What Is this Song?

Too many good music in the world you can't know it all. However, we can help you to discover more and more about it. From music lovers, for the music lovers.

Cloud security

Uncategorized

Third-party storage of your data and access via the internet each pose their own threats as well. If for some reason those services are interrupted, your access to the data may be lost. For instance, a phone network outage could mean you can’t access the cloud at an essential time. Alternatively, a power outage could affect the data center where your data is stored, possibly with permanent data loss.

Cloud Security Statistics

The driving force behind the adoption of secure cloud practices is the increasing threat from cybercriminals targeting the cloud. The ISC(2) Cloud Security Report found that 28% of enterprises experienced cloud security incidents. The UK government also reports that 32% of UK companies experienced attacks on cloud systems.

In order to understand how security breaches occur, it is instructive to see real-life examples of breaches. Here are three recent examples of security breaches that originated from cloud services, which illustrate the extent and severity of cloud system vulnerabilities.

Capital One

The following events led to the publicized breach at Capital One. First, a web application firewall (WAF) was configured incorrectly. The attacker used the misconfigured WAF to generate an access token and used the access token to fetch data from AWS storage. 700 folders and data packages containing customer information were copied to an external location.

Attackers were aware of special AWS commands and used them to perform lateral movement once they gained access. Even more concerning, the breach did not raise any alerts, and even the data transfer outside the organization’s network was carried out under the guise of normal network traffic.

Docker Hub

Docker Hub, a popular repository of container images, was compromised and 190,000 accounts were exposed, hurting container technology adopters. In a statement posted on the Docker website, the company disclosed that they discovered unauthorized access to a single central database that stores non-financial user data.

Although this vulnerability affected only 5% of Docker Hub customers, the data exposed included tokens and access keys used in the auto-build features of code repositories. This allows the attackers to bypass authentication and inject malicious code into many companies’ production pipelines, and obtain copies of proprietary code.

Autoclerk

Autoclerk, a global hotel reservation management system, had an AWS-hosted Elasticsearch database that was unsecured and exposed hundreds of thousands of bookings. The system was heavily used by military personnel, and the breach revealed sensitive information about military travel, including senior officials and deployed troops.

Security researchers from vpnMentor publicized the breach, saying that they saw publicly accessible logs of US generals traveling to Moscow, Tel Aviv, and many other destinations. They also found email addresses, phone numbers, and other sensitive personal data belonging to travelers.

Cloud Security Challenges

Cloud security challenges

Access Management

The cloud enables access to corporate data from anywhere, so companies need to make sure unauthorized parties cannot access that data. This can be achieved through a variety of strategies, including cloud-based data loss prevention (DLP) solutions, monitoring, and careful use and maintenance of identity and access management (IAM) systems.

Compliance Violations

As regulatory controls around the world become more stringent, organizations must adhere to numerous compliance standards. By migrating to the cloud, you may be in violation of your compliance obligations.

Most regulations and compliance standards require businesses to know where data is located, who can access it, and how it is managed and processed, which can all be challenging in a cloud environment. Other regulations require that cloud providers are certified for the relevant compliance standard.

Denial of Service (DoS/DDoS attacks)

For example, new types of DDoS attacks involve attackers overwhelming virtualization resources like hypervisors; hijacking virtualization management systems to create new compromised VMs, and compromising migration and backup systems to create unneeded copies of production systems.

Unsecured APIs

APIs can be used internally by company employees and externally by customers, via mobile or web applications. APIs can provide many types of data, including sensitive data that can be valuable to attackers. Because APIs are publicly available and their inner workings are well documented, they are a prime target for attackers.

What is cloud computing?

The "cloud" or, more specifically, "cloud computing" refers to the process of accessing resources, software, and databases over the Internet and outside the confines of local hardware restrictions. This technology gives organizations flexibility when scaling their operations by offloading a portion, or majority, of their infrastructure management to third-party hosting providers.

  • IaaS (Infrastructure-as-a-Service): A hybrid approach, where organizations can manage some of their data and applications on-premise while relying on cloud providers to manage servers, hardware, networking, virtualization, and storage needs.
  • PaaS (Platform-as-a-Service): Gives organizations the ability to streamline their application development and delivery by providing a custom application framework that automatically manages operating systems, software updates, storage, and supporting infrastructure in the cloud.
  • SaaS (Software-as-a-Service): Cloud-based software hosted online and typically available on a subscription basis. Third-party providers manage all potential technical issues, such as data, middleware, servers, and storage, minimizing IT resource expenditures and streamlining maintenance and support functions.

Why is cloud security important?

