The “cloud” has become a fixture in our society since it became mainstream in the early 2000s. Cloud computing can be used for nearly everything: backup and recovery (e.g. Dropbox), communication (Skype, WhatsApp), productivity (Microsoft Office 365, Google Docs), scalable usage (Netflix), business process (Salesforce), social networking (Facebook, LinkedIn, Twitter), and more.
Quick refresher: what exactly is the cloud again? As Re/code explains, “The cloud refers to software and services that run on the Internet, instead of locally on your computer. Most cloud services can be accessed through a Web browser like Firefox or Google Chrome, and some companies offer dedicated mobile apps.”
While cloud computing comes with several advantages – you can access info on any device with an internet connection, collaborate with colleagues on the same document, store a lot of data at a low cost – it also come with many pitfalls, such as it being vulnerable to ransomware.
In the past year, Britain’s National Health Service, San Francisco’s light-rail network, and FedEx were all victims of ransomware attacks. According to MIT Technology Review, cloud computing businesses will be a big target for ransomware in 2018.
“The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved,” MIT Technology Review says.
Ransomware isn’t the only big security threat for cloud computing – the Cloud Security Alliance (CSA) recently released a report covering the top 12 security threats to cloud computing in 2018. CSA conducted a survey of industry experts to identify top concerns to cloud security.
Cloud Security Alliance’s 2018 report on the 12 biggest threats to cloud computing
CSA is a nonprofit organization “dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.” Their 2018 report, “The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights,” focused specifically on the on-demand nature of cloud computing.
The following 12 issues are ranked in order of severity per survey results:
- Data Breaches
- Insufficient Identity, Credential and Access Management
- Insecure Interfaces and APIs
- System Vulnerabilities
- Account Hijacking
- Malicious Insiders
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Vulnerabilities
We’ll highlight the first six this week, and go over seven through twelve next week.
1. Data Breaches
A data breach might be the main goal of a targeted attack or may simply be the result of human error, application vulnerabilities or poor security practices. This could involve information not intended for public release, such as personal health information, financial information, personally identifiable information (PII), trade secrets and intellectual property.
A business’s cloud-based data might be valuable to different parties for various reasons: organized crime often seeks financial, health, and personal info to carry out fraudulent activities; competitors and foreign nationals may be seeking proprietary information, intellectual property, and trade secrets; activists may want to expose information that can cause damage or embarrassment. While the risk of data breach is not unique to cloud computing, it consistently ranks as a top concern for cloud customers.
2. Insufficient Identity, Credential and Access Management
Cyberattacks and data breaches often occur due to lack of scalable identity access management systems, failure to use multifactor authentication, weak password use, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates.
“Malicious actors masquerading as legitimate users, operators or developers can read/exfiltrate, modify and delete data; issue control plane and management functions; snoop on data in transit or release malicious software that appears to originate from a legitimate source,” CSA states. “As a result, insufficient identity, credential or key management can enable unauthorized access to data and potentially catastrophic damage to organizations or end users.”
3. Insecure Interfaces and APIs
Software user interfaces (UIs) and application programming interfaces (APIs) must be designed
to protect against both accidental and malicious attempts to circumvent policy.
“APIs and UIs are generally the most exposed part of a system, perhaps the only asset with an IP address available outside the trusted organizational boundary. These assets will be the target of heavy attack, and adequate controls protecting them from the Internet are the first line of defense and detection,” the report says.
4. System Vulnerabilities
System vulnerabilities are “exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or disrupting service operations.” With cloud computing, systems from various organizations are placed in close proximity to each other, and they are given access to shared memory and resources, creating a new attack surface.
5. Account Hijacking
While account or service hijacking is not new, cloud solutions add a new threat to the landscape.
“If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information and redirect your clients to illegitimate sites. Your account or service instances may become a new base for attackers. From here, they may leverage the power of your reputation to launch subsequent attacks,” according to CSA.
With stolen credentials, attackers can often access critical areas of cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services. Attackers can leverage account access to steal data, impact cloud services and systems, damage the reputation of tenants and more, the report states.
6. Malicious Insiders
A “malicious insider threat” to an organization, as defined by CERN, is a “current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.”
A malicious insider, such as a system administrator, can access potentially sensitive information. From IaaS to PaaS and SaaS, a malicious insider can have increasing levels of access to more critical systems and eventually to data. Systems that depend solely on the cloud service provider (CSP) for security are at greater risk here, the report says.
However, it’s important to note that that the “insider threat” does not always involve malicious actors. Insiders might not necessarily be malicious but are “just trying to get their job done”; for example, they might accidentally upload a customer database to a public repository.