Incorrect Configuration of Cloud Services: The Risks, Solutions, & What it Means
Thora Fitzpatrick
19 March, 2021
Cyber criminals have become much better at what they do and they are finding more and more ingenious ways to steal our data and attack our systems. Now they have turned their attention to cloud services. Check out the following blog for more detail!
For those who know how, marketplaces hidden on the dark web provide access to an almost endless array of hacking tools that allow individual criminals and even international cybercrime teams to freeze accounts and hold businesses and institutions to ransom.
Thanks to the magic of the internet, the perpetrators are often in Asia, Africa, and Eastern Europe, thousands of miles away from their victims.
They are always looking for new ways to steal and extort and our enthusiasm for the simplicity and cost-effectiveness of cloud-based systems is a gift to them.
They are always looking for new ways to steal and extort and our enthusiasm for the simplicity and cost-effectiveness of cloud-based systems is a gift to them.
The cloud delivers software and services via the internet with data stored on external servers rather than locally, making data protection a critical issue. However, according to the 2021 Data Breach Investigations Report (DBIR) nine out of 10 data breaches target external cloud assets such as servers.
An Exposure Epidemic
Most of the exposures are due to misconfigurations, often due to human errors in key settings such as portals. Criminals use automated tools to scan the internet and can discover these problems within minutes.A survey of cloud engineering and security teams found that almost three quarters experience more than ten incidents a day; more than a third had over 100 and one in ten more than 500. Yet, once threats are found, it often takes administrators days to address them.
While cloud service providers have outstanding security protocols, the responsibility for data security is shared with users and administrators.
In a nutshell, providers are responsible for the security of the cloud; users and customers are responsible for security in the cloud. However, practices and processes often aren’t adequate in the face of modern cyber security challenges.
The solution was the scalable, always-on public cloud but this required new access policies and applications, user onboarding in the cloud, and remote support.
Hybrid Working Highlights the Issues
During the pandemic, home working meant that systems and networks had to be repurposed for remote workers. While the intention was to support access to emails and internal applications via encrypted virtual private networks (VPNs) very few organisations had the necessary IT infrastructure.The solution was the scalable, always-on public cloud but this required new access policies and applications, user onboarding in the cloud, and remote support.
Many IT teams were unprepared for the speed and scale of these changes, so the likelihood of misconfigurations that could lead to data breaches was high.
More importantly, hybrid working is here to stay, so organisations need to understand and control their new online environment.
New approaches will be required to confirm identities, credentials, and to manage access, including tools and policies that allow organisations to manage and monitor secure access to their resources.
With the increasing use of application programming interfaces (APIs), new authentication, access control, encryption and activity monitoring protocols must be introduced to prevent attackers using them to evade established email- and web-based protection.
More importantly, hybrid working is here to stay, so organisations need to understand and control their new online environment.
Configuring Cloud Services
Cloud-based architectures and strategies for different types of users, third party applications, policies, and configurations of cloud services are needed to minimise gaps in security.New approaches will be required to confirm identities, credentials, and to manage access, including tools and policies that allow organisations to manage and monitor secure access to their resources.
With the increasing use of application programming interfaces (APIs), new authentication, access control, encryption and activity monitoring protocols must be introduced to prevent attackers using them to evade established email- and web-based protection.