Threatening clouds: How can enterprises protect their public cloud data?

There’s no finish to the proof that as an increasing number of crucial enterprise information and enterprise apps are hosted within the public cloud cybercriminals are doing no matter they will to take advantage of it. 

Whereas organizations run a mean of six totally different instruments or options to safe their public cloud environments, 96% of decision-makers nonetheless report that their organizations confronted safety incidents within the final 12 months. In accordance with the 2022 Thales Cloud Safety Examine, 45% of companies have skilled a cloud-based information breach or failed audit over the previous yr. Between 2020 and 2021, ransomware-related information leaks elevated 82% and interactive intrusion campaigns elevated 45%.

Hackers are ever extra aggressively going after any weaknesses and vulnerabilities — and stealing any credentials and different treasured data — that they will discover. 

“Cloud providers are a vital a part of the digital cloth of the fashionable enterprise,” notes a report by cybersecurity expertise firm CrowdStrike. 

Nonetheless, whereas cloud adoption brings elevated agility, scalability and price saving, it has additionally led to an adversarial shift. “Simply as organizations have realized efficiencies via the cloud, so too have attackers,” write the report’s authors. “Risk actors are utilizing the identical providers as their prey, and for a similar purpose: to reinforce and optimize their operations.”

Cloudy visibility

Public clouds don’t inherently impose safety threats, mentioned Gartner VP analyst Patrick Hevesi — the truth is, hyperscale cloud suppliers normally have extra safety layers, folks and processes in place than most organizations can afford in their very own information facilities.

Nonetheless, the most important pink flag for organizations when choosing a public cloud supplier is the shortage of visibility into their safety measures, he mentioned. 

A few of the largest points in latest reminiscence: Misconfigurations of cloud storage buckets, mentioned Hevesi. This has opened information up for information exfiltration. Some cloud suppliers have additionally had outages because of misconfigurations of identification platforms. This has affected their cloud providers from beginning up correctly, which in flip affected tenants. 

Smaller cloud suppliers, in the meantime, have been taken offline because of distributed denial-of-service (DDoS) assaults. That is when perpetrators make a machine or community useful resource unavailable to meant customers by disrupting providers — both short-term or long-term — of a bunch linked to a community.

Forrester vp and principal analyst Andras Cser recognized the most important concern as software-based configuration of public cloud platforms — AWS, Google Cloud Platform, Microsoft Azure — that don’t have correct identification and entry administration in place. 

“These configuration artifacts are straightforward to change and keep below the radar,” mentioned Cser. 

Insecure configuration of storage cases — world writable, unencrypted, as an example — additionally gives a menace floor to attackers. He’s seeing threats round container community visitors, as effectively, he mentioned. 

A number of areas of assault

The CrowdStrike report additionally recognized these frequent cloud assault vectors: 

• Cloud vulnerability exploitation (arbitrary code execution, Accellion File Switch Equipment, VMware). 
• Credential theft (Microsoft Workplace 365, Okta, cloud-hosted electronic mail or file-hosting providers). 
• Cloud service supplier abuse (significantly with MSPs, or managed service suppliers). 
• Use of cloud providers for malware internet hosting and C2. 
• Exploitation of misconfigured picture containers (Docker containers, Kubernetes clusters). 

In accordance with the report, CrowdStrike additionally continues to see adversary exercise in relation to: 

• Uncared for cloud infrastructure slated for retirement however nonetheless containing delicate information. These create vulnerabilities as a result of organizations are now not making investments in safety controls — monitoring, detailed logging, safety structure and planning posture remediation. 
• A scarcity of outbound restrictions and workload safety in opposition to exfiltrating information. That is significantly a problem when sure cloud infrastructures are uncared for, but nonetheless comprise crucial enterprise information and methods. 
• Adversaries leveraging loopholes in identification and multifactor authentication (MFA) safety methods. This happens when organizations fail: to completely deploy MFA, to disable legacy authentication protocols that don’t assist MFA, and to trace and management privileges and credentials for each customers and cloud service principals. 

How can organizations shield themselves from public cloud assaults?

In the end, it comes right down to being strategic and diligent in choosing — and constantly assessing — public cloud suppliers. 

Probably the most beneficial instruments, in line with Forrester’s Cser: 

• Cloud workload safety (CWP) or Cloud workload safety (CWS): This course of secures workloads transferring throughout totally different cloud environments. Forrester’s Q1 2022 Forrester Wave report recognized high suppliers on this space as Aqua Safety, Bitdefender, Broadcom, Verify Level, CrowdStrike, Kaspersky, McAfee, Palo Alto Networks, Radware, Rapid7, Sysdig and Development Micro. 
• Cloud safety posture administration (CSPM): This programming software identifies misconfiguration points and compliance dangers within the cloud. It constantly displays cloud infrastructure to determine gaps in safety coverage enforcement. 
• Cloud native utility safety program (CNAPP), which mixes CWP and CSPM: This rising course of permits organizations to safe cloud-native functions throughout the complete utility lifecycle. It integrates and centralizes safety features which can be in any other case siloed right into a single interface. 

Cloud safety ‘holy grail’

Gartner lays out a posh, multitiered, multicomponent cloud safety construction: 

The above options can shield IaaS, PaaS and SaaS public cloud environments, mentioned Hevesi, and the above illustrates how they technically match into structure. They’re efficient particularly if the group has a number of IaaS, SaaS and PaaS cloud suppliers, because the cloud-access safety dealer (CASB) can provide safety groups “a single pane of glass” for all their platforms. 

He means that organizations additionally contemplate the next: 

• What certifications does a public cloud supplier have for his or her infrastructure? 
• What instruments and processes have they got in place to take care of safety and reply to incidents?
• What bodily safety have they got in place?
• How do they carry out background checks for his or her staff?
• How do they safeguard tenants and shield person entry to tenants and staff?

Threats happen when such examples should not established and adopted by cloud suppliers, mentioned Hevesi. Cloud misconfiguration remains to be the most important concern, no matter IaaS, PaaS or SaaS. 

“If a person with admin entry unintentionally misconfigures a setting, it might have a large impression on all the cloud supplier’s infrastructure — which then impacts the shoppers,” mentioned Hevesi.

Silver lining

Specialists level to the encouraging elevated use of encryption and key administration — utilized by 59% and 52%, respectively, of respondents to the Thales survey, as an example. Zero-trust fashions are additionally on the rise — in line with Thales, 29% are already executing a zero-trust technique, 27% say they’re evaluating and planning one, and 23% are contemplating it. 

Organizations ought to more and more undertake cloud identification governance (CIG) and cloud infrastructure entitlements administration (CIEM) options, and carry out AI-powered monitoring and investigations, in line with CrowdStrike. It’s also crucial to allow runtime protections and procure real-time visibility. 

Defending the cloud will solely turn out to be extra advanced as adversaries evolve and enhance makes an attempt to focus on cloud infrastructure along with apps and information, the report concludes. “Nonetheless, with a complete strategy rooted in visibility, menace intelligence and menace detection, organizations can provide themselves the very best alternative to leverage the cloud with out sacrificing safety.”