It’s getting to the point where companies across the globe are struggling to justify installing, managing, and maintaining their own IT infrastructure. Cloud computing offers increased flexibility with regards to storage space and bandwidth, which helps to cut costs as companies can use cloud services on a pay-per-use basis.
Cloud computing allows employees and stakeholders to communicate and collaborate on projects from practically anywhere in the world. Cloud service providers are usually able to guarantee reliable disaster recovery and backup solutions, as well as improve the loading speed of your website and minimize downtime.
So why would a company bother to maintain its own infrastructure? The answer to that question is that many companies are still concerned about cloud security threats when storing sensitive data in the cloud, which, to be fair, is a valid concern.
That said, as long as you understand where the cloud security threats lie and have taken the necessary steps to mitigate them, your critical assets should be as secure in the cloud, as your on-premise servers.
Most Common Cloud Security Threats
1. Data Breaches
According to a recent study conducted by global intelligence firm IDC, nearly 80% of the companies surveyed had experienced at least one cloud data breach in the past 18 months, and nearly half (43%) reported 10 or more breaches. Of the 300 CISOs that took part in the survey, security misconfiguration, lack of adequate visibility into access settings and activities, and identity and access management (IAM) permission errors were among their top concerns.
2. Insider Threats
Insider threats, as the term would suggest, are security threat that comes from the people within your organization. Or, to be more precise, those who have legitimate access to your network, such as employees, contractors, business associates, and even executives. According to the following article, 60% of data breaches are caused by insider threats, and 68% of organizations have observed an increase in the frequency of insider threats over the past 12 months.
According to the IDC study, security misconfiguration was cited as the top concern by the 300 CISOs that participated in the survey – accounting for 67% of respondents. This is hardly surprising given the number of data breaches that have been caused by misconfigured cloud storage containers, with “leaky buckets” being a top concern for AWS users. Other common types of misconfiguration include leaving default settings unchanged, failing to change the default passwords, disabling security controls, and more.
4. Unsanctioned App Use
Many security professionals are concerned about the lack of visibility into the use of unsanctioned apps, which present a significant security threat to your cloud environment.
5. External Sharing of Data
Cloud platforms such as Microsoft Office 365 make it very easy for users to share files and folders – some of which containing sensitive data. Having such an open approach to file sharing is a cause for concern for many CISOs, as links to shared files and folders can be easily stolen or sent to the wrong recipient(s).
6. Insecure Interfaces and APIs
Hackers are always looking to exploit insecure interfaces and APIs in an attempt to gain access to user credentials. In September 2018, Facebook discovered that an attacker had abused access tokens for 50 million users, which gave them full access to a person’s account, according to a post by Mark Zuckerberg. Making sure that user interfaces and APIs have been properly secured and tested is ultimately down to the service provider, and so there is little a consumer can do to protect themselves in this scenario other than protecting their data through other means, such as those listed below.
How to Protect Yourself from Cloud Security Threats
1. Classify Your Sensitive Data
Naturally, if you want to keep your sensitive data secure, you must know exactly what sensitive data you have, and where it is located. Your cloud service provider may provide a data classification tool out-of-the-box. For example, in Office 365 you can create, configure and publish “sensitivity labels” or use the “auto labeling” feature to classify your data. Alternatively, there are numerous dedicated solutions on the market that can automatically discover and classify a wide range of data types including PII, PHI, PCI, IP, and so on.
2. Use Multi-Factor Authentication
In the absence of clearly defined perimeters, multi-factor authentication (MFA) can play a crucial role in protecting user accounts in the cloud. Most traditional authentication systems rely solely on something which the user knows, such as a username and password. MFA, on the other hand, provides an additional layer of security by asking the user to provide additional information, which can be either something they have or something they are.
In most cases, a security code is sent to the users’ mobile phone, which they must enter in order to log in. In some cases, the user may be required to provide some sort of biometric information, such as a fingerprint scan, or some type of hardware device, such as a dongle.
3. Encrypt Your Data
While this may seem obvious, it’s surprising how few companies actually encrypt their data. Making sure that all sensitive data is encrypted, both at rest and in transit is a simple but effective way to protect your sensitive data in the cloud.
4. Restrict File Sharing
You should prevent users from sharing links to folders that contain multiple files, as some of these files may contain sensitive data. If someone needs access to a folder containing multiple files, they must submit a request to the administrator or relevant personnel. It is also a good idea to ensure that all user-created links are set to expire after a maximum of one week.
5. Check Your Cloud Configuration
As mentioned, many data breaches are caused by misconfigured cloud storage containers. As such, you must carefully review the configuration options before storing any sensitive data. This includes making sure that you change all default passwords and that the container isn’t exposed to the public internet. You should also audit your configuration for any unwanted/unauthorized changes.
6. Monitor Access to Accounts and Data
As mentioned previously, the traditional moat-castle approach to protecting sensitive data is being replaced by a more people/data-centric approach. As such, it is crucially important to monitor all access to privileged accounts and sensitive data. You should receive real-time alerts on any suspicious activity and maintain an immutable log that can be scrutinized by your security team in the event of a data breach.
The Case for Cloud Security Solutions
The points mentioned above are by no means a comprehensive breakdown of all cloud security threats and solutions. There are many ways that an attacker can infiltrate your cloud environment. For example, hackers will often attempt to brute-force their way into user accounts, especially accounts that are inactive but still enabled. In which case, you might want to consider adopting a real-time auditing solution that is capable of threshold alerting, which can detect and respond to failed login attempts. Additionally, most sophisticated solutions are able to automatically detect and manage inactive user accounts. Hackers will often try to infect your cloud environment with malware – often using phishing/social engineering techniques. In this case, security awareness training would be the most appropriate solution.