All of the major benefits of cloud computing – improved IT efficiency, flexibility, and scalability – come with one major challenge: security.
Cloud security threats, challenges, and vulnerabilities occur for several reasons. For one thing, many organizations cannot define where their CSP obligations end and begin as part of a shared responsibility model. This leaves gaps unsecured and vulnerabilities unaddressed. Additionally, the breadth of cloud services increases an organization's attack surface. To make matters more complicated, traditional security tools and controls may not meet your cloud security needs.
Organizations must face the following common cloud security challenges:
Data breaches. Cloud misconfigurations and insecure APIs. Limited vision. Identity, credentials, access and key management. Account hijacking attacks. Cafe attack. Internal threats. Shadow IT. Skills shortages and employment problems. compliance.
Let's take a look at each of these challenges and the steps needed to mitigate them.
1. Data breaches
Data breaches are a top cloud security concern – and for good reason. Several data breaches have been attributed to the cloud over the past years, most notably Capital One's cloud misconfigurations in 2019 that exposed customer data.
A data breach can bring a company to its knees, causing irreparable damage to its reputation, financial problems due to regulatory implications, legal liabilities, incident response cost, and reduced market value.
Steps to prevent a data breach in the cloud include:
Conduct data risk assessments. Protect data with cloud encryption. Maintain an incident response plan. Follow the principle of least privilege. Establish policies for secure data removal and disposal.
2. Misconfigurations
Cloud assets are vulnerable to attack if set up incorrectly. For example, the Capital One breach was traced to a misconfiguration of the web application firewall that exposed Amazon Simple Storage Service clusters. In addition to insecure storage, excessive permissions and the use of default credentials are two other major sources of cloud vulnerabilities. Ineffective change control can also lead to misconfigurations in the cloud.
Strategies to combat cloud misconfigurations include:
Conduct data risk assessments. Maintain an incident response plan. Monitor data accessible over the Internet. Ensure external partners adhere to change management, release and testing procedures used by internal developers. Use automated change control to support rapid changes. Conduct regular security awareness training sessions with employees, contractors and external users.
Organizations using the cloud face traditional security risks and threats unique to cloud environments.
3. Insecure APIs
The CSP user interfaces and APIs that customers use to interact with cloud services are some of the most exposed components of a cloud environment. The security of any cloud service starts with how well its user interfaces and APIs are protected – a responsibility that falls on both customers and cloud providers. Cloud service providers (CSPs) must ensure security integrity, and customers must be diligent in managing, monitoring, and using cloud services securely.
Practices for managing and fixing insecure APIs include:
Practice good API hygiene. Avoid reusing API key. Use standard and open API frameworks. Check all telecommunications service providers and cloud applications before use.
4. Limited vision
Cloud visibility has long been a concern for enterprise administrators. Limited visibility into cloud infrastructure and applications across different IaaS, PaaS, and SaaS offerings can lead to cloud proliferation, shadow IT, misconfigurations, and inadequate security coverage, which can lead to cyberattacks, data loss, and data breaches.
Multi-cloud environments have exacerbated visibility challenges as security teams struggle to find tools that effectively maintain visibility across two or more communications service providers.
Steps to improve vision and mitigate the effects of low vision include:
5. Identity, credentials, access, and key management
The majority of cloud security threats – and cybersecurity threats in general – are related to identity and access management (IAM) issues. These threats include:
Improper credential protection. Lack of automatic encryption key, password and certificate rotation. Scalability challenges in IAM. There is no Ministry of Foreign Affairs. Poor password hygiene.
Standard IAM challenges are exacerbated by the use of the cloud. Carrying out inventory, as well as tracking, monitoring and managing the huge number of cloud accounts in use, is compounded by issues of provisioning and de-provisioning, zombie accounts, hyper-managed accounts and users bypassing IAM controls, as well as challenges with defining roles and privileges.
Strategies for addressing identity security issues in the cloud include:
Use the FCO method. Extend key management best practices to the cloud. Monitor user accounts regularly. Remove unused and unnecessary credentials and access privileges. Follow password best practices.
