Five Considerations to Keep Your Cloud Secure
Published 05/22/2024
Originally published by Bell.
Written by Jack Mann, Senior Technical Product Manager, Cyber Security, Bell.
When you make the shift to the cloud, it’s easy to assume that your cloud service provider – whether that’s AWS®, Microsoft Azure®, Google® Cloud or any another vendor – will keep your data and workloads protected and secure.
However, that’s not always the case.
Cloud security is actually a shared responsibility. While your provider is responsible for securing the underlying cloud infrastructure (the data centres and physical network) and computing resources, your business is responsible for securing any data stored on that infrastructure.
Your team might not have expertise in some of the many areas included within that responsibility, creating significant potential for gaps in your cloud security for attackers to exploit. In this article, I review the five critical areas that enterprises often miss when it comes to cloud security – and the steps for how to properly attend to each one.
1. Your assets and where they’re stored
Cloud services offer virtually limitless computing resources that you can access as needed, allowing for new applications to be built and services implemented at speeds not possible with on-premises resources alone. However, because cloud services make it so quick and easy to spin up new computing resources, businesses often lose track of the various assets, services, and systems that they have stored or built in the cloud – especially those built for temporary purposes or across multiple clouds. This is far from an insignificant oversight: bad actors can sniff out and exploit forgotten or abandoned assets that aren’t configured correctly or haven’t been patched in a long time.
A cloud-native application protection platform (CNAPP) can reveal assets across your entire cloud environment. You can then analyze what you have, determine what should or shouldn’t be there, and properly secure the rest.
2. Blind spots and weak points in your cloud security
Are there users on your network with more permissions than their roles require? Do any accounts have the same username/password combination? These are just two examples of cloud security blind spots and weak points that are common among businesses. It’s vital to identify and correct such flaws before bad actors can exploit them.
A cloud security posture assessment can uncover blind spots and weaknesses in your cloud security and recommend actions to address them. In the case of over-privileged users or duplicate usernames/passwords, the solution might involve implementing stronger authentication and authorization, or enhanced identity and password management processes.
3. Cloud configuration errors
Misconfigurations are a leading source of vulnerability for companies in the cloud – and the more cloud services used, the greater the risk of one of them being misconfigured. That’s because there are so many options and parameters to take into consideration when configuring your cloud services, along with the fact that every cloud service does things a little differently. If you use more than one cloud – which most companies do – the likelihood of making an error is much higher.
Errors can occur due to insufficient understanding, cutting corners, or simple mistakes. For instance, when configuring a firewall, someone might accidentally allow traffic that should be forbidden from passing through. Whatever the cause, cloud configuration errors make your business vulnerable to exploitation and must be identified and remedied.
CNAPP solutions can scan your cloud environment and compare your configurations against best practices for every service that you use. To help you prioritize your remediation efforts, the most effective CNAPP tools will categorize potential issues based on severity and broader cyber threat activity, such as if a particular kind of misconfiguration has been a popular target for cybercriminals recently.
4. Cloud security vulnerabilities
Every day, vulnerabilities lead to thousands of cloud security exposures, which are errors or defects in the underlying software that threat actors can exploit. Some are zero-day vulnerabilities – those just discovered by attackers and that have never been seen by security analysts. Others have been around for a while, but are only now trending targets among cybercriminals, or have yet to be exploited (or widely exploited). A recent example is the vulnerability discovered in Log4j, an open-source logging tool built into many applications and services. Threat actors exploited the vulnerability to steal data, install cryptocurrency mining software, and launch ransomware on compromised systems around the world. Many companies scrambled to find every instance of Log4j across their networks to avoid falling prey to the same attacks.
The right tools can greatly simplify that process by showing you exactly where vulnerable components are as well as how critical the environment that they’re located in is to your operations. This can allow you to safely take certain system segments offline while you address the issues; and hackers won’t be able to exploit them in the meantime. Identifying which critical systems need to be patched can reduce the immediate workload and focus resources on the areas of greatest concern.
5. Ephemeral workloads
An ephemeral workload is one that runs for a short period of time. For example, a mortgage calculator tool on a financial services website might be configured as an ephemeral workload, with its underlying code running only when a user requests a calculation. These workloads are just as vulnerable and are open to exploitation. Because ephemeral workloads aren’t running all the time, those that have been exploited can be missed during regularly scheduled security scans.
Continuous monitoring is the only way to detect and properly secure ephemeral workloads. That means going beyond tools that scan your environment every so often in favour of a more advanced solution that provides 24/7 monitoring across your cloud environment.
About the Author
Jack Mann is the Senior Technical Product Manager for the Bell Cybersecurity practice.
In this role Jack drives the development of products and solutions that helps organizations to solve security problems, enhance productivity and improve their security posture. Jack started his career at Bell in 2021 as a Product Manager. Prior to joining Bell, Jack spent 16 years at CGI where he led Cloud Computing and Business Solutions.
Related Articles:
A Vulnerability Management Crisis: The Issues with CVE
Published: 11/21/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Why Application-Specific Passwords are a Security Risk in Google Workspace
Published: 11/19/2024
Group-Based Permissions and IGA Shortcomings in the Cloud
Published: 11/18/2024