According to SC Media, cloud environments, including SaaS tools, can be easily compromised by threat actors due to the defense challenges imposed by the shared responsibility model, as well as the lack of end-to-end customer visibility and control.
While breaching secured physical networks with well-defined perimeters and numerous defensive tools requires extensive knowledge from threat actors, this knowledge is not of much value in targeting cloud systems due to the availability of extensive documentation and open-source hacking tools, Mitiga researchers reported at the BSides Las Vegas security conference.
Such ease of infiltration into cloud environments should prompt organizations to secure sufficient logs from their cloud providers to achieve greater visibility, leverage security offerings from CSPs alongside their own security tools, and enhance threat hunting and teaming efforts on cloud and SaaS assets, the researchers said.
“The new perimeter in the cloud is identity,” said Roy Sherman, chief technology officer at Mitiga Airport. “It’s a cliché, but it’s true. Attackers don’t break into the system; they log in.”
