The cloud is where businesses are — it’s become the norm. Cloud technologies were so rapidly adopted over the past three years that securing the cloud became an afterthought and the threats in the cloud are now catching up to businesses. Public cloud adoption has also led to cloud sprawl and misconfigurations that have turned into massive security issues.
Threats in the cloud continue to increase with multi-cloud adoption, where organisations are choosing to use two or more public cloud platforms to avoid placing all their eggs in a single basket. While this diversification has massive benefits for business growth, it has also created a security challenge, as each platform does things in slightly different ways. Securing them requires experts to manage each separately.
With different teams working on different platforms, workloads can become scattered, making it hard to identify and fix security problems before they become security disasters. This is perhaps why more than half of Indian business leaders (59%) say cloud-based attacks are among the biggest threats to organisations and 61% of them attribute it to increased cloud adoption.
With the ever-increasing interconnectedness of systems, cloud security is not only about mitigating misconfigurations. It includes securing OT systems connected to the cloud, securing cloud APIs and using multi-factor authentication, formulating a comprehensive strategy for cloud backups, VPN compromise and threats to IP addresses and open ports.
The rapid adoption of multi-cloud environments has now led organisations to realise that cybersecurity wasn’t given due importance in the process of innovation. The large-scale impact of insecure cloud environments needs a new approach to security that can keep up with the modern attack surface.
Challenges to cloud security
When we look at cybersecurity, the fundamental difference between an attacker and a defender is that bad actors only need one initial attack vector to breach an organisation’s defences. Breaches can occur due to simple cloud misconfigurations, weak passwords or insecure third-party APIs. All attackers need is just one route to get hold of critical business assets. With innovation not catching up to security, the cloud has become far more insecure and in 2022, compromising cloud credentials was among the top pathways cybercriminals used to perpetrate attacks.
Case in point: In a report released earlier in January 2023, Google found 6,000 malware samples actively communicating with Google Cloud Platform, Microsoft Azure and Amazon Web Services (AWS). The malware also at times tried to hide its activities among legitimate services by communicating to Cloud Service Providers (CSPs) using well-known ports, as well as by explicitly utilising transport layer security.
Security in cloud environments is often bogged down by manual processes. With multiple point tools tackling different aspects of security, it is difficult to understand every technology stack and review every line of code after the software development cycle is complete. And in 2022, there was a 200% increase in the number of cloud accounts being advertised for sale on the dark web compared to 2021. With such critical information, gaining access to accounts that organisations use to manage entire portions of their online presence can open the door for access to other accounts.
Securing modern cloud environments
Achieving a better security posture in the cloud requires greater visibility. But even if organisations have complete visibility, remediating every single misconfiguration is impossible.
Security needs to work in tandem with software development to ensure technologies are secure from the get-go. The solution is developer-friendly tools that accelerate the existing processes that span the breath of the organisation, from developers, DevOps and traditional operations. And this type of security is proactive and preventative — just what the ephemeral nature of the cloud needs. With Infrastructure as Code, security is woven into the software development cycle — the cornerstone to securing cloud environments.
But knowing which cloud misconfigurations to fix first is also important or organisations will be left with the task of fixing every single cloud misconfiguration — an extremely time-consuming task. In a multi-cloud environment, organisations would have to go a step further and understand how these misconfigurations interact with other critical assets and which attack pathways are most likely going to compromise the “Crown Jewels” of the organisation.
Analysing all the data from multiple point tools dumped on spreadsheets isn’t going to give organisations a comprehensive picture of whether or not they have effectively reduced cyber risk. Organisations need cloud-based solutions that use an analytics-led approach to effectively reduce cyber risk. When multiple point tools are creating data silos, the solution is a unified platform that comes with a database of threat intelligence, which can address vulnerability management, cloud security, identity security, external attack surface management and more as it provides the right context to make better decisions based on cyber risk.
This is exposure management and it is important because cybercriminals aren’t looking at data silos but the best attack pathways to breach defences. For example, in 2022, the most common initial attack vector was exploiting internet-facing assets and cybercriminals used phishing and compromised cloud credentials to perpetrate the attack. If organisations have a holistic view of how each asset and user interact with each other and the level of risk they pose, it would be easier to prioritise which gaps to plug first. What organisations currently lack is context and it counts. Proactive security is all about obtaining context into the entire attack surface and this is possible with exposure management.
Ensuring everything is secure as it’s built and also knowing how cloud assets interact with the entire organisation can go a long way in reducing cyber exposure. Because It’s easier to replace an aircraft engine on the ground than it is in flight. Cybercriminals don’t wait for organisations to improve their security and establishing deterrence is only possible when it becomes more difficult and expensive to breach the organisation. This is exactly why cybersecurity must be proactive or organisations will be at a greater risk of being attacked.
(The author is Nick Bourke, Sr. Security Engineer, Tenable, and the views expressed in this article are his own)
