Security will be the crucial factor for the cloud platforms across Industries. Read on to know more about it…
The coronavirus lockdown has forced many organizations to turn to the cloud more quickly and fully than otherwise intended. This type of frenetic rush toward cloud-based services also can easily lead to confusion and misconfiguration, both of which make organizations greater targets for cybercriminals.
The concerns of organisations particularly in the current scenario of constant disruption. The disruptive forces could be in the form of unprecedented events like data theft, ransomware, malware, and other cyberattacks.
Survey Report
A report released by security provider IBM X-Force describes the types of threats that impact cloud security and how companies can better protect their cloud-based assets. Based on a survey of senior business and IT professionals, IBM’s “2020 Cloud Security Landscape Report” found that while the cloud can empower certain business and technology capabilities, the type of ad-hoc management of cloud resources is causing increased complexity for IT and security staffs.
As one example, the issue of security ownership is one that often creates confusion. Among the respondents, 66% said they rely on cloud providers for baseline security. A full 73% said that public cloud providers were the primary party responsible for securing software-as-a-service (SaaS). And 42% pointed to providers as the main party responsible for security cloud infrastructure-as-a-service (IaaS). While a shared security responsibility is typically the right model for cloud environments, the failure to define this process and create specific policies can easily amp up the risk of security threats.
Misconfiguration issues are another problem that can occur amid the rush to the cloud. The failure to properly configure a cloud environment and any resulting data leaks can help cybercriminals capture sensitive files and information. In 2019, cloud misconfiguration problems led to the loss of more than 1 billion records in compromised environments, according to X-Force.
Significant Threats
Cybercriminals motivated by financial gain were the most common group targeting cloud environments. However, nation states also were a pervasive threat. Attackers used cloud resources to ramp up cryptomining and DDoS campaigns and to host malicious websites and operations.
Criminals used cloud-based applications as a popular entry point for their attacks, employing such strategies as brute-forcing and exploiting vulnerabilities and misconfigurations. Certain vulnerabilities can remain hidden due to “Shadow IT,” a practice that occurs when employees sneak past IT and approved channels to use their own unauthorized apps and services.
Ransomware was used more than any other type of malware in cloud environments, followed by cryptominers and botnet malware. Outside of malware, data theft was the most common activity found in compromised cloud environments with the loss of all kinds of data from personally identifying information (PII) to client-related emails.
Mitigation
To help organizations better protect their cloud-based environments and assets, X-Force has the following recommendations
1. Establish collaborative governance and culture: Adopt a unified strategy that combines cloud and security operations across application developers, IT operations and security. Designate clear policies and responsibilities for existing cloud resources as well as for the acquisition of new cloud resources.
2. Take a risk-based view: Assess the kinds of workloads and data you plan to move to the cloud and define appropriate security policies. Start with a risk-based assessment for visibility across your environment and create a roadmap for phasing cloud adoption.
3. Apply strong access management: Leverage access management policies and tools for access to cloud resources, including multi-factor authentication, to prevent infiltration using stolen credentials. Restrict privileged accounts and set all user groups to least-required privileges to minimize damage from account compromise (zero-trust model).
4. Have the right tools: Ensure that tools for security monitoring, visibility, and response are effective across all cloud and on-premises resources. Consider shifting to open technologies and standards that allow for greater interoperability between tools.
5. Automate security processes: Implementing effective security automation in your system can improve your detection and response capabilities as opposed to relying on manual reaction to events.
6. Use proactive simulations: Rehearse for various attack scenarios. This can help identify where blind spots exist and also address any potential forensic issues that may arise during attack investigations.