Data breaches that resulted from cloud misconfigurations cost businesses nearly $3.18 trillion in 2019, according to DivvyCloud — here’s what to know to protect your business
The Covid-19 pandemic is having huge effects on the economy, our social lives, and the ways in which we work. With many staff around the world now being required to work from home, the crisis has focused attention on cloud security and the resilience of its infrastructure to stand up to cloud security threats.
The cybersecurity vulnerabilities inherent to cloud storage are nothing new. Many companies were still in the process of improving their cloud security when the pandemic hit, but have now been forced to accelerate their plans.
This move includes a renewed push to encrypt cloud storage using AES and an increased consciousness of the risk of phishing attacks in cloud environments. Experts also reckon that improved cloud security can save businesses up to $1.4 million per cyber-attack.
In this article, we’ll look at the top 5 cloud security threats and will show you how to mitigate the cloud vulnerabilities that are associated with them.
Let’s hash it out.
Breaking Down the 5 Most Significant Cloud Security Threats in Cloud Computing
The cloud is here to stay. Flexera’s 2020 State of the Cloud Report (formerly the Rightscale State of the Cloud Report) shows that, for the first time since the first edition of its report was published, every survey respondent indicated that they had cloud strategy plans or already used cloud in one form or another. In fact, 93% of their respondents indicated that their organizations have multi-cloud strategies.
The widespread use of cloud by organizations of all sizes serves to further underscore the importance of mitigating cloud security threats by eliminating existing cloud vulnerabilities.
Here are the five most common cloud security threats and what your organization can do to mitigate them:
Cloud Threat #1: Access Management
One of the primary threats to cloud storage systems is not a feature of these systems themselves, but rather a result of the way that companies use them. The growing number of cloud providers with large free service plans drives down costs and encourages even small companies to move all of their data to the cloud. In many cases, this is done without carefully thinking through access policies.
How to Protect Your Business From This Cloud Security Threat: Limit Access
Access management includes two fundamental elements. One is a rigorous access policy, and the other is a set of authentication and identity verification tools.
Let’s look at access policies first. There is a simple principle when it comes to designing access policies for cloud storage: If an employee doesn’t need access to particular files or systems in order to do their job, then they shouldn’t have it. You should conduct regular audits of the level of access your employees have to your cloud systems and remove any unnecessary privileges.
This is particularly true when employees leave your company. A number of high-profile recent data breaches have been caused by disgruntled employees who have found that they still have access to their corporate accounts even long after leaving the company. IT administrators, therefore, need to liaise closely with HR departments to ensure that there’s a process for removing privileges for departing employees as soon as possible.
Alongside this policy, you should deploy the most secure authentication and identity verification tools that are feasible for your cloud environment. Many cloud vendors now offer multi-factor authentication (MFA) systems as part of their standard packages. In these systems, users must have access to a second device — typically a smartphone — in order to log in to your systems. This makes access to your cloud storage dramatically more secure.
If you’re looking to improve your cloud security still further, you can implement a separation of duties (SoD) model. This model separates the tasks that can be performed within your cloud environment so that no one user is able to totally control it. This means that tasks that might be damaging to your company — such as deleting certain files — require more than one person to execute.
SoD models afford you with a greater level of security because they mean that even if an administrative account is hacked, the attacker will not gain a level of access to your cloud environment that will allow them to cause significant levels of damage.
Cloud Threat #2: Data Breaches and Data Leaks
Data breaches and leaks are more of a threat in cloud systems than in those managed in-house. This is simply due to the large amounts of data flowing between employees and cloud systems, which can be intercepted by hackers looking for weaknesses in your systems. This is what happened to Equifax in 2017 when the personal data of more than 148 million Americans was stolen and published by hackers.
In the Equifax breach, the attackers were able to take advantage of an expired digital certificate. This is what helped the breach to remain undetected for more than a month and a half — a total of 76 days..
How to Protect Your Business From This Cloud Threat: Secure Communications and Connections
One of the best ways to mitigate this threat is to secure your data using in-transit and at-rest data security. This would include the use of encryption both for your email server and for the messages themselves.This would include the use of digital certificates such as SSL/TLS website certificates and S/MIME (secure/multipurpose internet mail extension) certificates.
You should also ensure that all of your staff can access your cloud securely from anywhere, while at the same time you’re using a reputable virtual private network to encrypt data that is in transit between Wi-Fi access points and your company’s network. What is considered reputable? You needn’t invest in an enterprise VPN, which can cost hundreds of dollars per month per user. However, it is important to do your research to ensure that the VPN service you’re investing in is genuinely secure.
