enterprise security

SecurityTrails Blog · Feb 02 · by Sara Jelen

Top 10 Cloud Security Threats and How to Mitigate Them

Reading time: 12 minutes

One thing’s for sure: cloud adoption is going mainstream. It’s grown increasingly obvious that cloud computing has continuously transformed the way organizations of all sizes access, store and share data, thanks to its many benefits of rapid deployment, flexibility, low costs and scalability. But its interconnectedness and many other advantages aren’t the only things cloud computing has brought along with it—security challenges are emerging in today’s cloud era.

In the face of these constantly evolving security threats, organizations making the transition to the cloud (and there are many of them—IDG’s 2020 Cloud Computing Survey showed that 92% of organizations are at least somewhat in the cloud) are finding that vigorous cloud security is an imperative.

In order to be equipped with proper cloud security, we need an understanding of both common security challenges and the cloud threat landscape. And that is precisely what we’ll be tackling in this article.

What is cloud security?

Cloud computing security, or simply “cloud security”, refers to a set of technologies, services, controls and policies that are used to ensure the protection of cloud data, applications and the entire cloud infrastructure from inside and outside threats associated with cloud computing. Before you’re able to craft your cloud security strategy, gaining an understanding of risks and threats is the first step you need to take.

10 cloud security threats and risks

Many security threats and risks can be found for both on-premise systems and cloud infrastructures, but there are also some cloud-native threats that require non-traditional approaches in order to alleviate them. Below we have highlighted the 10 most common cloud security threats along with some quick tips on how to mitigate each one of them.

10 cloud security threats and risks

1. Misconfiguration woes

In 2017, the online marketing and data analytics firm Alteryx left information on 123 million US households exposed. The security incident was caused by a misconfigured Amazon Web Services (AWS) S3 bucket. And this is not an isolated event.

Just last June, a company that actually develops tools to prevent these issues fell victim to them. It was us. That’s right—an Elasticsearch misconfiguration allowed visitors to bypass our main gateway that does logging and access restrictions, exposing sensitive data. We have a full technical writeup about this security incident as a cautionary tale, to show that misconfiguration issues can happen even to the best of us.

But how do these misconfigurations come to be?

With the shared responsibility model of cloud architecture, organizations are responsible for protecting what is in the cloud, and the provider for protecting the cloud. With the sheer volume of mechanisms and vast areas of cloud infrastructure involved, securing them all poses a real challenge.

One of the most common misconfigurations allows public access to storage buckets that can hold sensitive data. These buckets are left unprotected without any authentication methods which can be a result of just one wrong click of a button. Other misconfigurations we come across include overly permissive security group policies, backup storage location misconfigurations, undetected and misconfigured virtualized network functions, and a lack of visibility into the entire cloud environment, such as shadow infrastructure.

Mitigating the threat of cloud misconfigurations is achieved through continuous monitoring and scanning of the entire infrastructure for vulnerabilities and forgotten instances, with the aid of various automation tools.

2. Enemies from within

Insider threats involve a scenario where someone connected to the organization has authorized access to internal systems and networks, and misuses that authorization to expose, modify or destroy sensitive data. What makes these security threats particularly dangerous is that they can go undetected for long periods of time, due to the fact that someone already granted access to the data is behind them.

These threats are numerous and dangerous for both on-premise environments as well as the cloud. Adding to the fire, we don’t always need to look at disgruntled employees, corporate espionage or other actors with malicious intent behind them—employees can leak data unintentionally, putting a network at risk of further cyber attacks.

Watching for indicators of insider threats, engaging in timely detection and maintaining efficient insider threat management and response plans are crucial steps toward ensuring the mitigation of this disastrous cloud security threat. Our blog has also covered insider threats in depth, so take advantage of it for a deeper understanding of this very real danger.

3. Infrastructure as code template storage

Infrastructure as code, or “IAC” for short, is a method of managing infrastructure in a form of system-readable defined templates that build environments that in turn deploy and run code from external sources. Commonly used for cloud infrastructure, IAC brings forth the ability of rapid scaling up and down of the infrastructure, easier management, greater understanding and more efficient monitoring of infrastructure as it combines everything into one template.

The storing of IAC templates is often overlooked but doing so can raise security risks. Storing IAC templates without encryption and protection of data can lead to unauthorized access and data leaks, and if the host of the templates is compromised, it can lead to the theft of the IAC template.

When using IAC templates, continuous monitoring and analysis must be performed to ensure the safety and security of your data and infrastructure. Luckily, we have a blog post available that details different tools you can use to detect IAC risks along with other important information about IAC.

4. Lack of identity and access management

Identity and access management (IAM) is a framework that consists of processes, technologies and policies that refer to the management of digital identities of an organization. With IAM, organizations can control user access to critical systems and information and allow the secure storing of identity and account data as well as data governance in order to ensure that users have access to only necessary and relevant data. This would mean that if an employee of the organization doesn’t need access to certain data or parts of the system, they simply shouldn’t have it. Additionally, for former employees, access should be terminated as to not leave room for insider threats. Other parts of IAM would be authentication and identity verification which is done through MFA.

IAM is important for both cloud and on-premise systems but it stands as one of the most common security threats for cloud computing because when organizations are rushing to move their data to the cloud, regulating access policies can be forgotten. Consequences of inadequate identity and access management are excessive employee access which can lead to data leaks and breaches, insider threats, and unnecessary financial, reputational and operational damages.

Regular audits of access policies should be performed to ensure no users have more access than needed, that former employees don’t have access to systems anymore and deployment of MFA and other authentication systems that are usually offered by your cloud provider.