In modern-day enterprises, there has been a growing transition to cloud-based environments and IaaS, Paas, or SaaS computing models. The dynamic nature of infrastructure management, especially in scaling applications and services, can bring a number of challenges to enterprises when adequately resourcing their departments. These as-a-service models give organizations the ability to offload many of the time-consuming, IT-related tasks.

As companies continue to migrate to the cloud, understanding the security requirements for keeping data safe has become critical. While third-party cloud computing providers may take on the management of this infrastructure, the responsibility of data asset security and accountability doesn’t necessarily shift along with it.

By default, most cloud providers follow best security practices and take active steps to protect the integrity of their servers. However, organizations need to make their own considerations when protecting data, applications, and workloads running on the cloud.

Security threats have become more advanced as the digital landscape continues to evolve. These threats explicitly target cloud computing providers due to an organization’s overall lack of visibility in data access and movement. Without taking active steps to improve their cloud security, organizations can face significant governance and compliance risks when managing client information, regardless of where it is stored.

Cloud security should be an important topic of discussion regardless of the size of your enterprise. Cloud infrastructure supports nearly all aspects of modern computing in all industries and across multiple verticals.

However, successful cloud adoption is dependent on putting in place adequate countermeasures to defend against modern-day cyberattacks. Regardless of whether your organization operates in a public, private, or hybrid cloud environment, cloud security solutions and best practices are a necessity when ensuring business continuity.

Enterprise Cloud Security Solutions

Since cloud computing is now used by over 90% of larger enterprises, cloud security is a vital part of corporate cyber security. Private cloud services and other more costly infrastructure may be viable for enterprise-level organizations. However, you will still have to ensure your internal IT is on top of maintaining the entire surface area of your networks.

  • Actively manage your accounts and services: If you don’t use a service or software anymore, close it down properly. Hackers can gain easy access to an entire cloud network via old, dormant accounts through unpatched vulnerabilities.
  • Multi-factor authentication (MFA): This could be biometric data such as fingerprints, or a password and separate code sent to your mobile device. It is time-consuming, but useful for your most sensitive data.
  • Evaluate the cost-benefits of hybrid cloud: Segmenting your data is far more important in enterprise use, as you will be handling much larger quantities of data. You need to make sure your data is separate from other customers’ data, whether it’s separately encrypted or logically segmented for separate storage. Hybrid cloud services can help with this.
  • Be wary of shadow IT: Educating your employees to avoid using unauthorized cloud services on your networks or for company work is essential. If sensitive data is communicated over unsecured channels, your organization may be exposed to malicious actors or legal issues.

So, whether you are an individual user, SMB user, or even Enterprise level cloud user — it is important to make sure that your network and devices are as secure as possible. This starts with having a good understanding of basic cyber security on an individual user level, as well as, ensuring that your network and all devices are protected using a robust security solution that is built for the cloud.

Resources:

https://www.imperva.com/learn/application-security/cloud-security/
https://www.ibm.com/topics/cloud-security
https://www.kaspersky.com/resource-center/definitions/what-is-cloud-security
Cloud security

Make sure you implement a cloud security solution that offers visibility of your entire ecosystem. You can then monitor and protect cloud usage across all your disparate resources, projects and regions through one single portal. This visibility will help you implement granular security policies and mitigate a wide range of risks.

Gartner 2019 Cloud Access Security Broker (CASB) Magic Quadrant

Cloud Security Statistics

The driving force behind the adoption of secure cloud practices is the increasing threat from cybercriminals targeting the cloud. The ISC(2) Cloud Security Report found that 28% of enterprises experienced cloud security incidents. The UK government also reports that 32% of UK companies experienced attacks on cloud systems.

In order to understand how security breaches occur, it is instructive to see real-life examples of breaches. Here are three recent examples of security breaches that originated from cloud services, which illustrate the extent and severity of cloud system vulnerabilities.

Capital One

The following events led to the publicized breach at Capital One. First, a web application firewall (WAF) was configured incorrectly. The attacker used the misconfigured WAF to generate an access token and used the access token to fetch data from AWS storage. 700 folders and data packages containing customer information were copied to an external location.

Attackers were aware of special AWS commands and used them to perform lateral movement once they gained access. Even more concerning, the breach did not raise any alerts, and even the data transfer outside the organization’s network was carried out under the guise of normal network traffic.

Docker Hub

Docker Hub, a popular repository of container images, was compromised and 190,000 accounts were exposed, hurting container technology adopters. In a statement posted on the Docker website, the company disclosed that they discovered unauthorized access to a single central database that stores non-financial user data.

