Share This Article
As a CISO, you know the list of security issues in enterprise cloud computing seems to always be growing.
When you’re tasked with keeping your organization’s cloud environment secure, it is critical to first recognize what threats are out there so you can install the necessary policies and solutions to combat them. Sometimes this task can feel overwhelming, so we’ve compiled a list of the top cloud security threats to keep an eye on in the next 12 months – so you don’t have to.
The Cybersecurity and Infrastructure Security Agency (CISA) defines insider threats as the potential that inside personnel will use their authorized access, wittingly or unwittingly, to do harm to the Department’s mission, resources, personnel, facilities, information, equipment, networks, or systems. It is easy to imagine security risks coming only from external bad actors, but in reality, they often come from within an organization. An insider threat can be anyone within the organization, such as employees, former employees, contractors or business associates — essentially anyone with inside information concerning the organization’s security practices, crown-jewel data, and environments.
There are four types of insider threats, each with their own set of goals:
- intellectual property theft,
Sometimes an insider threat is not malicious by nature, but rather a negligent employee. It’s been reported that 95% of cybersecurity breaches were made possible by human error. Insider threats, due to their unique access to an organization’s data and resources, pose a serious threat to an organization’s security. This makes them a common focus of any CISO’s risk management program.
Cloud misconfiguration can be defined as any errors, glitches or gaps in your cloud environment that can leave you exposed to risk. This cloud security risk could come in the form of data breaches, cloud breaches, insider threats or external bad actors who leverage vulnerabilities to gain access to your environment. Common misconfigurations that CISO are concerned with are:
- Unknowingly exposing unencrypted data to the public internet without any required authentication set up
- Granting public access to storage buckets
- Allowing all system users and identities access to exposed cloud-stored data
- Storing encryption passwords and keys in open repositories
Misconfigurations are a major entryway for malicious actors. According to a study we conducted, 73% of cloud security professionals have over 10 misconfiguration incidents a day.
Cloud Service Providers (CSPs) provide a number of application programming interfaces (APIs) and interfaces for their public cloud customers. In general, these interfaces are well-documented in an attempt to make them simple to use. However, this creates potential issues if a CSP customer has not properly secured the interfaces for their cloud-based infrastructure. The documentation designed for the customer can be used by a cybercriminal to identify and exploit potential methods for accessing and exfiltrating sensitive data from an organization’s cloud.
A major player being recognized in the cloud security threat landscape are identities and their entitlements. This refers to all the people and non-people identities in your environment and their extensive list of permissions. Many organizations have little visibility into the inventory of identities in their environment, or into their effective permissions. Without entitlement management, comes the dangers that excessive permissions pose. Gartner Predicts that by 2023, 75% of cloud security failures will result from inadequate management of identities, access, and privileges. That’s an increase from 2020 when the number was 50%.
Data is gold in these modern times. Oftentimes, it is exactly what malicious actors are after when they breach a cloud environment. This value is exactly why, where, and how organizations store their data is so critical. Many organizations are running blind to where their data exists, who is accessing the data, or falsely believe they know where their data is. Data ties in closely to the concept of identity in the cloud, as it is often an identity that is the ticket to accessing valuable data. This concern is why it is critical organizations seek out data security solutions that help find, define and classify all their data, mapping out who, when, how, and what can access it.
When you hear ‘identity’ it is not always intuitive to think of anything other than a person. But, the reality is today, most of the identities existing in the cloud are anything but human. Non-person identities can be anything from virtual machines to serverless functions to compute. They are anything that acts intelligently and replaces the traditional person identity. Just like person identities, NPIs pose risk as they can be exploited and serve as entry ways into cloud environments. If your NPI has excessive permissions to data, it might just be the cause of your next breach. This concern is why every organization needs a solution that can discover every NPI and alert you when they act anomalously or gain excessive permissions.
It is easy for a bad actor to gain unauthorized access to an organization’s cloud resources if organizations aren’t reviewing all identities. Improperly-configured security or compromised credentials can enable a bad actor to gain direct access, potentially without an organization’s knowledge.
One of the most well-known security concerns, and often seen in the headlines, a data breach is an all-encompassing term for when sensitive data is viewed, stolen, copied or leaked outside to external sources. Sometimes this happens unintentionally through human negligence or even simple security misconfigurations, or it can result from a malicious attack. In 2021, corporate businesses suffered 50% more cyberattacks per week than in 2020, so this is a concern that’s here to stay.
Lack of Visibility
An organization’s cloud-based resources are located outside of the corporate network and run on infrastructure that the company does not own. As a result, many traditional tools for achieving network visibility are not effective for cloud environments, and some organizations lack cloud-focused security tools. Because identities are the new perimeter, this can limit an organization’s ability to monitor their cloud-based resources and protect them.
Today, organizations are recognizing the pressing need for security solutions, but sometimes less is more. When organizations tack on tool after tool, your environment actually becomes more complex, decentralized and overwhelming. An excess of siloed tools can actually lead to incidents slipping through the cracks. A recent Forrester study found on average enterprises host 6 security tools.
Creating Solutions for Security Issues in Cloud Computing
For any CISO, the above list can be overwhelming, and it is not even entirely exhaustive – new threats emerge and evolve everyday. Visibility and insight are critical players when it comes to protecting your cloud environment, and their absence is common when things go wrong. That is why it is so important to understand all the range of cloud security threats.
Luckily, tools have been developed to help us along the way for those tasks that seem too unmanageable for organizations alone. While this list has been extensive, there are some main pillars to focus on when it comes to securing your cloud, including: Identity & permissions, data security, platforms security, and compliance.
Learn more at Sonrai Security: https://sonraisecurity.com/
Guest Contributor: Eric Kedrosky, CISO, Sonrai Security