fault if there is a security problem?
The CSP or the cloud tenant organization? Initially it seems to be dependent on the problem, but some CSPs want to push that responsibility to the tenant organization.
Most importantly, how does an organization monitor for the existence and misuse of administrative credentials? It is the tenant’s responsibility to secure the administrative account.
The CSPs clearly communicate its criticality and that this is the tenant’s responsibility. CSPs strongly emphasize the implications of weak or no protection. A lack of visibility into the backend CSP management infrastructure means cloud tenant organizations need to identify misuse of CSP access within their own environments when used as a means of intrusion.
Top cloud security threats
In 2017, the Cloud Security Alliance (CSA) conducted a survey to compile professional opinions about what it believed at the time to be the most pressing security issues in cloud computing.
Of the 12 identified concerns, five were related to managing credentials and methods of compromising those credentials to gain access to cloud environments for malicious intent. Those five, in order of severity per survey results, are:
1. Insufficient identity, credential and access management
Lack of scalable identity access management systems, failure to use multifactor authentication, weak passwords, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates.
2. Insecure interfaces and APIs
From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.
3. Account hijacking
Attackers can eavesdrop on user activities and transactions, manipulate data, return falsified information and redirect your clients to illegitimate sites.
4. Malicious insiders
A current or former employee, contractor or other business partner who has or had authorized access to an organization’s network, systems or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity or availability of the organization’s information or information systems.
5. Insufficient due diligence
Not performing due diligence exposes a company to a myriad of commercial, financial, technical, legal and compliance risks that jeopardize its success.
Securing cloud environments is not optional but a critical imperative for enterprises seeking to protect their data and maintain operational resilience. Vectra AI provides cutting-edge cloud security solutions designed to meet the unique needs of modern enterprises, from threat detection and response to compliance and data protection. Contact us to learn how our expertise can help you navigate the complexities of cloud security and ensure your cloud assets are fully protected.