A rapid, disorganized shift to the cloud can open the door to data theft, ransomware, malware, and other cyberattacks, says IBM X-Force.
The coronavirus lockdown has forced many organizations to turn to the cloud more quickly and fully than otherwise intended. This type of frenetic rush toward cloud-based services also can easily lead to confusion and misconfiguration, both of which make organizations greater targets for cybercriminals. A report released Wednesday by security provider IBM X-Force describes the types of threats that impact cloud security and how companies can better protect their cloud-based assets.
Based on a survey of senior business and IT professionals, IBM’s “2020 Cloud Security Landscape Report” found that while the cloud can empower certain business and technology capabilities, the type of ad-hoc management of cloud resources is causing increased complexity for IT and security staffs.
As one example, the issue of security ownership is one that often creates confusion. Among the respondents, 66% said they rely on cloud providers for baseline security. A full 73% said that public cloud providers were the primary party responsible for securing software-as-a-service (SaaS). And 42% pointed to providers as the main party responsible for security cloud infrastructure-as-a-service (IaaS). While a shared security responsibility is typically the right model for cloud environments, the failure to define this process and create specific policies can easily amp up the risk of security threats.
Misconfiguration issues are another problem that can occur amid the rush to the cloud. The failure to properly configure a cloud environment and any resulting data leaks can help cybercriminals capture sensitive files and information. In 2019, cloud misconfiguration problems led to the loss of more than 1 billion records in compromised environments, according to X-Force.
Looking at some of the cloud-based security incidents that it had to mitigate over the past year, X-Force found a number of significant threats.
SEE: How to build a successful career as a cloud engineer (free PDF)
Cybercriminals motivated by financial gain were the most common group targeting cloud environments. However, nation states also were a pervasive threat. Attackers used cloud resources to ramp up cryptomining and DDoS campaigns and to host malicious websites and operations.
Criminals used cloud-based applications as a popular entry point for their attacks, employing such strategies as brute-forcing and exploiting vulnerabilities and misconfigurations. Certain vulnerabilities can remain hidden due to “Shadow IT,” a practice that occurs when employees sneak past IT and approved channels to use their own unauthorized apps and services.
Ransomware was used more than any other type of malware in cloud environments, followed by cryptominers and botnet malware. Outside of malware, data theft was the most common activity found in compromised cloud environments with the loss of all kinds of data from personally identifying information (PII) to client-related emails.
“The cloud holds enormous potential for business efficiency and innovation, but also can create a ‘Wild West’ of broader and more distributed environments for organizations to manage and secure,” Abhijit Chakravorty, Cloud Security Competency leader for IBM Security Services, said in a press release. “When done right, cloud can make security scalable and more adaptable–but first, organizations need to let go of legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation wherever possible. This starts with a clear picture of regulatory obligations and compliance mandate, as well as the unique technical and policy-driven security challenges and external threats targeting the cloud.”
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
To help organizations better protect their cloud-based environments and assets, X-Force has the following advice:
- Establish collaborative governance and culture. Adopt a unified strategy that combines cloud and security operations across application developers, IT operations and security. Designate clear policies and responsibilities for existing cloud resources as well as for the acquisition of new cloud resources.
- Take a risk-based view. Assess the kinds of workloads and data you plan to move to the cloud and define appropriate security policies. Start with a risk-based assessment for visibility across your environment and create a roadmap for phasing cloud adoption.
- Apply strong access management. Leverage access management policies and tools for access to cloud resources, including multi-factor authentication, to prevent infiltration using stolen credentials. Restrict privileged accounts and set all user groups to least-required privileges to minimize damage from account compromise (zero-trust model).
- Have the right tools. Ensure that tools for security monitoring, visibility, and response are effective across all cloud and on-premises resources. Consider shifting to open technologies and standards that allow for greater interoperability between tools.
- Automate security processes. Implementing effective security automation in your system can improve your detection and response capabilities as opposed to relying on manual reaction to events.
- Use proactive simulations. Rehearse for various attack scenarios. This can help identify where blind spots exist and also address any potential forensic issues that may arise during attack investigations.