Although this vulnerability affected only 5% of Docker Hub customers, the data exposed included tokens and access keys used in the auto-build features of code repositories. This allows the attackers to bypass authentication and inject malicious code into many companies’ production pipelines, and obtain copies of proprietary code.

Autoclerk

Autoclerk, a global hotel reservation management system, had an AWS-hosted Elasticsearch database that was unsecured and exposed hundreds of thousands of bookings. The system was heavily used by military personnel, and the breach revealed sensitive information about military travel, including senior officials and deployed troops.

Security researchers from vpnMentor publicized the breach, saying that they saw publicly accessible logs of US generals traveling to Moscow, Tel Aviv, and many other destinations. They also found email addresses, phone numbers, and other sensitive personal data belonging to travelers.

Cloud Security Challenges

Cloud security challenges

Access Management

The cloud enables access to corporate data from anywhere, so companies need to make sure unauthorized parties cannot access that data. This can be achieved through a variety of strategies, including cloud-based data loss prevention (DLP) solutions, monitoring, and careful use and maintenance of identity and access management (IAM) systems.

Compliance Violations

As regulatory controls around the world become more stringent, organizations must adhere to numerous compliance standards. By migrating to the cloud, you may be in violation of your compliance obligations.

Most regulations and compliance standards require businesses to know where data is located, who can access it, and how it is managed and processed, which can all be challenging in a cloud environment. Other regulations require that cloud providers are certified for the relevant compliance standard.

Denial of Service (DoS/DDoS attacks)

For example, new types of DDoS attacks involve attackers overwhelming virtualization resources like hypervisors; hijacking virtualization management systems to create new compromised VMs, and compromising migration and backup systems to create unneeded copies of production systems.

Unsecured APIs

APIs can be used internally by company employees and externally by customers, via mobile or web applications. APIs can provide many types of data, including sensitive data that can be valuable to attackers. Because APIs are publicly available and their inner workings are well documented, they are a prime target for attackers.

How does Cloud Security Work?

Identity and Access Management

All companies should have an Identity and Access Management (IAM) system to control access to information. Your cloud provider will either integrate directly with your IAM or offer their own in-built system. An IAM combines multi-factor authentication and user access policies, helping you control who has access to your applications and data, what they can access, and what they can do to your data.

Physical Security

Physical security is another pillar of cloud security. It is a combination of measures to prevent direct access and disruption of hardware housed in your cloud provider’s datacenter. Physical security includes controlling direct access with security doors, uninterrupted power supplies, CCTV, alarms, air and particle filtration, fire protection, and more.

Threat Intelligence, Monitoring, and Prevention

Threat Intelligence, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) form the backbone of cloud security. Threat Intelligence and IDS tools deliver functionality to identify attackers who are currently targeting your systems or will be a future threat. IPS tools implement functionality to mitigate an attack and alert you to its occurrence so you can also respond.

Encryption

Using cloud technology, you are sending data to and from the cloud provider’s platform, often storing it within their infrastructure. Encryption is another layer of cloud security to protect your data assets, by encoding them when at rest and in transit. This ensures the data is near impossible to decipher without a decryption key that only you have access to.

Cloud Vulnerability and Penetration Testing

Another practice to maintain and improve cloud security is vulnerability and penetration testing. These practices involve you – or your provider – attacking your own cloud infrastructure to identify any potential weaknesses or exploits. You can then implement solutions to patch these vulnerabilities and improve your security stance.

Micro-Segmentation

Next-Generation Firewalls

Next-Generation firewalls are another piece of the cloud security puzzle. They protect your workloads using traditional firewall functionality and newer advanced features. Traditional firewall protection includes packet filtering, stateful inspection, proxying, IP blocking, domain name blocking, and port blocking.

7 Security Risks of Cloud Computing

Whether or not you’re operating in the cloud, security is a concern for all businesses. You will face risks such as denial of service, malware, SQL injection, data breaches, and data loss. All of which can significantly impact the reputation and bottom line of your business.

When you move to the cloud you introduce a new set of risks and change the nature of others. That doesn’t mean cloud computing is not secure. In fact, many cloud providers introduce access to highly sophisticated security tools and resources you couldn’t otherwise access.

1. Loss of Visibility

Most companies will access a range of cloud services through multiple devices, departments, and geographies. This kind of complexity in a cloud computing setup – without the appropriate tools in place – can cause you to lose visibility of access to your infrastructure.

2. Compliance Violations

Many of these regulations require your company to know where your data is, who has access to it, how it is processed, and how it is protected. Other regulations require that your cloud provider holds certain compliance credentials.

