It’s become clear for all to see that more and more businesses are accelerating their transition to the cloud. So much so that 75pc of all databases will be deployed or migrated to a cloud platform by 2022, according to a recent MariaDB study. But the move doesn’t come without risk. In fact, the cloud can be a dangerous place when left badly managed, writes David Higgins, EMEA Technical Director, CyberArk.
That’s why, every year, the Cloud Security Alliance’s (CSA) “Top Threats to Cloud Computing” study seeks to raise awareness of the key risks and vulnerabilities in the cloud. Its most recent edition, The Egregious 11, ranks the top 11 cloud threats and provides recommendations for security, compliance, risk and technology practitioners. This instalment reflects the widespread surge in cloud use and maturation of organisations’ understanding of cloud environments. However, the study suggests a continued over-reliance on cloud vendors to protect workloads. This is a troublesome trend that we also observed in our most recent Global Threat Landscape report.
The CSA recorded a decline in rankings of traditional cloud security issues under the responsibility of cloud service providers – such as denial of service, shared technology vulnerabilities and CSP data loss. Those results suggest these issues are less of a concern for organisations than in years past. The biggest threats now come from issues like misconfigurations and insufficient identity access management, where the customer is solely responsible for security. Given the CSA’s most recent study was published prior to the pandemic, these issues will only have increased following this year’s events.
As organisations use the cloud to enable remote work and accelerate digital transformation, organisations must understand where potential security risks exist to address them head on. The top five threats include:
Damaging data breaches
The average total cost of a data breach is now $3.92 million, according to IBM. This makes it unsurprising that ‘data breach’ is ranked as the number one cloud threat. Cyber-attackers are after data – particularly personal information, and data accessible via the internet is the most vulnerable asset to misconfiguration or exploitation.
As more data shifts to the cloud, protecting it effectively must always begin with the question: Who has access to this? By using tools such as privileged access management, businesses can limit accounts to the areas of the network they need. If an attack is successful in taking over an account, the attacker’s possibilities will be limited.
Misconfigurations and inadequate change control
Misconfigurations usually occur when computing assets and access are set up incorrectly. This includes granting excessive permissions or unchanged default credentials. Misconfiguration of cloud resources is a leading cause of data breaches and can result in deleted or modified resources and service interruptions. The dynamic nature of the cloud makes traditional change control approaches for proper configuration challenging.
To overcome cloud misconfiguration problems, organisations must embrace automation tools that can continuously discover unmanaged privileged accounts. This will prevent the misuse of any accounts with access to information that they shouldn’t have.
Deficient identity
The introduction of cloud brings with it a host of changes and challenges related to identity and access management (IAM), and particularly to privileged access management (PAM). This is because privileged credentials associated with human users, as well as applications and machine identities, are powerful and susceptible to compromise in cloud environments.
Once privileged credentials are obtained, attackers can gain full access to sensitive databases, or even to an organisation’s entire cloud environment. Most know this, and many recent attacks have exploited unsecured credentials, resulting in cryptojacking, data breaches, and destruction of intellectual property. Organisations must implement strict IAM controls for cloud users and identities. This must be combined with following the principle of least privilege to protect privileged access to high-value data and assets. It also notes that cloud access keys (e.g., AWS access keys, Google Cloud keys and Azure keys) must be rotated and centrally managed, while unused credentials or access privileges are removed.
Account hijacking
Using vulnerability exploitation, phishing methods or stolen credentials, attackers look for ways to access privileged accounts in the cloud. Account and service hijacking means full compromise: control of the account, its services, and the data within. The fallout from such compromises can be severe – from significant operational and business disruptions to complete elimination of assets, data, and capabilities.
Businesses must implement strong IAM and PAM controls, such as credential lifecycle and provisioning management, if they are to protect against account hijacking.
Insider threats
Malicious insiders can be employees, contractors, or other trusted third parties who use their access to negatively affect an organisation. Since insiders have legitimate access, pinpointing potential security issues can be difficult and remediating incidents can be costly.
According to the Ponemon Institute’s 2020 Cost of Insider Threats Study, the average global cost of insider threats rose by 31pc in two years to $11.45m and the frequency of incidents spiked by 47pc in the same time period. Whether it’s a privileged user abusing their level of access or inadvertently misconfiguring a cloud resource, having a PAM program in place to protect from these insider abuses is paramount.
Take care in the cloud
The cloud has fundamentally changed the notion of privilege. Now, even ordinary user credentials in the cloud and DevOps environments can hold as much power as administrator-level credentials do for other types of systems. When you add a complex and dynamic mix of machines and applications, the privilege-related attack surface grows exponentially.
Bad cloud security practices will inevitably lead to a breach or failed audit. These, in turn, will force organisations to slow the pace of development and new services. And in the digital era, that isn’t an option. Businesses must, therefore, recognise their responsibility for protecting cloud environments and prioritise the tools that are both efficient and capable. Strong privileged access controls help ensure that humans, applications and machines have only the necessary levels of access to sensitive applications and infrastructure to do their jobs and that activities occurring within the cloud environment as de-risked as possible.
