The Cloud Security Alliance (CSA) reports focus on creating awareness of the cloud’s risks, threats, and vulnerabilities. The latest report, Top Threats to Cloud Computing: The Pandemic 11 lists 11 threats identified through a survey of over 700 industry experts carried out in the cloud industry. The threats are ranked in order of significance as per the survey.
Let’s take a dive into The Pandemic 11.
Security Issue 1: Insufficient Identity, Credential, Access, and Key Mgt, Privileged Accounts
Businesses can regulate, monitor, and safeguard access to critical assets using tools and rules with systems for managing identities, credentials, and access to resources. A few examples are tangible resources e.g. server rooms or structures, electronic data, and computer systems. It’s crucial to do regular maintenance and remain vigilant.
Risk-scoring is used by Identity and Access Management (IAM) to enhance safety posture. A clear risk assignment model, meticulous monitoring, and appropriate isolation of their behavior can all be used to cross-check IAM systems. Tracking target access frequency is also necessary for risk assessment to understand risk context.
Privileged accounts must be deactivated precisely and as soon as possible to avoid personnel access during onboarding or role changes. As a result, there is a lower chance of compromise or data exfiltration. Along with deactivated privileged accounts, roles and responsibilities must correspond to the “need to know” level.
Security Issue 2: Insecure Interfaces and APIs
Organizations are rapidly embracing the use of APIs to improve connectivity and agility. This has made it challenging for developers to manage and secure them. According to Akamai’s 2021 report, they delivered above 300 trillion API requests, which was a 53% year-over-year increase. APIs therefore must be checked for vulnerabilities caused by improper authentication, authorization, and substandard coding practices. If overlooked, these oversights can expose interfaces to malicious activities like weak or unauthenticated endpoints, excessive permissions, logical design issues, and disabled monitoring. Consequently, this could lead to compromise of data integrity through unauthorized modification of resources and data as well as interruption of services.
Security Issue 3: Misconfiguration and Inadequate Change Control
Misconfiguration of cloud resources is a leading cause of data breaches in the cloud. According to a March 2022 report, customer-managed ServiceNow ACL (Access Control List) configuration errors and excessive guest user permissions led to security problems in approximately 70% of the tested ServiceNow instances. Misconfiguration is the incorrect setup of cloud computing assets leaving them vulnerable to malicious activity. Some common examples include the use of default credentials, excessive permissions, unrestricted access to ports and services, and configuration invalidation. This may be a result of poor system knowledge and understanding of security controls and settings. Additionally, the use of multiple cloud providers may add configuration complexity with each provider having unique security controls which are daily enhanced and expanded.
Organizations should embrace technologies that continuously scan for misconfigured resources and support real-time remediation of vulnerabilities. Moreover, change management practices must reflect the dynamic nature of security challenges and business transformation ensuring proper changes are made utilizing real-time automated verification.
Security Issue 4: Lack of Cloud Security Architecture and Strategy
Cloud security architecture and strategy involve the review and selection of cloud service providers, deployment and service models, and service region availability zones. The fast-paced change, decentralization, and self-service approach to the adoption of cloud infrastructure, thwart the capacity to account for business considerations. Industry breach incidences evidently portray that inadequate planning may hamper the cyber resilience of cloud environments.
However, the presence of a cloud security architecture and strategic planning can lead to the implementation of a viable and effective cloud environment. As a result, security and compliance goals will be achieved thus alleviating the costs arising from breaches and fines.
Security Issue 5: Insecure Software Development
Cloud technologies tend to increase the complication of software. Inadvertent functionality leads to the development of exploits [1] and probably incorrect setups derive from that complexity. Risk players can use these “benefits” more effortlessly than ever, thanks to the cloud’s accessibility.
Embracing a cloud-first tactical posture enables organizations to transfer maintenance and security headaches to a cloud service provider (CSP). Developers avoid creating the infrastructure and platform layers from scratch by giving management of those layers to a CSP. Key management, storage, and security services Continuous Integration/Continuous Deployment (CI/CD) permit developers to concentrate on business logic.
Identity and access management (IAM) features will be provided by CSPs, providing developers with tools for reviewing applications and advice on how to implement them correctly. This frees up resources for other important business needs by eliminating the requirement for businesses to construct services themselves.
Educating developers is necessary to know the company’s assumptions regarding shared duties with the CSP is necessary. For instance, if a company is using its CSP’s Kubernetes solutions and a 0-day exploit for Kubernetes has been disclosed, the CSP is in charge of mitigating the problem. It would be the developer’s obligation to correct a business error in a web application built with cloud-native technology. The corporation is impacted by the subsequent information leaks in either scenario.
Software security is never intentionally compromised by developers. Nevertheless, significant software suppliers offer monthly patches to repair flaws that could jeopardize a system’s confidentiality, integrity, or availability. Although not every software fault has security ramifications, history has shown that even peculiar oddities can develop into serious risks [2]. By embracing cloud technologies, businesses may narrow their attention to what makes them unique while leaving the CSP in charge of any potentially commoditized items.
Security Issue 6: Unsecure Third-Party Resources
A product or service is the culmination of all the other products and services it uses. A third-party resource could imply various things in a world where cloud computing adoption is steadily growing: from SaaS products to APIs to open source code and to managed services offered by cloud vendors. An attacker, therefore, needs only to look for the weakest link to get an entry point. In fact, two-thirds of breaches occur as a result of supplier or third-party vulnerabilities, according to research from Colorado State University.
