Uncovering the hidden truths of cloud security
Ever more organizations are embracing cloud systems and services to improve agility and enable digital collaboration. Yet failure to secure those clouds effectively has led to an explosion of malicious cyber attacks.
A hybrid, multi-cloud world requires fundamentally different strategies to traditional on-premise IT security, but many are oblivious to the growing risks they face – let alone how to mitigate them. In our report, 7 Hidden Truths of Cloud Security, our experts describe the challenges they see organizations facing – and overcoming every day. What follows is a sneak peek inside the report.
1. You can’t secure what you don’t see
The ease and convenience of spinning up virtual infrastructure or signing up to cloud services means many organizations’ cloud use has grown in a piecemeal fashion. They might use various cloud platforms and applications, often without the awareness of IT or security teams. Individual departments often purchase cloud services on a credit card. Employees frequently use their personal cloud services for work. As a result, many organizations have no way of knowing exactly what clouds they’re using or how they’re being used – let alone whether they’re securely set up.
2. Cloud misconfiguration is everywhere
Providers give you tools and controls to secure your clouds, but when you have multiple cloud accounts, workloads and suppliers, it’s almost impossible for in-house IT teams to ensure everything is configured correctly. Widespread misconfiguration makes life easy for attackers – who are increasingly breaching systems by simply walking through virtual doors left unlocked. There’s no single tool that can solve the problem. Most organizations will need to talk to expert third parties such as WithSecure to close the security gaps through solutions like MDR (Managed Detection and Response) and CSPM (Cloud Security Posture Management).
3. Cloud has changed the game for everyone
Attackers often breach systems by stealing the credentials of authorized users. Techniques for identifying such attacks are well-established for on-premise systems, but protecting clouds is trickier. Automated access is often granted to other systems and processes – and attackers are increasingly masquerading as machines to bypass traditional ID controls. Attacks at the cloud management layer are even harder to detect. There’s still minimal threat intelligence in this area, so organizations need to continually monitor cloud activity to detect anomalous behaviour that could indicate unauthorised access, using tools such as User and Entity Behavior Analytics (UEBA).
4. Endpoints must still be defended
With so many different devices accessing your cloud systems, there are a multitude of potential entry points for attackers. Yet few organizations have adequate endpoint defenses in place. Multi-factor authentication helps but isn’t 100% effective – for example, a device could be stolen during an active session. At a minimum, you need some form of Endpoint Detection and Response (EDR). For optimum protection, though, EDR will increasingly need to be integrated with an Endpoint Protection Platform (EPP) and cloud control panel logs.
5. Split defenses result in weaknesses
Today, most organizations’ IT environments comprise both on-premise and cloud systems. Rather than have a single security operations center covering the whole organization, many split them – which opens gaps in their defenses. You need to correlate what’s happening across on-premise and cloud systems in order to spot and respond to attacks effectively. Cultural change is key here. Best practise is to follow the DevOps model of devolving security responsibility to business functions, while simultaneously moving CISOs outside the IT team to ensure an holistic security posture across the organization.
6. No one knows who is responsible for data in the cloud
While cloud providers guarantee to maintain the security of their platforms, customers retain responsibility for securing cloud data. That requires full visibility – what the data is, where it comes from, who can access it and where it’s sent. Attackers often use cloud platforms to distribute malware that lets them infiltrate your internal systems, so you need to detect and block harmful content before it reaches users. Automated cloud protection systems can detect anything suspicious, but for optimum protection you should extend detection and response to endpoints as well as all cloud platforms.
7. Collaboration platforms will only become more important
The shift to remote working during the pandemic was not an anomaly, merely an acceleration of the trend towards digital transformation. As more organizations realize the benefits of cloud collaboration, so its importance grows – and with it the number of attacks. More than half of SMEs experienced a cloud-based attack in the past two years, the bulk of them via opportunistic ‘phishing’ emails. Staff security awareness training is essential to reduce your risk, but for maximum protection you should deploy an automated solution.
To learn more about how best to secure your clouds and keep attackers at bay, read the full report here.