The most concerning cloud security threats today (Part 1 of 2)
Creating capacity in on-premises (on-prem) IT infrastructure entails investing in more assets that may become idle if your business slows down. However, by leveraging the IT infrastructure of a cloud service provider (CSP), you avoid this risk and potentially save a lot of money in the process. This is because the cloud grants you the ability to rapidly create or remove user accounts and instances as needed, providing your business with scalability and adaptability.
Security is another frequently mentioned advantage of partnering with CSPs. They have stringent security measures in place to protect your data from cyberthreats from their end.
However, aspects that are under your control, such as who you share cloud data with and how often you back up critical data, can make your data vulnerable to threats.
Let's look at these cloud security threats in this two-part post.
Malware
A common cloud feature is file syncing or synchronization, the process of reconciling changes in a file so that all copies of that file reflect the latest changes. If, for example, you edit a desktop copy of a text file, file syncing will update the copy that’s stored in the cloud.
Syncing occurs at the folder level, too. For instance, if a new file is saved in a local folder, then that file will be copied to the corresponding folder in the cloud upon syncing. While this grants easy data accessibility to cloud users, it also gives malware an easy way into your cloud system. Once in your cloud, the malware spreads rapidly and downloads other malware into your cloud infrastructure.
Any newly downloaded malware can do a lot of harm, such as exfiltrate libraries of data or record keystrokes to steal access credentials while users type them. There's also ransomcloud, a type of ransomware attack that locks cloud systems away from businesses until they pay the attackers a ransom.
How can you protect your cloud against malware?
Here are three things you can do to prevent malware infections and mitigate the damage they could cause:
● Use a threat detection service to block malware
A threat detection service uses threat intelligence feeds and endpoint security tools to identify malicious apps, files, and executable programs that may introduce malware into your cloud.
● Implement a zero trust model
A zero trust cybersecurity model presumes that an IT system has already been infiltrated. Based on this presumption, you must always verify a user's trustworthiness by confirming their identity via multifactor authentication (MFA). A phisher who steals a cloud user's access credentials won’t be able to access the user’s account if they can't provide the other necessary identity authenticators.
Moreover, you must apply the principle of least privilege. That is, you must let users access only what they need to do their jobs. This way, if a cloud user's account is hacked, then the hacker will only have access to data that the cloud user could reach.
● Split your network into segments
Malware can spread rapidly throughout your cloud system unless your network is separated into segments. By separating your network’s segments, you can contain the malware in the primary locus of infection. However, cloud hopping — the act of hacking other user accounts to access other cloud segments — can render network segmentation ineffective.
Cloud misconfiguration
Cloud misconfiguration — specifically, improperly setting up your cloud platform’s security — is currently one of the worst cloud security threats. It is caused by user or admin error. For instance, an admin could mistakenly grant your apps and servers unrestricted outbound access, thereby permitting these to send data to unprivileged apps and servers. This can result in the leakage of sensitive company data and customer information to unauthorized parties.
How can you mitigate the effects of cloud misconfiguration?
While cloud misconfiguration is preventable, it can and does happen, because the people handling cloud settings are only human. To mitigate the effects of cloud misconfiguration, here's what you need to do:
● Deploy a security information and event management (SIEM) solution
A cloud-based SIEM solution can detect high-risk web connections like Remote Desktop Protocol (RDP) and File Transfer Protocol (FTP). RDP allows a person to use a computer to access and operate a separate computer or peripheral, whereas FTP allows a person to use the internet to move files from one computer to another. Failing to properly restrict RDP and FTP on your cloud services may lead to data breaches, so use a SIEM platform to monitor your connections and alert you of suspicious activities like data exfiltration.
● Abide by RDP security best practices
If you must use RDP, follow these security standards:
● Applying the principle of least privilege
● Authenticating user identities at the network level
● Placing any device with RDP-enabled features behind a virtual private network
● Implement a zero-trust model
Use MFA to prevent unauthorized access to your cloud-based apps and servers, and let authorized users access only the files and resources they need to do their jobs.
We've only covered two cloud security threats in this post. We'll cover three more in our next post and provide tips to help you protect your cloud infrastructure against them. In the meantime, if you have concerns regarding your cloud's security, turn to SimplyClouds! Our IT experts are eager to serve you.
Categories: Cloud security, Zero trust network access, Identity and access management