Threatening clouds: How can enterprises shield their public cloud information?

There’s no finish to the proof that as increasingly vital enterprise information and enterprise apps are hosted within the public cloud cybercriminals are doing no matter they’ll to take advantage of it. 

Whereas organizations run a median of six different tools or options to safe their public cloud environments, 96% of decision-makers nonetheless report that their organizations confronted safety incidents within the final 12 months. In response to the 2022 Thales Cloud Safety Examine, 45% of businesses have skilled a cloud-based information breach or failed audit over the previous yr. Between 2020 and 2021, ransomware-related information leaks increased 82% and interactive intrusion campaigns elevated 45%.

Hackers are ever extra aggressively going after any weaknesses and vulnerabilities — and stealing any credentials and different valuable info — that they’ll discover. 

“Cloud providers are an important a part of the digital material of the trendy enterprise,” notes a report by cybersecurity expertise firm CrowdStrike. 

Nonetheless, whereas cloud adoption brings elevated agility, scalability and price saving, it has additionally caused an adversarial shift. “Simply as organizations have realized efficiencies by way of the cloud, so too have attackers,” write the report’s authors. “Menace actors are utilizing the identical providers as their prey, and for a similar purpose: to reinforce and optimize their operations.”

Cloudy visibility

Public clouds don’t inherently impose safety threats, mentioned Gartner VP analyst Patrick Hevesi — in reality, hyperscale cloud suppliers normally have extra safety layers, individuals and processes in place than most organizations can afford in their very own data centers.

Nevertheless, the largest crimson flag for organizations when choosing a public cloud supplier is the shortage of visibility into their safety measures, he mentioned. 

Among the largest points in current reminiscence: Misconfigurations of cloud storage buckets, mentioned Hevesi. This has opened recordsdata up for information exfiltration. Some cloud suppliers have additionally had outages on account of misconfigurations of identification platforms. This has affected their cloud providers from beginning up correctly, which in flip affected tenants. 

Smaller cloud suppliers, in the meantime, have been taken offline on account of distributed denial-of-service (DDoS) assaults. That is when perpetrators make a machine or community useful resource unavailable to meant customers by disrupting providers — both short-term or long-term — of a number related to a community.

Forrester vp and principal analyst Andras Cser recognized the largest challenge as software-based configuration of public cloud platforms — AWS, Google Cloud Platform, Microsoft Azure — that don’t have correct identity and access management in place. 

“These configuration artifacts are simple to switch and keep below the radar,” mentioned Cser. 

Insecure configuration of storage cases — world writable, unencrypted, as an example — additionally supplies a menace floor to attackers. He’s seeing threats round container community site visitors, as effectively, he mentioned. 

A number of areas of assault

The CrowdStrike report additionally recognized these widespread cloud assault vectors: 

• Cloud vulnerability exploitation (arbitrary code execution, Accellion File Switch Equipment, VMware). 
• Credential theft (Microsoft Workplace 365, Okta, cloud-hosted electronic mail or file-hosting providers). 
• Cloud service supplier abuse (significantly with MSPs, or managed service suppliers). 
• Use of cloud providers for malware internet hosting and C2. 
• Exploitation of misconfigured picture containers (Docker containers, Kubernetes clusters). 

In response to the report, CrowdStrike additionally continues to see adversary exercise in terms of: 

• Uncared for cloud infrastructure slated for retirement however nonetheless containing delicate information. These create vulnerabilities as a result of organizations are not making investments in safety controls — monitoring, detailed logging, safety structure and planning posture remediation. 
• A scarcity of outbound restrictions and workload safety in opposition to exfiltrating information. That is significantly a problem when sure cloud infrastructures are uncared for, but nonetheless comprise vital enterprise information and programs. 
• Adversaries leveraging loopholes in identification and multifactor authentication (MFA) safety methods. This happens when organizations fail: to totally deploy MFA, to disable legacy authentication protocols that don’t help MFA, and to trace and management privileges and credentials for each customers and cloud service principals. 

How can organizations shield themselves from public cloud assaults?

Finally, it comes all the way down to being strategic and diligent in choosing — and repeatedly assessing — public cloud suppliers. 

Essentially the most precious instruments, in accordance with Forrester’s Cser: 

• Cloud workload safety (CWP) or Cloud workload security (CWS): This course of secures workloads shifting throughout completely different cloud environments. Forrester’s Q1 2022 Forrester Wave report recognized high suppliers on this space as Aqua Safety, Bitdefender, Broadcom, Examine Level, CrowdStrike, Kaspersky, McAfee, Palo Alto Networks, Radware, Rapid7, Sysdig and Pattern Micro. 
• Cloud safety posture administration (CSPM): This programming software identifies misconfiguration points and compliance dangers within the cloud. It repeatedly screens cloud infrastructure to determine gaps in safety coverage enforcement. 
• Cloud native utility safety program (CNAPP), which mixes CWP and CSPM: This rising course of permits organizations to safe cloud-native purposes throughout the total utility lifecycle. It integrates and centralizes safety capabilities which can be in any other case siloed right into a single interface. 

Cloud safety ‘holy grail’

Gartner lays out a fancy, multitiered, multicomponent cloud safety construction: 

The above options can shield IaaS, PaaS and SaaS public cloud environments, mentioned Hevesi, and the above illustrates how they technically match into structure. They’re efficient particularly if the group has a number of IaaS, SaaS and PaaS cloud suppliers, because the cloud-access safety dealer (CASB) can provide safety groups “a single pane of glass” for all their platforms. 

He means that organizations additionally think about the next: 

• What certifications does a public cloud supplier have for his or her infrastructure? 
• What instruments and processes have they got in place to keep up safety and reply to incidents?
• What bodily safety have they got in place?
• How do they carry out background checks for his or her staff?
• How do they safeguard tenants and shield consumer entry to tenants and staff?

Threats happen when such examples will not be established and adopted by cloud suppliers, mentioned Hevesi. Cloud misconfiguration remains to be the largest challenge, no matter IaaS, PaaS or SaaS. 

“If a consumer with admin entry unintentionally misconfigures a setting, it might have an enormous influence on your complete cloud supplier’s infrastructure — which then impacts the shoppers,” mentioned Hevesi.

Silver lining

Consultants level to the encouraging elevated use of encryption and key administration — utilized by 59% and 52%, respectively, of respondents to the Thales survey, as an example. Zero-trust fashions are additionally on the rise — in accordance with Thales, 29% are already executing a zero-trust technique, 27% say they’re evaluating and planning one, and 23% are contemplating it. 

Organizations ought to more and more undertake cloud identification governance (CIG) and cloud infrastructure entitlements administration (CIEM) options, and carry out AI-powered monitoring and investigations, in accordance with CrowdStrike. Additionally it is vital to allow runtime protections and acquire real-time visibility. 

Defending the cloud will solely change into extra complicated as adversaries evolve and enhance makes an attempt to focus on cloud infrastructure along with apps and information, the report concludes. “Nevertheless, with a complete strategy rooted in visibility, menace intelligence and menace detection, organizations can provide themselves the perfect alternative to leverage the cloud with out sacrificing safety.”