Share this article on:
With the new hybrid-working model, we see organisations increasingly moving more of their workload settings to the cloud. While this transformation offers great agility and scalability benefits, it comes with inherent and increased risks to security and compliance. A simple configuration error can result in exposing your entire organisation to threat actors who no longer need to break into your data centre to access your critical data or conduct ransomware attacks. Check Point Software senior cloud security architect Justice Anyai writes.
Gartner predicts that by 2025, 99 per cent of cloud security issues will be a result of human error when configuring assets and security in the cloud. At a time when organisations are becoming increasingly dependent on third-party cloud vendors such as AWS, Microsoft Azure, IBM and Google Cloud Platform to securely manage their data, concern around misconfigurations and other vulnerabilities in the cloud are likely to amplify quickly. Many of the organisations finding themselves at risk have had to accelerate their digital transformation initiatives at an uncomfortable pace over the past two years, resulting in knowledge and talent gaps that only add to their fears around cloud security.
Under the shared responsibility model – a security framework designed to ensure accountability for compromised data and other incidents – the cloud provider will offer basic cloud security, but it’s up to businesses themselves to secure their own data within the cloud. To put it another way, if cloud providers ensure the town gates are locked and the perimeter is well guarded, it’s still up to businesses to ensure their own doors are locked. That’s no mean feat, particularly when you consider that many large enterprises now rely on three or four cloud platforms as part of a multi-cloud strategy.
Attacks on cloud service providers are ramping up
As outlined in Check Point Software’s 2022 Security Report, over the previous year we’ve seen a tidal wave of attacks that exploit flaws in the services of industry-leading cloud providers. For the cyber criminals involved, the end goal is to gain full control over an organisation’s cloud infrastructure or worse, an organisation’s entire IT estate, including its proprietary code and customer records. This can indeed have a devastating impact on the businesses affected and they’re quite right to be concerned.
The kinds of flaws we’re talking about here aren’t logic or permission-based flaws derived from an organisation’s control policy that threat actors might use to gain unauthorised access and escalate privileges. This could at least be pinpointed and dealt with by the organisation in question. Instead, these flaws tend to be critical vulnerabilities within the cloud infrastructure itself that can be much more difficult to guard against.
For example, take the OMIGOD flaw which broke the floodgates when it came to attacking cloud services in 2021. In September, four critical vulnerabilities were discovered in the Microsoft Azure software agent that enabled users to manage configurations across remote and local environments. An estimated 65 per cent of Azure’s customer base was made vulnerable by this exploit, putting thousands of organisations and millions of endpoint devices at risk. Through this OMIGOD flaw, threat actors were able to execute remote arbitrary code within an organisation’s network and escalate root privileges, effectively taking over the network. As part of its September 2021 update, Microsoft addressed the issue but the automatic fix that it released appeared ineffective for several days. Further flaws were exposed in Microsoft Azure’s cloud services throughout the year, including the “ChaosDB” vulnerability which allowed cyber criminals to retrieve several internal keys used to obtain root privileges that would eventually enable them to manage the databases and accounts of targeted organisations. Businesses made vulnerable by this particular “open door” included Coca-Cola, Skype and even security specialist, Symantec.
It’s likely that there will be many more cloud provider vulnerabilities in 2022 but fortunately, there are things within an organisation’s control that can mitigate the risk.
Locking the doors and bolstering internal security
Tightening cloud security isn’t just about having the right products and services in place, it’s also about nurturing a security-first mentality within an organisation as a whole. Regardless of what a service level agreement between an organisation and cloud provider might say, the onus ultimately falls on the organisation to make sure its customers’ records and other important data are protected.
So, before moving mission-critical workloads into the cloud, organisations must ensure that the “doors” to their applications and data are firmly locked. That means getting identity and access management finely tuned, implementing the principle of “least privilege” so that data is only accessed by humans and applications on a strictly need-to-know basis. It also means better segmentation of networks and use of firewall technology to ensure that sensitive data can be appropriately siloed and guarded where necessary.
Cloud security is complex, and with multi-cloud environments it gets even more complex. So, think about consolidating all your cloud security across all cloud vendors into one solution that monitors all malicious activity and reduces the workload by automating common tasks like policy updates. In an ideal world this would mean a “single pane of glass” approach to security management across all your cloud assets so that you can keep a closer eye on security incidents and focus your effort on those of greatest concern.
Any cloud security solution is only as good as the intelligence engine behind it so ask your vendor how they stay on top of emerging and zero-day threats. Check Point’s ThreatCloud helps to monitor millions of network nodes across the world, using over 30 AI technologies to identify threats in real time so that these are blocked before they get onto your cloud, or indeed on-prem network or end user devices.
Finally, introduce security at the earliest stage of application development. You do not want security checks to slow down your DevOps unduly and delay application rollout but equally you cannot afford to cut corners on security. A DevSecOps approach that allows you to scan code for misconfigurations or even malware as part of the DevOps process will ensure that you don’t “bake in” vulnerabilities at the outset.
The shift to the cloud will only accelerate as organisations realise the benefits it brings in terms of competitive advantage, agility and resilience so now is the time to take a responsible approach to security and compliance and scale up your cloud security. It’s a challenging and complex task but the good news is that there are solutions to not only lock down your cloud network but also ways, using AI and automation, to reduce the workload of detecting and preventing threats, even the ones that have yet to be devised. Finally, this can be done at speed ... it’s all in the cloud!
Justice Anyai is a senior cloud security architect and evangelist at Check Point Software.