Misconfigurations Your Biggest Threat – Cloud Security

Recently, a major tipping point was reached in the IT world — more than half of new spending is now on cloud services over non-cloud IT. Rather than being the exception, cloud-based operations have become the rule.

There are many reasons why companies transition to the cloud. Lower costs, improved efficiencies and faster time to market are some of the primary benefits.

However, too many security teams still treat the cloud like an exception, or at least not as a primary use case. The approach remains “and cloud”, rather than “cloud and.”

Attackers know that business information security is generally behind the curve with its approach to the cloud, and they take advantage of the lack of security experience surrounding new cloud environments. This leads to ransomware, cryptocurrency mining and data exfiltration attacks targeting cloud environments, to name a few.

But what are they attacking specifically, and what can you do about it?

Misconfiguration at the User Level is the Biggest Security Risk in the Cloud

Cloud providers have built-in security measures that leave many systems administrators, IT directors and CISOs feeling content with the security of their data. Customers often think that the cloud provider is taking care of security with no additional actions needed on their part.

Misconfiguration at the User Level is the Biggest Security Risk in the Cloud

Cloud providers have built-in security measures that leave many systems administrators, IT directors and CISOs feeling content with the security of their data. Customers often think that the cloud provider is taking care of security with no additional actions needed on their part.

This way of thinking ignores the shared responsibility model for security in the cloud. While cloud providers secure the platform as a whole, companies are responsible for the security of the data hosted in those platforms. Misunderstanding the shared responsibility model leads to the primary security risk associated with the cloud: misconfiguration.

You may be thinking, ‘But what about ransomware and cryptomining and exploits?’ These and many other attack types are primarily possible when one of the three misconfigurations below are present.

You can forget about all the worst-case, overly complex attacks: Misconfigurations are the greatest risk and should be your number one concern.

How Big is the Misconfiguration Problem?

Nearly all data breaches involving cloud services have been caused by misconfigurations. Trend Micro identifies an average of 230 million misconfigurations per day.

We expect this trend will increase in 2020, as more cloud-based services and applications gain popularity with companies using a DevOps workflow. Teams are likely to misconfigure more cloud-based applications, unintentionally exposing corporate data to the internet, and to cyber-criminals.

Our prediction is that through 2025, more than 75% of successful attacks on cloud environments will be caused by missing or misconfigured security by cloud customers rather than cloud providers.

How to Protect Against Misconfiguration

The good news is that misconfigurations are easily preventable with some basic cyber hygiene and regular monitoring. You can secure your cloud data and applications today, especially knowing that attackers are already cloud-aware and delivering vulnerabilities as a service.

Here are a few best practices for securing your cloud environment:

  • Employ the principle of least privilege: Access is only given to users who need it, rather than leaving permissions open to anyone
  • Understand your part of the shared responsibility model: While cloud service providers have built-in security, the companies using their services are responsible for securing their data
  • Monitor your cloud infrastructure for misconfigured and exposed systems: Tools are available to identify misconfigurations and exposures in your cloud environments
  • Educate your DevOps teams about security: Security should be built into the DevOps process
  • Your data and applications in the cloud are only as secure as you make them. There are enough tools available today to make your cloud environment — and the majority of your IT spend — at least as secure as your non-cloud legacy systems.

Yaron Chelouche , CCISO, CDPSE

**infosecurity-magazine.com

 

Skip to content