Many enterprises today have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like AWS, Azure, and GCP. And while cloud computing has streamlined many business processes, it can also create a security nightmare when mismanaged. A simple misconfiguration or human error can compromise the security of your organization’s entire cloud environment.
Whether your whole business or small portions operate in the cloud, it’s imperative to understand the cloud-specific threats facing your organization in order to find creative and impactful solutions for remediation and protection. Let’s start by walking through the top security challenges in the cloud today to gain a better understanding of this complicated and ever-evolving landscape.
Top Security Challenges in the Cloud
Top threat: Phishing
Phishing is very popular in the cloud today. It’s often deployed using PDF decoys hosted in public cloud that arrive as email attachments and claim to have legitimate content, such as an invoice, employee directory, etc. Furthermore, since the malicious pages are stored in public cloud, they fool users into thinking that they are dealing with a legitimate entity, such as Microsoft, AWS, or Google. Once received, such content is saved to cloud storage services, like Google Drive. As soon as attachments are shared, malware can propagate within an organization, leading to cloud phishing fan out. In a matter of minutes, a legitimate user’s account can be compromised and used as part of a phishing campaign, which is far harder to detect and mitigate.
Top threat: Cryptojacking
Cryptojacking occurs when a nefarious actor uses your public cloud compute resources without your authorization. Such attacks are indifferent to device type, service, or OS, making them especially dangerous. What’s more, because such attacks usually appear to be coming from legitimate users, they often go undetected for quite some time, allowing the actors to execute a number of attacks under the radar.
A deeper understanding of these threats is critical, but it doesn’t solve the problem. So, where do we go from here? Below are my recommendations on steps for combating the above risks (and others) in the cloud.
Recommendations for Better Cloud Security
Assess Your Risk Exposure
Organizations must deploy a real-time visibility and control solution for sanctioned and unsanctioned accounts to perform continuous assessment of the security posture of these accounts and to provide visibility into what is going on with your IaaS accounts. You must also track admin activity using logging services like Amazon CloudTrail and Azure Operational Insights to gather logs about everything that is going on in an environment. Additionally, consider deploying an IaaS-ready DLP solution to prevent sensitive data loss in web facing storage services, like AWS S3 and Azure Blob. And lastly, get real-time threat and malware detection and remediation for IaaS, SaaS, and Web. It’s imperative to continuously monitor and audit for IaaS security configuration to ensure compliance with standards and best practices and to make sure that the bad guys do not split in and fly under the radar.
Protect Sensitive Data from Insider Threats
While it sounds like common sense, many of today’s breaches occur when a user either intentionally or inadvertently shares sensitive information that compromises the security of an organization. To combat this, it’s important to educate all employees of the risks associated with doing business in the cloud. Warn users against opening untrusted attachments and executing files. Teach employees to verify the domains of links and identify common object store domains. Deploy real-time visibility and control solutions, as well as threat and malware detection solutions to monitor, detect, and remediate nefarious activity. And lastly, scan for sensitive content and apply cloud DLP policies to prevent unauthorized activity, especially from unsanctioned cloud apps. People are often the weakest link and proper training and education should be a priority for your business.
Follow Best Practices
Businesses should leverage compliance standards, such as NIST, CIS, and PCI, to easily benchmark risk and security. A lot of these tools will provide insights and recommendations for how to remediate various violations, but you should still understand that customization is key.
In order to thwart exposure, companies must have the capability to look at all cloud environments and perform assessments of how such resources are secured. And remember, every organization is different, and there is no one-size-fits-all approach to proper protection in the cloud. That said, by better understanding the threat landscape (whether within or outside your organization) and putting the proper tools in place, comprehensive cloud security is, indeed, possible.
About the author: Michael Koyfman is a Principal Global Solution Architect with Netskope. In his role, he advises Netskope customers on best practices around Netskope deployments and integrating Netskope solutions within customer environment by leveraging integration with customer technology ecosystem.
Source: infosec island