Security in Cloud: The rush towards the cloud of data and services has many companies rethinking their approach to cybersecurity.
Do they need a cloud security strategy? What’s different about a cloud security strategy? Recent studies have shed light on how security strategies are changing and, more importantly, how they must move forward.
Moving more IT infrastructure to the cloud is more secure than having it on-premises. For example, you can be confident that your system is running the latest version with the correct patches. Cloud service providers are also developing new features, such as using machine language for anomaly detection. However, this also introduces unknown risks, such as those generated by a need for more understanding about managing security in the cloud.
It’s essential to know how a company’s cloud IT strategy – a hybrid, private or public – affects its cybersecurity strategy and the tactical execution of that strategy.
Six Types Of Cloud Threats
Cross Cloud Attack
With a cross-cloud attack, a hacker can, for example, access on-premises systems and private cloud systems through a public cloud. Workloads in a public cloud that attackers take over can spread attacks to the private cloud.
Risk is minimized if the proper lateral defenses are in place. Still, when moving to public clouds, organizations often overlook that the security perimeter extends into the new environment. However, public clouds offer different security controls than on-premise defenses, and traditional security is challenging to transform. “The amount of attacks against the cloud is increasing,” says Netball.
Hackers monitor new cloud instances. “As soon as a workload exposes services publicly, they will be attacked, and defenses in public clouds will be weaker than traditional on-premise controls.” Furthermore, if an organization has different controls for its on-premise and cloud systems, it could leave loopholes that hackers exploit.
Cross-Data Center Attack
Once a hacker breaches a location in the data center, the next step is to spread it laterally. This is possible because connections between delivery points (Pods) in a data center are considered Trusted Zones. If an attacker compromises a Pod, it can spread to other connected data centers.
In a blog post, Netball advised sending all traffic through a multi-layered defense system with similar security controls at the perimeter.
In a multi-tenant environment, hackers can exploit network traffic between cloud users. Tenants may assume that the provider has secured their cloud assets, but they are responsible for implementing most of the defenses. Again, sending traffic through a multi-layered defense system with the appropriate controls in place will reduce the risk of this cloud threat, but it will require the ability to place those controls at the correct scale, where and when needed.
Virtualized and cloud-based workloads, as well as containers, can easily connect. Compromise one workload so an attacker can access others, whether a virtual desktop, virtual web server or database. It is difficult to defend against cross-workload attacks, especially if they run in the same tenant. “If you isolate all the workloads from each other, they will be safe, but they will not be able to perform the function for which they were designed,” ponders Netball. In a post, he advised that workloads with similar security requirements should be placed in a zone with appropriate controls for monitoring traffic beyond basic targeting.
Cloud orchestration lets you accomplish many vital tasks, including provisioning, deploying servers, managing storage and networking, managing identities and privileges, and creating workloads.
Hackers often perform orchestration attacks to steal account logins or private encryption keys. The attacker can perform orchestration tasks with them to gain control and access. “Once inside, [an attacker] can create additional workloads for their purposes, such as crypto mining, or remove workloads,” warns Netball. The more privilege they can steal, the more damage they can do.
The way to defend against orchestration attacks, Netball points out, is by monitoring administrator behavior. “[The orchestration threat] needs a new kind of security monitoring that is not part of traditional network security systems that look for unusual patterns of accounts behaving abnormally,” he assures.
Server Less Attacks
Server less applications allow organizations to build cloud-based functions quickly without building or extending infrastructure. Developed through so-called functions-as-a-service (FaaS), they present new opportunities for hackers and new challenges for network defenders. A new role might have access to sensitive assets such as a database.
If the privileges for this role are misconfigured, an attacker could perform various tasks through the part. This includes accessing data or creating new accounts. As with orchestration attacks, monitoring account behaviors is the best way to detect a server less attack. Still, this must be done in conjunction with network traffic inspection to be effective.