Recently, a major tipping point was reached in the IT world — more than half of new spending is now on cloud services over non-cloud IT. Rather than being the exception, cloud-based operations have become the rule.
There are many reasons why companies transition to the cloud. Lower costs, improved efficiencies and faster time to market are some of the primary benefits.
However, too many security teams still treat the cloud like an exception, or at least not as a primary use case. The approach remains “and cloud”, rather than “cloud and.”
Attackers know that business information security is generally behind the curve with its approach to the cloud, and they take advantage of the lack of security experience surrounding new cloud environments. This leads to ransomware, cryptocurrency mining and data exfiltration attacks targeting cloud environments, to name a few.
But what are they attacking specifically, and what can you do about it?
Misconfiguration at the User Level is the Biggest Security Risk in the Cloud
Cloud providers have built-in security measures that leave many systems administrators, IT directors and CISOs feeling content with the security of their data. Customers often think that the cloud provider is taking care of security with no additional actions needed on their part.
This way of thinking ignores the shared responsibility model for security in the cloud. While cloud providers secure the platform as a whole, companies are responsible for the security of the data hosted in those platforms. Misunderstanding the shared responsibility model leads to the primary security risk associated with the cloud: misconfiguration.
You may be thinking, ‘But what about ransomware and cryptomining and exploits?’ These and many other attack types are primarily possible when one of the three misconfigurations below are present.
You can forget about all the worst-case, overly complex attacks: Misconfigurations are the greatest risk and should be your number one concern.
Why do Misconfigurations Happen?
Generally speaking, there are three primary categories of common misconfigurations that attackers are likely to target:
- Misconfiguration of the native cloud environment
- Not securing equally across multi-cloud environments (i.e., different brands of cloud services providers)
- Not securing equally to on-premises data centers
Attackers know that business information security is generally behind the curve with its approach to the cloud, and they take advantage of the lack of security experience surrounding new cloud environments
To further understand the state of cloud misconfigurations, Trend Micro Research recently investigated cloud-specific cyber-attacks. The report found a large number of websites partially hosted in world-writable cloud-based storage systems.
Despite these environments being secure by default, settings can be manually changed to allow more access than actually needed. These misconfigurations are typically put in place without knowing the potential consequences, but once in place, it is simple to scan the internet to find them — and cyber-criminals are exploiting them for profit.
The risk of misconfigurations may seem obvious in theory, but in practice, overloaded IT teams are often simply trying to streamline workflows to make internal processes easier. So settings are changed to give read and/or write access to anyone in the organization with the necessary credentials. What they don’t realize is that this level of exposure can be found and exploited by cyber-criminals.
How Big is the Misconfiguration Problem?
Nearly all data breaches involving cloud services have been caused by misconfigurations. Trend Micro identifies an average of 230 million misconfigurations per day.
We expect this trend will increase in 2020, as more cloud-based services and applications gain popularity with companies using a DevOps workflow. Teams are likely to misconfigure more cloud-based applications, unintentionally exposing corporate data to the internet, and to cyber-criminals.
Our prediction is that through 2025, more than 75% of successful attacks on cloud environments will be caused by missing or misconfigured security by cloud customers rather than cloud providers.
How to Protect Against Misconfiguration
The good news is that misconfigurations are easily preventable with some basic cyber hygiene and regular monitoring. You can secure your cloud data and applications today, especially knowing that attackers are already cloud-aware and delivering vulnerabilities as a service.
Here are a few best practices for securing your cloud environment:
- Employ the principle of least privilege: Access is only given to users who need it, rather than leaving permissions open to anyone
- Understand your part of the shared responsibility model: While cloud service providers have built-in security, the companies using their services are responsible for securing their data
- Monitor your cloud infrastructure for misconfigured and exposed systems: Tools are available to identify misconfigurations and exposures in your cloud environments
- Educate your DevOps teams about security: Security should be built into the DevOps process
- Your data and applications in the cloud are only as secure as you make them. There are enough tools available today to make your cloud environment – and the majority of your IT spend – at least as secure as your non-cloud legacy systems.
This overview builds on the recent report from Trend Micro Research on cloud-specific security gaps, which can be found here.