6. Account hijacking attacks
Cloud account hijacking occurs when an employee's cloud account is taken over by an attacker. The attacker then uses the employee's cloud account to gain unauthorized access to the organization's sensitive data and systems.
Cloud account compromise can result from phishing attacks, credential stuffing attacks, attackers guessing weak passwords or using stolen credentials, incorrect coding, inadvertent exposure, or cloud misconfigurations. If successful, cloud account hijacking attacks can lead to service outages and data breaches.
Steps to prevent cloud account hijacking attacks include:
Use the FCO method. Follow the principle of least privilege. Disallow as much access as the CSP supports. Separate cloud environments whenever possible. Conduct regular user access reviews.
7. Internal threats
Insiders, including current and former employees, contractors, and partners, can cause data loss, system downtime, reduced customer trust, and data breaches.
Insider threats are divided into three categories:
Compromised Insider – For example, an employee who clicks on a phishing link and has their credentials stolen or downloads malware onto the company network. Negligent insiders – For example, an employee who loses a device containing company data or whose credentials can be stolen by an attacker. Malicious insiders – for example, an employee who steals data to commit fraud.
Insider threats in the cloud pose the same risks and fall into the same categories, although the problem is widened by the security risks inherent in remote access to the cloud and the ease with which data stored in the cloud can be accidentally shared or exposed.
Strategies for countering insider threats in the cloud include:
Holding regular security awareness training courses. Address cloud misconfigurations. Follow the principle of least privilege. Separate cloud environments whenever possible. Conduct regular access reviews. Delegate and re-validate user access controls regularly.
8. Cyber attacks
Cloud environments and cloud computing are subject to the same attacks as on-premises environments. These include DoS, DDoS, account hijacking, phishing, ransomware, and other malware attacks, as well as cloud vulnerabilities and insider threats.
Some cyberattacks are cloud-specific, such as nefarious use of cloud services. Attackers use legitimate SaaS, PaaS, and IaaS offerings, masquerading as CSPs, to attack cloud customers who assume the attacker is a legitimate source.
Cloud-specific malware is also an issue – malware that uses the cloud for command and control, as well as malware that targets cloud assets and accounts. For example, malicious cryptocurrency mining, known as cryptojacking, is an attack in which threat actors steal a victim's device resources, including energy and computing power, to verify transactions within a blockchain.
Cloud cyberattacks can lead to performance degradation, downtime, customers hosting malware without their knowledge, data loss, and more.
Steps to mitigate cloud cyberattacks include:
9. Shadow IT
Shadow IT is hardware or software used by employees that is not authorized or supported by their organization's IT team. Using Shadow IT can cause network bandwidth issues, compliance risks, and security threats, such as data loss and data breaches.
Cloud Shadow IT, specifically, is the use of unsupported cloud software, such as Google Workspace, Slack, or Netflix.
Steps to reduce the cloud IT threat include:
10. Skill shortages and employment issues
The IT industry has faced a skills gap and staff shortage for years, especially in security staff. This well-known problem is widespread when it comes to cloud expertise, and even more so when it comes to cloud security, which requires specific skills and tool sets.
The cybersecurity skills gap can be attributed to the following five main reasons:
The demand for cybersecurity talent continues to increase. The cybersecurity talent pool lacks diversity. Employers have unrealistic expectations. Employees do not keep their skills up to date. Burnout is rising, and cybersecurity experts are leaving the profession.
Understaffing and lack of skilled cloud security professionals can lead to cloud security vulnerabilities, data exposure, and data breaches.
Steps to address the skills gap and underemployment include:
11. Compliance
Achieving compliance with internal, government, and industry regulations and specifications was difficult before the ubiquitous use of the cloud. It has become more difficult since its widespread adoption.
Maintaining cloud compliance with regulations such as HIPAA, PCI DSS, and GDPR is a shared responsibility between customers and telecommunications providers. Customers must do their part to comply and also vet their CSPs to ensure they meet the requirements. Failure to comply can result in legal action, fines, business disruption, data loss, and data breach.
Steps to help ensure compliance include:
Sharon Shea is the executive editor of TechTarget Security.
