Cloud computing: Beware five new ways to "cyber fail"
Recent cyberattacks in cloud environments show traditional security risks still apply, but also reveal a few new threats that might not be familiar to IT staff used to having control over computing infrastructure.
Many security attacks work against both infrastructure-as-a-service (IaaS) and traditional IT infrastructure. For example, common web application attacks do not differ much in cloud environments. However, cloud computing has introduced a few new ways for organizations to “cyber fail,” which should be taken into account when deploying new cloud security solutions and procedures.
Consider the following situations that can significantly impact an organization and should be top-of-mind with security architects:
What if a cloud user’s account is breached?
In the cloud, where systems are remotely accessed and internet-facing, breach of a user’s account is far more likely than when an employee only accessed systems from a locally networked device. You might think the risk from unauthorized access to a single user account is low, but researchers have shown that access to a single account can be manipulated to create “privilege escalation and session hijack,” giving the attacker access to the underlying systems and other user accounts. Analysts say it is important to monitor cloud traffic with advanced threat detection systems to uncover suspicious behavior that can be a sign of a breach.
Worse yet—what if a cloud admin’s account is breached?
If a hacker can gain access to an admin account, they may be able to download an entire database or take a system offline and demand ransom. In some cases, security researchers have found unprotected credentials hardcoded inside applications running in the cloud, free for the taking by any hacker savvy enough to look for them. This can result from migrating applications that were not originally developed to run in the cloud and underscores the importance of pre-migration security analysis.
What if an enterprise gets locked out of its own systems?
Losing control over a system entirely wasn’t a problem when infrastructure could be physically accessed to download data, reboot, or roll-back to a previous state. System lock-out is now a popular way for hackers to extort money from companies desperate to restore business operations. Hospitals and medical centers are popular targets since patient outcomes may actually depend on immediate restoration. The threat of this happening should be a serious incentive for all enterprises to keep systems updated and continuously test security infrastructure using active threat simulations.
What if the cloud provider’s infrastructure is compromised in some way?
The largest cloud providers actively manage their own security and are probably much better prepared than most enterprises to respond to a threat. On the other hand, medium and smaller-scale cloud providers don’t have the same level of resources. And no one really knows when or where the next widespread vulnerability will be found. To protect against business disruption and loss of customer confidence, cloud users need to have a plan for restoring operations in the unlikely event their provider is compromised. This can either be achieved by working with your cloud provider or by using more than one cloud provider, to diversify your risk.
What if sensitive data is exposed, through insufficient access management or configuration mistakes?
When transactions were executed in data centers, the risk of a misconfiguration causing a critical business failure was a lot less likely. Things have changed. The increasing use of public cloud has led to many high-profile incidents where critical and sensitive information and systems have been left exposed.
In September 2017, for example, Viacom was discovered to have left a gigabyte’s worth of credentials and configuration files accessible on the public internet. Luckily, Viacom was notified of this mistake by an ambitious cyber security firm scouring the internet looking for new clients, rather than a hacker demanding ransom. The firm noted that, “Perhaps the most damaging among the exposed data are Viacom’s secret cloud keys, an exposure that, in the most damaging circumstance, could have put their cloud-based servers in the hands of hackers. Such a scenario could enable malicious actors to launch a series of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies.” Unfortunately, scenarios like this are common. The security firm, RedLock found that 53% of organizations using cloud storage services (like Amazon S3) have inadvertently exposed their data to the public.
However, none of these risks means you can’t trust the cloud. As long as you operate your clouds safely and accept your responsibility for protecting your own data and services, cloud computing will help your business achieve new levels of success. Nearly all enterprises today use cloud to run at least some part of their business. Security professionals just need to put strong security policies in place, test security systems to expose vulnerabilities, monitor network and data for suspicious behavior, and take action quickly when incidents arise.