WITH businesses rapidly moving to cloud to accommodate remote workforce demands, understanding the unique security challenges posed by the transition is essential for risk management.
While the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources can also create complexity for IT and cybersecurity teams.
IBM security services' Cloud security competency leader, Abhijit Chakravorty said: "The cloud holds enormous potential for business efficiency and innovation, but also can create a 'wild west' of broader and more distributed environments for organisations to manage and secure".
According to International Data Corporation, more than a third of companies purchased more than 30 types of cloud services from 16 different vendors in 2019 alone and the distributed landscape means unclear ownership of security in the cloud, which creates policy "blind spots" and potential for shadow IT which introduce vulnerabilities and misconfiguration.
In recent data examining top challenges and threats impacting cloud security released by IBM Security, it was indicated that the ease and speed cloud tools deploys can also spell trouble for security teams.
The case-study analysis included basic security oversight issues, including governance, vulnerabilities, and misconfigurations, which remain as some of the top risk factors organisations should address for a more secured cloud-based operations.
"When done right, cloud can make security scalable and more adaptable – but first, organisations need to let go of legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation wherever possible. This starts with a clear picture of regulatory obligations and compliance mandate, as well as the unique technical and policy-driven security challenges and external threats targeting the cloud," adds Chakravorty.
In order to get a better picture of the new security reality as companies quickly adapt to hybrid, multi-cloud environments, IBM Institute for Business Value (IBV) and IBM X-Force Incident Response and Intelligence Services (IRIS) examined the unique challenges impacting security operations in the cloud, as well as top threats targeting cloud environments. Top findings include:
Complex ownership: 66 per cent of respondents surveyed say they rely on cloud providers for baseline security; yet perception of security ownership by respondents varied greatly across specific cloud platforms and applications.
Cloud applications opening the door: The most common path for cybercriminals to compromise cloud environments was via cloud-based applications, representing 45 per cent of incidents in IBM X-Force IRIS cloud-related case studies. In these cases, cybercriminals took advantage of configuration errors as well as vulnerabilities within the applications, which often remained undetected due to employees standing up new cloud apps on their own, outside of approved channels.
Amplifying attacks: While data theft was the top impact of the cloud attacks, hackers also targeted the cloud for crypto-mining and ransomware – using cloud resources to amplify the effect.
The case-study analysis of security incidents over the past year also sheds light on how cybercriminals are targeting cloud environments with customised malware, ransomware and more.
WHO OWNS SECURITY IN THE CLOUD?
According to the survey, responding organisations that relied heavily on cloud providers to own security in the cloud, despite the fact that configuration issues – which are typically users' responsibility – were most often to blame for data breaches.
"Based on the trends in our incident response cases, it's likely that malware cases targeting the cloud will continue to expand and evolve as cloud adoption increases. Our team has observed that malware developers have already begun making malware that disables common cloud security products, and designing malware that takes advantage of the scale and agility offered by the cloud," said IBM X-Force IRIS, Charles DeBeck
Additionally, perceptions of security ownership in the cloud for surveyed organisations varied widely across various platforms and applications. For example, the majority of respondents (73 per cent) believed public cloud providers were the main party responsible for securing software-as-a-service (SaaS), while only 42 per cent believed providers were primarily responsible for securing cloud infrastructure-as-a-service (IaaS).
While this type of shared responsibility model is necessary for the hybrid, multi-cloud era, it can also lead to variable security policies and a lack of visibility across cloud environments. Organisations that are able to streamline cloud and security operations can help reduce this risk, through clearly defined policies which apply across their entire IT environment.
MATURING CLOUDSEC CAN LEAD TO FASTER SECURITY RESPONSE
While the cloud revolution is posing new challenges for security teams, organisations who are able to pivot to a more mature and streamlined governance model for cloud security can help their security agility and response capabilities.
It is also found that organisations that ranked high maturity in both Cloud and Security evolution were able to identify and contain data breaches faster than colleagues who were still in early phases of their cloud adoption journey.
As the cloud becomes essential for business operations and an increasingly remote workforce, IBM Security recommends the following elements to help improve cybersecurity for hybrid, multi-cloud environments:
Establish collaborative governance and culture: Adopt a unified strategy that combines cloud and security operations – across application developers, IT Operations and Security.
Take a risk-based view: Assess the kinds of workload and data you plan to move to the cloud and define appropriate security policies. Start with a risk-based assessment for visibility and create a roadmap for phasing cloud adoption.
Apply strong access management: Leverage access management policies and tools for access to cloud resources, including multi factor authentication, to prevent infiltration using stolen credentials as well as restrict privileged accounts and set all user groups to least-required privileges to minimise damage from account compromise (zero trust model).
Have the right tools: Ensure tools for security monitoring, visibility and responses are effective across all cloud and on premise resources.
Automate security processes: Implementing effective security automation in the system to improve detection and response capabilities, rather than relying on manual reaction to events.
Use proactive simulations: Rehearse for various attack scenarios; this help identify where blind spots may exist, and also address any potential forensic issues that may arise during attack investigation.