The biggest threats facing cybersecurity always run parallel to the leading technology trends, and are designed to exploit weaknesses in popular releases, products, and applications. Now that most critical workloads are on corporate clouds rather than in local servers, attack vectors are aimed directly at the cloud, from the most basic ransomwares and SQL scripting to the most complex configuration exploits.
Protecting cloud resources is a primary goal for modern IT, and unfortunately it has become much harder since the transition to remote work. An element of randomness has been injected into central cybersecurity processes lately, as employees from more locations and more devices suddenly bring cloud access outside the traditional perimeter. In this exposed environment it’s necessary to circle the wagons, and reinforce defenses against one of the thorniest risks around: cloud jacking.
It’s true that cloud computing offers hordes of benefits to the average organization, including cut expenditures, on-demand resources, and productivity, but it’s also ripe for attack, since bulk amounts of data are stored in one place.
This is why most public cloud providers have what’s called a shared responsibility model, meaning that the vendors are responsible for protecting infrastructure, while the subscriber is responsible for protecting their own data, supervising how access occurs, handling configuration and patching and more.
What this means is that customers are ultimately accountable if they’re cloud jacked – but how would this happen? The simple goal of this nefarious idea is to sneak into and compromise the admin account for some cloud resource – such as a critical SaaS platform or other third-party hosted application.
Now that sensitive resources flow through the cloud, they have become the biggest targets for customer financial and identifying information, proprietary methodologies and algorithms, and other valuable assets.
The goal of a cloud hijacker is usually to use the resource for an unintended purpose (like cryptocurrency mining), to steal and sell corporate data, or to ransom vital systems and information back to the victim. To stop their clouds being commandeered, companies should know that the main avenue by which this occurs, is to misconfigure their cloud or internal system settings somewhere.
Misconfiguration is recognized by 68% of IT managers to be the biggest cloud threat of 2020. It is particularly dangerous because of how quietly it occurs; misconfiguration only happens when software or computing resources are set up wrong.
There is no event to track, or sudden mishap that warns of an impending breach. Gaps in configuration leave accounts wide open to malicious activity, however, and other events that might lead to anything from service interruptions to total resource deletion or theft.
Fighting misconfiguration is a matter of carefully choosing responsible and complementary cloud tools, and integrating them in a way that provides better visibility across various environments. Visibility also helps defend against other cloud threats such as code injection attacks, either directly into the underlying code or via third-party libraries, which can also be used by hijackers to spy on the network or make off with your data.
To stop misconfiguration, scripting attacks, data snooping and other ways that hackers can gain access to cloud data, organizations have to start with being deliberate with the cloud service providers they choose.
Go with providers that offer the most control and security guarantees, such as redundant internet connections, kill switches, and easy integration with your company’s ports and protocols. Security is therefore easier to deploy across all resources, and a stronger foundation for enforcement of specific tools and gaining visibility.
For companies that use legacy security solutions and try to get visibility into the cloud, it appears opaque. Users are faraway, and the finer details of their interactions with company data are hard to see.
The first step to lighting up the cloud and gaining visibility – and therefore control over granular ideas like configuration – is to adopt cloud-based security tools that are integrable across all your environments.
Start with a cloud-based firewall and a SIEM tool, for example, and then chip away at the low-hanging fruit such as authentication, and ensuring data is encrypted before going into the cloud.
For growing companies with more complex clouds, it also helps to know that solutions which unify these ideas into singular SaaS products now exist, in the form of a new concept termed SASE – or Secure Access Service Edge.
SASE is essentially a bundle of networking and security tools that help IT teams visualize their networks and manage them from a single touchpoint. Getting to this point is becoming easier, and helping to smooth what used to be a bumpy path to the cloud for many companies.