Today’s Top Public Cloud Security Threats …And How to Thwart Them

Friday, June 21, 2019

Michael Koyfman

8864b99db2b2651e51dbd14fde0e361e

Many enterprises today have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like AWS, Azure, and GCP. And while cloud computing has streamlined many business processes, it can also create a security nightmare when mismanaged. A simple misconfiguration or human error can compromise the security of your organization's entire cloud environment.

Whether your whole business or small portions operate in the cloud, it’s imperative to understand the cloud-specific threats facing your organization in order to find creative and impactful solutions for remediation and protection. Let’s start by walking through the top security challenges in the cloud today to gain a better understanding of this complicated and ever-evolving landscape.

Top Security Challenges in the Cloud

Top threat: Phishing

Phishing is very popular in the cloud today. It’s often deployed using PDF decoys hosted in public cloud that arrive as email attachments and claim to have legitimate content, such as an invoice, employee directory, etc. Furthermore, since the malicious pages are stored in public cloud, they fool users into thinking that they are dealing with a legitimate entity, such as Microsoft, AWS, or Google. Once received, such content is saved to cloud storage services, like Google Drive. As soon as attachments are shared, malware can propagate within an organization, leading to cloud phishing fan out. In a matter of minutes, a legitimate user’s account can be compromised and used as part of a phishing campaign, which is far harder to detect and mitigate.

Top threat: Cryptojacking

Cryptojacking occurs when a nefarious actor uses your public cloud compute resources without your authorization. Such attacks are indifferent to device type, service, or OS, making them especially dangerous. What’s more, because such attacks usually appear to be coming from legitimate users, they often go undetected for quite some time, allowing the actors to execute a number of attacks under the radar.

A deeper understanding of these threats is critical, but it doesn’t solve the problem. So, where do we go from here? Below are my recommendations on steps for combating the above risks (and others) in the cloud.

Recommendations for Better Cloud Security

Assess Your Risk Exposure

Organizations must deploy a real-time visibility and control solution for sanctioned and unsanctioned accounts to perform continuous assessment of the security posture of these accounts and to provide visibility into what is going on with your IaaS accounts. You must also track admin activity using logging services like Amazon CloudTrail and Azure Operational Insights to gather logs about everything that is going on in an environment. Additionally, consider deploying an IaaS-ready DLP solution to prevent sensitive data loss in web facing storage services, like AWS S3 and Azure Blob. And lastly, get real-time threat and malware detection and remediation for IaaS, SaaS, and Web. It’s imperative to continuously monitor and audit for IaaS security configuration to ensure compliance with standards and best practices and to make sure that the bad guys do not split in and fly under the radar.

Protect Sensitive Data from Insider Threats

While it sounds like common sense, many of today’s breaches occur when a user either intentionally or inadvertently shares sensitive information that compromises the security of an organization. To combat this, it’s important to educate all employees of the risks associated with doing business in the cloud. Warn users against opening untrusted attachments and executing files. Teach employees to verify the domains of links and identify common object store domains. Deploy real-time visibility and control solutions, as well as threat and malware detection solutions to monitor, detect, and remediate nefarious activity. And lastly, scan for sensitive content and apply cloud DLP policies to prevent unauthorized activity, especially from unsanctioned cloud apps. People are often the weakest link and proper training and education should be a priority for your business.

Follow Best Practices

Businesses should leverage compliance standards, such as NIST, CIS, and PCI, to easily benchmark risk and security. A lot of these tools will provide insights and recommendations for how to remediate various violations, but you should still understand that customization is key.

In order to thwart exposure, companies must have the capability to look at all cloud environments and perform assessments of how such resources are secured. And remember, every organization is different, and there is no one-size-fits-all approach to proper protection in the cloud. That said, by better understanding the threat landscape (whether within or outside your organization) and putting the proper tools in place, comprehensive cloud security is, indeed, possible.

About the author: Michael Koyfman is a Principal Global Solution Architect with Netskope. In his role, he advises Netskope customers on best practices around Netskope deployments and integrating Netskope solutions within customer environment by leveraging integration with customer technology ecosystem.

Possibly Related Articles:
59904
Cloud Security Enterprise Security Security Awareness
Cloud Security Public Cloud data breach security threats
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.