3. Lack of Cloud Security Strategy and Architecture

This a cloud security risk that you can easily avoid, but many don’t. In their haste to migrate systems and data to the cloud, many organizations become operational long before the security systems and strategies are in place to protect their infrastructure.

4. Insider Threats

Your trusted employees, contractors, and business partners can be some of your biggest security risks. These insider threats don’t need to have malicious intent to cause damage to your business. In fact, the majority of insider incidents stem from a lack of training or negligence.

5. Contractual Breaches

Any contractual partnerships you have will include restrictions on how any shared data is used, how it is stored, and who is authorized to access it. Your employees unwittingly moving restricted data into a cloud service without authorization could create a breach of contract which could lead to legal action.

Make sure you read your cloud providers’ terms and conditions. Even if you have authorization to move data to the cloud, some service providers include the right to share any data uploaded into their infrastructure. Through ignorance, you could unintentionally breach a non-disclosure agreement.

6. Insecure Application User Interface (API)

7. Misconfiguration of Cloud Services

Misconfiguration of cloud services is another potential cloud security risk. With the increased range and complexity of services, this is a growing issue. Misconfiguration of cloud services can cause data to be publicly exposed, manipulated, or even deleted.

Common causes include keeping default security and access management settings for highly sensitive data. Others include mismatched access management giving unauthorized individuals access, and mangled data access where confidential data is left open without the need for authorization.

What precautions can you take to boost your cloud security?

Encrypt your data

First, make sure you send your files to a cloud services provider that encrypts your data. You want to make it as difficult as possible for hackers to get at your information. Storing your images and files with a provider that relies on encryption will give hackers pause. It’s easier for them to steal data that hasn’t been scrambled.

Perform data backups

Make sure you only work with cloud providers that back up your data. You don’t want all your information stored on just one server. If that server goes offline, you won’t be able to access your data. You might also consider backing up your most sensitive information in your own external hard drives even if you are saving it in the cloud. This will provide you with an extra layer of protection should something happen with your cloud provider.

Enable two-factor authentication

You can make life more difficult for hackers by enabling two-factor authentication. As the name suggests, two-factor authentication requires you to provide two pieces of information when logging onto a site.

Say you are logging onto your bank’s online site. First, you provide your username and password, as usual. Then you wait for your bank to send a code to your email address or phone. You then enter this code online to access your accounts. This extra step makes it more difficult for hackers to get at your emails, personal information or financial information.

Resources:

https://www.imperva.com/learn/application-security/cloud-security/
https://kinsta.com/blog/cloud-security/
https://us.norton.com/internetsecurity-privacy-cloud-data-security.html
Cloud security

Additionally, organizations should conduct regular security audits that include an analysis of all security vendors’ capabilities. This should confirm that they are meeting the agreed upon security terms. Access logs should also be audited to ensure only appropriate and authorized personnel are accessing sensitive data and applications in the cloud.

Top 12 Cloud Security Best Practices for 2022

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. For many organizations, the idea of storing data or running applications on infrastructure that they do not manage directly seems inherently insecure.

CloudPassage’s 2021 AWS Cloud Security Report found that misconfiguration of cloud platforms (71 percent), exfiltration of sensitive data (59 percent), and insecure APIs (54 percent) are the top cloud security threats facing cybersecurity professionals. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security.

Those concerns are certainly justified. According to IDC’s 2021 State of Cloud Security Report, 79 percent of surveyed companies reported a cloud data breach in the last 18 months. Public cloud infrastructure as a service (IaaS) may be less vulnerable than traditional data centers, but that doesn’t mean it’s without its own set of risks. Enterprises that don’t want to be part of that statistic should understand and implement cybersecurity best practices when it comes to their cloud infrastructure.

What is cloud security?

Cloud security consists of all the technologies and processes that ensure an organization’s cloud infrastructure is protected against internal and external cybersecurity threats. As more enterprises look to the cloud as the future of business, cloud security is an absolute necessity to maintain continuity. Cloud security makes sure the lights stay on so businesses can focus on driving progress.

Cloud security is constantly evolving, but a handful of best practices have remained constant for ensuring the security of cloud environments. Organizations that have existing cloud solutions in place or are looking to implement them should consider these tips and tools to ensure that sensitive applications and data don’t fall into the wrong hands.

1. Understand your shared responsibility model

In a private data center, the enterprise is solely responsible for all security issues. But in the public cloud, things are much more complicated. While the buck ultimately stops with the cloud customer, the cloud provider assumes the responsibility for some aspects of IT security. Cloud and security professionals call this a shared responsibility model.