This is particularly true if you are looking for cost-effective VPN services. As we’ve pointed out in our recent article on free VPNs, some of these services are not as secure as they claim to be. Some free or ostensibly free VPN services — i.e., those that do not keep log files and are AES-encrypted — are fine. Others will log all of your activity in order to sell on this information, or will use less secure encryption schemes. Both of these practices are a potential source of risk, and if you’re investing in a security tool it really shouldn’t expose you to more risk.
Cloud Threat #3: Data Loss
Data loss is another issue that plagues cloud systems. After moving your business processes to the cloud, the amount of data you store remotely can quickly grow to an unmanageable size, which makes backups both difficult and costly. Because of this, research has found that an average of 51% of organizations have publicly exposed at least one cloud storage service, and 84% of organizations have said that traditional security solutions don’t work in cloud environments.
Not performing regular, thorough backups is a major threat because of the rise of ransomware attacks, in which a hacker will encrypt your cloud storage and demand payment for returning data to you.
How to Protect Your Business From This Cloud Security Threat: Backup Your Data
If you wait until something goes wrong, it’s too late. Preventing this kind of attack means designing and implementing a rigorous and stable backup system now. Ideally, this should be a distributed system, in which data is backed up in multiple systems and locations, in order to avoid data loss from individual storage area network (SAN) systems crippling your business.
Cloud Threat #4: Insecure APIs
Application user interfaces (APIs) are the primary tools that enable interaction with cloud storage systems. Normally, APIs are used by (at least) two distinct sets of employees:
- Your own staff, who will use an API to access data stored on the cloud, and
- The staff of your cloud service provider.
Unfortunately, many APIs still have security vulnerabilities, most often giving cloud storage providers undue levels of access to your data. It emerged a few months ago, for instance, that both Facebook and Google stored user passwords in plaintext, and that these could, therefore, be read by staff within those organizations.
Considering that the 2019 Online Security Survey by Google and Harris Poll shows that more than two-thirds of respondents reuse their passwords across multiple accounts, that’s particularly worrisome.
How to Protect Your Business From This Cloud Security Threat: Choose Vendors Carefully
Mitigating the threat presented by insecure APIs means choosing a cloud storage vendor carefully. A quality vendor will adhere to OWASP API security guidelines, and also be able to provide you with data on the number of attacks they have seen, and the number they have defeated.
Cloud Threat #5: Misconfigured Cloud Storage
DivvyCloud recently highlighted another common threat in cloud systems: misconfiguration, which can lead to data being left unsecured. Some companies don’t change the default security settings on their cloud storage; others allow their data to be stored in large and confusing structures in which it is easy to leave particular files unprotected. A good example of the dangers of misconfigured cloud storage is the National Security Agency’s (NSA) mishap, a mistake that made a number of top secret documents available to everyone via an external browser.
Such cloud vulnerabilities are exacerbated by the sheer number of systems that are now connected to cloud storage. Most companies will now use the cloud for all of their operational processes — from certificate management and email outreach and marketing automation to small business phone and messaging systems. Managing data flowing to the cloud from multiple endpoints can be a challenge for even the most experienced admins.
How to Protect Your Business From This Cloud Threat: Check Your Configuration Settings (and Then Verify Them Again)
For most companies, ensuring that your cloud storage is configured correctly will be a question of speaking to your cloud storage vendor, and seeking assurances (and potentially legal assurances) that these have been set up correctly. You should ensure that you have an understanding not only of your cloud storage system, but also of all the systems that you use alongside it that could compromise its security.
A quality cloud storage provider will take the time to assess how you use your cloud storage, and the other systems you use alongside it, and highlight any potential risks and cloud vulnerabilities that this gives rise to.
Prepare for the Future with Cloud Security
The present moment — with the world battling a global pandemic — might seem like a strange time to reassess your cloud security. But, in reality, this is a necessary step, and there’s no better time than the present.
None of the cloud security threats above are new, but they’re more important than ever as employees are forced to work from home. As a result, encryption is essential to defend against as are regular audits of who has access to your cloud storage and choosing a high-quality cloud provider.
Ultimately, by using this opportunity to improve your cloud security, you will also be protecting your data, staff, and customers in the long term. This will set you and your organization up for a successful future.