Reading Time: ~3 min.
It’s a familiar story in
tech: new technologies and shifting preferences raise new security challenges.
One of the most pressing challenges today involves monitoring and securing all
of the applications and data currently undergoing a mass migration to public
and private cloud platforms.
Malicious actors are
motivated to compromise and control cloud-hosted resources because they can gain
access to significant computing power through this attack vector. These
resources can then be exploited for a number of criminal money-making schemes, including
cryptomining, DDoS extortion, ransomware and phishing campaigns, spam relay,
and for issuing botnet command-and-control instructions. For these reasons—and
because so much critical and sensitive data is migrating to cloud platforms—it’s
essential that talented and well-resourced security teams focus their efforts
on cloud security.
The cybersecurity risks
associated with cloud infrastructure generally mirror the risks that have been
facing businesses online for years: malware, phishing, etc. A common
misconception is that compromised cloud services have a less severe impact than
more traditional, on-premise compromises. That misunderstanding leads some
administrators and operations teams to cut corners when it comes to the
security of their cloud infrastructure. In other cases, there is a naïve belief
that cloud hosting providers will provide the necessary security for their
Although many of the
leading cloud service providers are beginning to build more comprehensive and
advanced security offerings into their platforms (often as extra-cost options),
cloud-hosted services still require the same level of risk management, ongoing
monitoring, upgrades, backups, and maintenance as traditional
infrastructure. For example, in a cloud environment, egress filtering is
often neglected. But, when egress filtering is invested in, it can foil a
number of attacks on its own, particularly when combined with a proven web
classification and reputation service. The same is true of management access
controls, two-factor authentication, patch management, backups, and SOC
monitoring. Web application firewalls, backed by commercial-grade IP reputation services, are another often overlooked layer of
protection for cloud services.
Many midsize and large
enterprises are starting to look to the cloud for new wide-area network (WAN)
options. Again, here lies a great opportunity to enhance the security of your
WAN, whilst also achieving the scalability, flexibility, and cost-saving
outcomes that are often the primary goals of such projects. When selecting these types of solutions, it’s
important to look
at the integrated security options offered by vendors.
Haste makes waste
Another danger of the
cloud is the ease and speed of deployment. This can lead to rapidly
prototyped solutions being brought into service without adequate oversight from
security teams. It can also lead to complacency, as the knowledge that a
compromised host can be replaced in seconds may lead some to invest less in upfront
protection. But it’s critical that all infrastructure components are
properly protected and maintained because attacks are now so highly automated
that significant damage can be done in a very short period of time. This
applies both to the target of the attack itself and in the form of collateral
damage, as the compromised servers are used to stage further attacks.
Finally, the utilitarian
value of the cloud is also what leads to its higher risk exposure, since users
are focused on a particular outcome (e.g. storage) and processing of large
volumes of data at high speeds. Their solutions-based focus may not accommodate
a comprehensive end-to-end security strategy well. The dynamic pressures
of business must be supported by newer and more dynamic approaches to security that
ensure the speed of deployment for applications can be matched by automated
SecOps deployments and engagements.
Time for action
If you haven’t recently
had a review of how you are securing your resources in the cloud, perhaps now
is a good time. Consider what’s allowed in and out of all your infrastructure
and how you retake control. Ensure that the solutions you are considering have
integrated, actionable threat intelligence for another layer of defense in this
dynamic threat environment.
Have a question about
the next steps for securing your cloud infrastructure? Drop a comment below or reach
out to me on Twitter at @zerobiscuit.