Leading IaaS and platform as a service (PaaS) vendors like Amazon Web Services (AWS) and Microsoft Azure provide documentation to their customers so all parties understand where specific responsibilities lie according to different types of deployment. The diagram below, for example, shows that application-level controls are Microsoft’s responsibility with software as a service (SaaS) models, but it is the customer’s responsibility in IaaS deployments. For PaaS models, Microsoft and its customers share the responsibility.

Enterprises that are considering a particular cloud vendor should review its policies about shared security responsibilities and understand who is handling the various aspects of cloud security. That can help prevent miscommunication and misunderstanding. More importantly, though, clarity about responsibilities can prevent security incidents that occur as a result of a particular security need falling through the cracks.

2. Ask your cloud provider detailed security questions

In addition to clarifying shared responsibilities, organizations should ask their public cloud vendors detailed questions about the security measures and processes they have in place. It’s easy to assume that the leading vendors have security handled, but security methods and procedures can vary significantly from one vendor to the next.

3. Deploy an identity and access management solution

The fourth biggest threat to public cloud security identified in CloudPassage’s report is unauthorized access (and growing – 53 percent, up from 42 percent in 2020). While hackers’ methods of gaining access to sensitive data are becoming more sophisticated with each new attack, a high-quality identity and access management (IAM) solution can help mitigate these threats.

Experts recommend that organizations look for an IAM solution that allows them to define and enforce access policies based on least privilege. These policies should also be based on role-based permission capabilities. Additionally, multi-factor authentication (MFA) can further reduce the risk of malicious actors gaining access to sensitive information, even if they manage to steal usernames and passwords.

Organizations may also want to look for an IAM solution that works in hybrid environments that include private data centers as well as cloud deployments. This can simplify authentication for end users and make it easier for security staff to ensure that they are enforcing consistent policies across all IT environments.

4. Train your staff

To prevent hackers from getting their hands on access credentials for cloud computing tools, organizations should train all workers on how to spot cybersecurity threats and how to respond to them. Comprehensive training should include basic security knowledge like how to create a strong password and identify possible social engineering attacks as well as more advanced topics like risk management.

Perhaps most importantly, cloud security training should help employees understand the inherent risk of shadow IT. At most organizations, it’s all too easy for staff to implement their own tools and systems without the knowledge or support of the IT department. Without top-to-bottom visibility of all systems that interact with the company’s data, there’s no way to take stock of all vulnerabilities. Enterprises need to explain this risk and hammer home the potential consequences for the organization.

Organizations also need to invest in specialized training for their security staff. The threat landscape shifts on a daily basis, and IT security professionals can only keep up if they are constantly learning about the newest threats and potential countermeasures.

Cloud Security Challenges

Cloud security challenges

Access Management

The cloud enables access to corporate data from anywhere, so companies need to make sure unauthorized parties cannot access that data. This can be achieved through a variety of strategies, including cloud-based data loss prevention (DLP) solutions, monitoring, and careful use and maintenance of identity and access management (IAM) systems.

Compliance Violations

As regulatory controls around the world become more stringent, organizations must adhere to numerous compliance standards. By migrating to the cloud, you may be in violation of your compliance obligations.

Most regulations and compliance standards require businesses to know where data is located, who can access it, and how it is managed and processed, which can all be challenging in a cloud environment. Other regulations require that cloud providers are certified for the relevant compliance standard.

Denial of Service (DoS/DDoS attacks)

For example, new types of DDoS attacks involve attackers overwhelming virtualization resources like hypervisors; hijacking virtualization management systems to create new compromised VMs, and compromising migration and backup systems to create unneeded copies of production systems.

Unsecured APIs

APIs can be used internally by company employees and externally by customers, via mobile or web applications. APIs can provide many types of data, including sensitive data that can be valuable to attackers. Because APIs are publicly available and their inner workings are well documented, they are a prime target for attackers.

CrowdStrike’s Cloud Security Solutions

Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon Platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

GET TO KNOW THE AUTHOR

Guilherme (Gui) Alvarenga, is a Sr. Product Marketing Manager for the Cloud Security portfolio at CrowdStrike. He has over 15 years experience driving Cloud, SaaS, Network and ML solutions for companies such as Check Point, NEC and Cisco Systems. He graduated in Advertising and Marketing at the Universidade Paulista in Brazil, and pursued his MBA at San Jose State University. He studied Applied Computing at Stanford University, and specialized in Cloud Security and Threat Hunting.

Resources:

https://www.esecurityplanet.com/cloud/cloud-security-best-practices/
https://www.imperva.com/learn/application-security/cloud-security/
https://www.crowdstrike.com/cybersecurity-101/cloud-security/

Leave a Reply

Your email address will not be published. Required fields are marked *