Preventing vulnerabilities in products or code you didn’t create is impossible. However, you can make an informed decision on which products to use. Get products with compliance certifications and are supported by the manufacturer. In addition, identify and track third-party services you are using like Saas, cloud providers, and open-source resources.
Security Issue 7: System Vulnerabilities
Cloud service platforms have vulnerabilities that when exploited compromise the integrity, confidentiality, and availability of data.
The four main categories of system vulnerabilities include:
- Zero-Day Vulnerability is one that is newly discovered and has not yet been discovered. A significant instance of a major zero-day vulnerability that affected services employing the widely used Java-based Log4j logging capability is the recently discovered Log4Shell.
- Missing security patches: Mostly when vulnerabilities are discovered, patches are released. However, not all vulnerabilities have been patched and this poses a major security risk if exploited by attackers.
- Configuration-based vulnerabilities arise when systems are misconfigured. This could be a result of unrestricted access to ports and services, and excessive privileges, among others.
- Weak or default credentials: Insecure authentication credentials make it easy for potential attackers to access system resources. In a similar vein, poorly saved passwords could be stolen and exploited to access systems.
A company’s business activities are disrupted, and financial and customer losses are incurred when a data breach occurs. System vulnerability-related security risks can be significantly reduced by following strict IAM procedures along with routine vulnerability detection and patch deployment.
Security Issue 8: Accidental Cloud Data Disclosure
With the diversity of teams and business activities happening on the cloud, security control governance often is hardly achieved. Increasing configuration needs for cloud resources in the different cloud platforms being utilized often lead to misconfigurations. This leads to unintentional data leaks. The 2022 Cloud Security Threats report indicates that over 55% of companies have at least one database that is currently publicly exposed to the internet. These databases may have critical information about customers, employees, products, and more. Many have weak authentication and authorization controls making them loose targets for attackers.
To mitigate these vulnerabilities, it is important to deploy tools like firewalls and load balancers that have full visibility of your cloud network to expose any vulnerabilities. In addition, the implementation of least privilege IAM policies will help reduce access exposure.
Security Issue 9: Misconfiguration and Exploitation of Serverless and Container Workloads
IT teams are now more equipped than ever to offer value to the business quickly, thanks to the adoption of DevOps principles and the shift to cloud infrastructure. Running and growing the structure and safety controls required to execute applications remains a substantial load to the development side.
Legacy infrastructure staff to maintain on-premises installations must acquire novel skills such as Infrastructure as Code and cloud security.
The serverless responsibility paradigm produces an environment that is richer in complexity. In a Netskope study, 60% of IAM policies possessed the AWS AdministratorAccess role, while 4% of the IAM policies studied had full administrative access [1]. Vulnerabilities may be numerous if the permissions are given to an AWS serverless Lambda function that was accessible to the general public. Access to cloud environments, sensitive data spillage, and AWS account takeovers are possibilities.
The network and security controls that underpin their apps must be handled more by the same teams. Serverless and cloud-native containerized workloads may appear to be a panacea for this issue as they shift responsibilities to the cloud service provider (CSP). However, moving virtual machines to the cloud necessitates a greater cloud and application security maturity.
The visibility of conventional security tooling is hampered by the absence of control over the infrastructure, which consequently restricts alternatives for resolving application security vulnerabilities. To decrease the blast radius of an attack, it is necessary to develop strong organizational standards around cloud hygiene, application security, observability, access control, and secret management.
Security Issue 10: Organized Crime, Hackers & APT
Advanced persistent threats (APTs) are attack campaigns where an attacker gains unauthorized access to a system or network and maintains access for a longer period, mining data undetected.
APTs have cultured tactics, techniques, and protocols that help them remain undetectable by traditional security controls.
On the other hand, threat intelligence communities study APTs and educate organizations about their behavior. This helps organizations to protect themselves by conducting red teaming activities to simulate the APTs’ behavior which improves their cyber threats detection abilities.
Security Issue 11: Cloud Storage Data Exfiltration
Exfiltration of data from cloud storage occurs when critical, protected, or confidential data is compromised. These details could be made public, seen, taken, or utilized by someone not affiliated with the organization. A targeted attack’s main goal could be data exfiltration, which could be the result of an exploited flaw or configuration error, a weakness in an application, or inadequate security procedures. Information targeted for exfiltration includes personally identifiable information(PII), personal health information(PHI), and intellectual property that was not intended for public release.
In cases of data exfiltration, victims are frequently unaware that their data has been lost. If the attackers intend to use ransomware or other methods of direct financial gain, they may inform the target organization. However, there are also instances where the fact that data was exfiltrated is unknown or discovered much later, rendering any mitigations pointless.
Use of CSPs’ best practices, monitoring, and detection capabilities to identify and mitigate threats to curb data exfiltration. Also, carrying out awareness training on cloud storage for employees will reduce the chances of data breaches
Conclusion
The continuous adoption of cloud services requires deployment of realtime security controls and measures to mitigate the threats dragged along. Routine monitoring of the network and activities in the cloud environment will not only expose existing vulnerabilities but also reduce the turnaround time for detection of data breaches. Creation of awareness to organizations by CSA about the existing and potential threats likely to face them will assist them in making informed decisions to build a cyber attack resilient cloud environment.
In other cloud security news, Can Microsoft’s Cloud Computing Continue to Deliver Growth?