How Attackers are Exploiting Cloud Misunderstandings

The cloud has become a hot destination in recent years. It’s what helped launch the paradigm of digital transformation that has changed how business is conducted. It has changed the role of IT, pushing IT teams to evolve and develop new skill sets and strategies. The cloud has allowed companies to achieve greater scalability, agility, and resiliency at levels that traditional on-prem network architectures could never deliver. There are a lot of great things that the cloud offers. There are also a lot of assumptions about the cloud when it comes to cybersecurity.

Many IT managers presume that the cloud is more secure than their former on-prem environments by default while others remain wary of this new computing approach. While it is true that SMBs can gain access to enterprise security controls that were unaffordable to implement in their traditional datacenter, the cloud doesn’t take care of cybersecurity by itself. In the end, hackers do not care whether your data resides on-prem or in the cloud. The path will continue to change, but you remain the target either way.

According to an article in SC Magazine in summer of 2022, 45% of businesses reported experiencing a cloud-based data breach or failed audit in the past 12 months. In another report that year, four out of five respondents said that their organization suffered a serious cloud security incident in the twelve months prior and a majority of cloud security and engineering professionals expect cloud-based data breach risks to increase over the coming year.

These statistics are probably a surprise to many. The fact is that the cloud isn’t any more or less safe than on-prem environments. It’s just that the cybersecurity risks are different. Many businesses don’t understand these differences and these gaps of understanding will naturally turn an organization into a more attractive target for attack. Let’s look at some of the areas of confusion that many cloud customers have concerning their cloud presence.

A Misconception of the Shared Security Responsibility Model

When you migrate your digital resources, you are also entering a partnership with your cloud provider in which they are providing you with an ecosphere to host your applications, computers, data, and business services. Public clouds operate under a “shared security responsibility model” that outlines what each party is responsible for regarding cybersecurity.

The cloud provider is responsible for securing their infrastructure. However, you are responsible for securing everything that you bring into their environment. Unfortunately, that puts the bulk of the responsibility on you when it comes to securing your cloud-based applications and the underlying processes that support them. According to Gartner, 99% of cloud security failures will be the customer’s fault through 2025. Don’t expect your cloud provider to take responsibility for an incident involving your cloud application environment.

Cloud Architectures Require Different Security Strategies

Many IT professionals that are new to the cloud assume that the cloud security architecture mirrors that of their on-prem datacenter in which both ingress traffic and egress traffic must traverse through a single security gateway pipe. It’s at the gateway that traffic is blocked, allowed, analyzed, and filtered. When you launch a new container to run an application in the cloud the default security policy of your provider does lock out ingress traffic as expected. However, that’s not the case for egress traffic which is open by default. The reason for this is simple, a cloud provider doesn’t know the traffic behavior or requirements of the apps being uploaded by their customers. There are also multiple exit points for application traffic to exit from as well. All of this makes it easy for external threat actors to create backdoors within a cloud application’s environment which can be used to funnel in trojans or exfiltrate compromised data to an alternate location.

Misconfigurations

To fulfill their obligations within the shared responsibility model, customer IT teams must do a lot of manual configurations to their runtime environment when it comes to security controls, IP routing, etc. Misconfigurations are unfortunately a fact of life for enterprises as IT personnel do make mistakes. Sometimes these misconfigurations are due to a lack of system knowledge or understanding of best security practices in the cloud. Other times it may be due to fast fingering a setting. Unfortunately, the expansive scalability of the cloud magnifies the ramifications of a single misconfigured setting. For instance, more than 55% of companies have at least one database that is publicly exposed to the internet due to misconfigured routes or authentication requirements. Some of these mistakes were augmented by the rushed nature that companies took in migrating their on-prem resources to the cloud at the outset of the pandemic.

Simple Lack of Visibility

It’s hard to properly secure something if you can’t see it. Visibility is an essential element of security and it is difficult for your on-prem security to gain proper visibility into the underlying layers of your cloud-based applications. Visibility is also hampered due to the dynamic nature of cloud computing environments, the utilization of micro-services and the complexity of its multiple systems and services.

The Need to Fill Cloud Security Gaps

Securing your cloud initiatives requires considerable effort just like a traditional datacenter. That means you need to monitor your environment for suspicious behavior, cover security gaps and remediate threats in quick succession. You need the ability to discern whether a request made by an application to an external IP address is a legit function of the app, or an attempt by an attacker to create a backdoor. Because many businesses are unfamiliar with cloud security vulnerabilities, many companies are employing a security operations center (SOC) to provide the expertise they need to fill existing knowledge gaps. SOCs provide their customers with a dedicated team of highly experienced security professionals that know how to leverage security tools and interpret potential threats on a 24/7 basis. SOCs have proved so valuable in numerous cases that many insurance companies are requiring their policy holders to contract with one.

Conclusion

It seems like the mass transition to the cloud took place overnight. Yet, in this brief amount of time, businesses have become undeniably dependent on the cloud to meet their business objectives and serve their customers. Cloud computing is a new technology and most of us are still learning about its potential, as well as its vulnerabilities. Many businesses have definite knowledge gaps when it comes to cloud security, but that doesn’t have to translate into exploitable security gaps. Your cloud applications need to be monitored with the same vigilance that was necessary when they resided on prem. It is also important to have cloud security experts at your disposal to help you ensure the security of everything you migrated there. While the cloud offers substantial benefits over on-prem legacy environments, the responsibility of security in the end is still yours.

Sign Up for Updates