Sky-high Security: Preventing Cyber-Attacks in the Cloud
There is growing evidence of attacks on cloud environments. Cloud exploitation grew 95% year-on-year in 2022, according to the 2023 CrowdStrike Global Threat Report, with the number of cases involving ‘cloud-conscious’ threat actors almost tripling in the same period.
This is perhaps unsurprising, given the growing use of cloud services in both our personal and professional lives.
Generally, cloud products and platforms are highly secure, Zeki Turedi, CrowdStrike’s EMEA CTO, claimed when speaking to Infosecurity.
“Cloud environments actually allow organisations to adopt and implement security a lot more easily and a lot more efficiently,” he argued. “It’s got a huge amount of identity and access management (IAM) controls, there’s all the necessary tools and plenty of other products can be put on top to make these environments secure.”
There is still the potential for misconfigurations or simple bad management of cloud solutions, he said. “We can’t really say that the cloud is a problem – it allows for adaptation to security capability a lot more effectively and easily than traditional architectures. But if you forget to turn it on, it won’t be enabled.”
Some of the cloud-based solutions are extremely powerful, Turedi said, which is necessary “because they need to streamline and operationalise our businesses – they need to be able to immediately scale up as we see more customer demand.” However, if that power is not configured properly, “it can simply be handing over power to a malicious actor.”
Cloud Security Issues Come in Multiple Guises
There is no single cloud security issue but a range of challenges that have emerged from the relatively quick transition to the cloud, Turedi explained. Some of the biggest issues are a misunderstanding of the differences between a traditional, on-premises environment and the way that cloud environments should be managed and maintained.
For example, it could be that an organisation has not conducted proper due diligence as they deploy to the cloud. A business may have adopted cloud in a non-traditional way, perhaps through a side project evolving over time, without security being an integral part of the journey and regarded as an afterthought.
Threat actors tend to be identity focused, essentially finding methods to obtain the various credentials they need to access cloud environments. With the keys to the cloud kingdom, threat actors can do a lot of the activities that your everyday administrator would be able to do, like creating their own credentials, building their own infrastructure and hiding it among legitimate infrastructure.
“Those are the tactics we’re seeing, and they’re very agnostic – they don’t single out a single cloud provider of private versus public, and it means that by following the same tactics, they’re able to target a variety of organisations,” Turedi said.
Today’s top cloud infrastructure cloud providers include Amazon Web Services, Google Cloud and Microsoft Azure.
Looking for more infosecurity & cybersecurity insights?
Be part of Europe’s largest information security event, Infosecurity Europe 2023 on 20-22 June, at ExCeL, London. Register for your complimentary ticket to attend the event.
Misconfigurations in the Cloud
Threat actors are becoming much more professional in cloud environments. This means that if an environment is misconfigured, adversaries are better placed to understand how they can circumvent and exploit these issues.
“We need to make sure that as we start utilising these new technologies, we are educated, understand how we supposed to be setting up these environments, to make sure we're not falling afoul,” Turedi explained.
Most vulnerabilities in the cloud come from misconfigurations, user errors and mistakes, noted Deryck Mitchelson, EMEA CISO at Check Point Software. Many of these come from a lack of secure design, he said, such as workflows or APIs that are not secured.
Speed of adoption is also an issue, accelerated by the COVID-19 pandemic when many businesses made the decision to move away from their on-premises environments.
Suresh Narvanenu, content tech lead at Hack The Box, said that organisations see many advantages in cloud-hosted infrastructure so are indeed swiftly transitioning to the services.
“However, as cloud service providers manage customer data, it may lead to certain security issues due to the lack of visibility and control,” he warned. “The most common security issues are misconfiguration of cloud storage, untracked and excessive privileges granted to employees who don’t necessarily need them, and the external sharing of data without required access controls.”
As the cloud becomes an essential element of the digital era, it has become a bigger target for cybercriminals, he said. While it is the cloud service provider’s responsibility to secure the cloud platform or the services offered, “data security is the customer’s responsibility, which is achieved by enforcing critical access controls.”
Today, many attacks occur due to poor access management, Narvanenu noted. “To lower the risks, a team should enable multi-factor authentication, schedule reviews of cloud misconfigurations and access privileges, and conduct penetration tests to identify the security gaps to help their organisations remain safe.”
Multiple Cloud Environments to Secure
Each type of cloud presents its own security considerations that must be considered. Public clouds, for example, can be prone to security problems like data breaches and unauthorised access. On the other hand, they are better at withstanding large-scale attacks.
Private clouds are often unavailable to the public and devoted to one organisation; while they increase security, there are still concerns over insider threats, data breaches and unauthorised access.
Hybrid clouds, which include public, private and on-premises data centres, are a popular choice today because they combine the benefits of different options.
However, Narvanenu warned that hybrid clouds “present a serious security concern since they contain numerous infrastructure parts.” These complications can mean even small mistakes or misconfigurations can result in data breaches or other security problems, he added, therefore “it is crucial to take the required steps to guarantee that the hybrid cloud architecture is appropriately maintained and secured.”
Finally, he pointed to community clouds, which are normally shared across multiple organisations with similar security and compliance requirements, with the idea of resource sharing and collaboration.
“However, this creates a big problem with security as it cannot offer the same level of security and customisation as private clouds. Due to various organisations using the same infrastructure and resources, there are several security concerns, including data breaches, insider threats, a lack of control, compliance difficulties, and much more,” Narvanenu said.
Despite this, he noted that there are also many security benefits of turning to the cloud over on-premise infrastructure.
“One of the main benefits is improved security measures, as cloud providers invest heavily in measures such as data encryption, identity and access management, network security, and threat detection and response,” he said. “These ensure that all data stored in the cloud is even more secure than it would have been on-premise. Automatic security updates provided by cloud providers are another advantage of cloud security.”
Enjoy this article? Make sure to share it!
Keep up to date with the latest infosecurity news and trends in our latest articles.
Receive monthly newsletters and updates about key events and news from Infosecurity Europe.
Looking for something else?