5. Exposure of non-production environments

Organizations are increasingly using the cloud for testing and development efforts in order to make them available to their dev teams quickly, and for faster deployment. This usually includes a database of production data along with a non-production database where developers can build and test their application. But having direct copies of your production data can lead to copies of sensitive information in a test cloud database which might not be subject to the same level of security that a production environment typically maintains. That wouldn’t be an issue in and of itself if organizations weren’t generally rushing to production, leaving their non-production environments unsecured.

All it takes is an attacker to discover the open database, often forgotten by the owner organization, to find the exposed and sensitive data it contains.

The first step toward securing non-production environments is locating them. To this end, we have a dedicated blog post on tips for securing dev and staging environments that we highly recommend.

6. Poor regulatory compliance

Accelerated cloud adoption has come at a time of new and tightened data protection regulations. EU’s General Data Protection Regulation (GDPR) is just one of the data protection law and regulation systems across the world that have made organizations reassess the way they collect and store data. Privacy laws that are innate to different countries refer to the physical location where data is stored, and when we add the cloud to it, the lines can become blurry.

Organizations that store their data in-house have no issue with identifying the location of all of their data, but using external cloud providers for data storage can make it hard to locate the data—as providers can host the data in multiple locations. This can bring up the challenge of not complying to data protection regulations and the jurisdictions that should apply to their data.

The solution would be to use cloud providers that store data in one location or at least keep it within one jurisdiction (such as the EU if we’re looking at GDPR). In other cases, organizations need to be aware of locations where their data is stored and what regulations and laws apply to it to avoid penalties and legal fines.

7. Inadequate multi-tenancy separation

One of the most important features of cloud computing is multi-tenancy—an architecture in which computational resources serve multiple customers, or tenants. Although a great option for both customers and cloud providers, there are security risks tied to multi-tenant cloud architectures.

A challenge with multi-tenant services is ensuring that the performance and resource consumption of one tenant doesn’t affect the others. This is known as “tenant isolation” and it means that cloud service providers must be able to control the degree of isolation between tenants. If tenant isolation fails, security risks and incidents to which one tenant succumbs can be echoed to other tenants, which can sometimes mean hundreds of other companies.

To ensure the protection of data for all tenants, cloud service providers should enforce proper data separation and isolate the infrastructure of each tenant. Also, organizations need to be aware of the way in which their data is being stored, as well as its location and what means of protection and separation their provider offers.

8. Data breaches and leaks

Data breaches and leaks are not this low on the list because they’re low-impact or less common threats—because they can be considered something different than actual threats. They’re more of a consequence of them, if you will.

A data breach is a security incident that involves the unauthorized release of private and sensitive information to the public. The consequences of a data breach can include reputational damages, legal fines due to breach of data protection policies, other financial damage, loss of intellectual property, and more. Data breaches are even considered a greater threat to cloud environments than to on-premise ones, due to the volume of data in transit that can be intercepted by malicious attackers.

Data is an asset that holds high value today, and protecting data is an imperative for any type of organization. Implementing MFA, end-to-end encryption, VPNs, and data loss prevention (DLP) are just a few of the basic methods that need to be considered. And if you want to learn more about how to handle a data breach, we’ve got you covered.

9. Insecure APIs

Application Programming Interfaces, or APIs, are now the standard method used for integrating, sharing and improving data over online services. APIs are used for anything from setting up e-commerce websites to interacting with email services and social networks to functioning as security APIs used by red and blue teams, and of course, for interacting and operating within the cloud infrastructure.

When it comes to the cloud, APIs are used by the organization’s internal team, the cloud provider’s external team, and the users via applications. The multi-functionality and practicality of APIs don’t come without security risks however.

APIs are riddled with security vulnerabilities that include broken object levels, faulty user- and function-level authorization, excessive data exposure with storage of credentials in plain text, security misconfigurations, and lack of access logging and monitoring.

Keep your API security up to par by first identifying any vulnerabilities, monitoring use of tokens to control access, encrypting all data (especially sensitive data), and implementing the use of an API gateway which will allow authentication of traffic as well as control over how the API is used, and adopting a Zero Trust security model.

10. Clouded visibility

The security, availability and performance of the cloud is dependent on visibility. But having in-depth visibility into the cloud isn’t always an easy pursuit. Visibility is not only critical for maintaining the performance and security of your cloud but also for preserving its availability and positive customer experience.

A lack of visibility into cloud environments can come from both authorized and unauthorized app use. When we talk about unauthorized apps, we refer to the shadow IT—applications employees use without the authorization of the organization’s IT team. The security risks shadow IT poses are inherent in the fact that without proper authorization of the IT team, there is no guarantee that the apps are secure and don’t contain vulnerabilities, or even worse: malware.

And when it comes to authorized apps, these are the apps authorized by the organization’s IT team but are misused by external actors using stolen credentials (often via phishing). One way to mitigate this is by monitoring user behaviour to determine unusual use of applications, along with having strong access policies in place, and above all else, using continuous monitoring tools that will detect any shadow IT across the entire infrastructure.

How SecurityTrails can help mitigate cloud security threats

A common element we’ve seen in the mitigation strategies for these cloud security threats is monitoring and having visibility into your entire cloud infrastructure. Our enterprise-grade tool Attack Surface Reduction v2 will help you immensely—by spotlighting all of your internet-connected assets, including your cloud infrastructure, non-production environments, open databases, shadow IT and their locations so you can ensure regulatory compliance. You’ll get the full picture of your digital risks, giving you the power to act fast and proactively in protecting your infrastructure.

image_alt

Take control of your entire online infrastructure and get a FREE attack surface report! There is a limited amount of reports available so grab yours today.

SARA JELEN

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.