The following article appeared in Information Security Buzz on September 4, 2023, written by Verinext’s Timothy Tidwell. Read the original article here.
Cybercriminals are capitalizing on a burgeoning opportunity, akin to a modern-day Gold Rush. With the escalating trend of enterprises migrating their data and applications to cloud environments, the potential for cloud-based cyberattacks continues to expand exponentially.
More cloud usage and increased operational complexity, in part due to multicloud use, are leading to an uptick in cloud breach events. This new frontier primarily targets SaaS applications, cloud-based storage, and cloud-hosted applications. Nearly half of the 3,000 respondents in the 2023 Thales Cloud Security Study reported a cloud data breach.
SaaS applications’ growing popularity – Thales reports a mean of 97 applications – leads to a rise in data security risk. Furthermore, as sensitive data migrates to the cloud, the burden on IT to effectively secure the systems against threat actors has become significant. These attackers are taking advantage of the expanded attack surface provided by the widespread use of SaaS applications, making it crucial for IT to manage a robust and secure defense.
Threat actors are continually advancing in their capacity to exploit cloud vulnerabilities, posing significant risks that demand attention. These prevalent risks encompass various tactics, such as phishing, malware, or weak password exploitation to steal credentials and take over user accounts. Moreover, misconfigured servers can leave customers exposed to potential security breaches. Unprotected public APIs create pathways for unauthorized access and data exfiltration. Additionally, insider threats present a genuine danger, potentially leading to data breaches. Finally, Denial-of-Service (DoS) attacks can overload the cloud environment, resulting in the disruption of legitimate access to applications. Vigilance in addressing these vulnerabilities is paramount to ensure cloud security.
Fighting back against this laundry list of risks in a more complex, multicloud environment requires stepping up a number of threat defense practices, some ‘classic’ and others tailored to the cloud:
- Elevate Multi-Cloud Operations. Achieve unified cloud management to uphold consistent security protocols across the organization’s multi-cloud setup. With the possibility of deploying a multitude of SaaS applications across various cloud platforms, relying on isolated cloud management methods becomes a security vulnerability. Collaborative efforts among IT, DevOps, and CloudOps are vital for establishing standardized policies and executing protocols seamlessly across multiple clouds and attack vectors. In the dynamic landscape of remote and hybrid work models, additional Cloud Access Security Broker (CASB) controls can be put in place to help secure diverse applications in the multi-cloud ecosystem.
- Meet the Multicloud Head On. In alignment with establishing a robust team for overseeing cloud operations, it is essential to give prominence to Federated Identity access management. It is especially crucial when dealing with multiple cloud infrastructure providers. Similar to managing numerous SaaS applications, the task of overseeing and safeguarding multiple cloud environments demands a cohesive strategy. Federated Identity access management facilitates centralized control and authorization across various cloud providers. By implementing Federated Identity protocols, businesses can streamline user authentication and authorization processes, enhancing security and simplifying user management. Furthermore, the complexity of managing security requirements across diverse cloud environments can be daunting. To address this, leveraging the services of a Managed Services Provider (MSP) emerges as a viable solution. An MSP specializes in overseeing and monitoring SaaS and public cloud providers. Entrusting the management of security, backup and recovery, as well as compliance tasks to an MSP, can alleviate the workload on IT and DevOps teams. This allows internal teams to focus on core objectives while ensuring that cloud operations remain secure and compliant under the guidance of experienced professionals.
- Remember the Basics. Most data breaches are caused by human error, like opening corrupt links or falling for social engineering. To counter this, organizations use multi-factor authentication (MFA) and privileged access controls to limit unauthorized access to cloud systems. Phishing remains a popular tactic, so continuous education on phishing threats for all users can thwart breaches. Cyber hygiene is vital. Keep up with patch management and consider Cloud Security Posture Management (CSPM). Have comprehensive backup and recovery plans for critical apps, clearly assigning responsibilities. Adhere to compliance rules for on-site storage and perform regular checks.
- Add Zero Trust. Zero trust is gaining traction as an added security control layer against unauthorized access. This principle operates on the basis of immediate distrust, necessitating authentication for every access attempt by users, accounts and machines. It works alongside privileged management by permitting users access only to pre-approved services and data once verified by the zero trust mechanism. Given the fluid movement of remote workers across locations and devices, integrating zero trust is a prudent measure to bolster cloud defense.
New Threats Ahead
While organizations improve cloud operations security, threat actors are designing their own strategies. “Encryption less” attacks are gaining favor, for example. In this scenario the attacker retrieves a large amount of data, exfiltrating it from the cloud and then the threat actor will begin ransomware demands, threatening to leak the data online if they don’t pay.
In addition, finding ways to circumvent encryption protocols is an indication of how clever threat actors can be. Old and new threats alike reinforce the need to better organize and strengthen an organization’s cloud security from all aspects: user access and authentication, posture and patch management, MFA, cloud management, SaaS security alignment and constant vigilance as ransomware and data breaches threaten businesses.