Security Operations (SecOps), which is challenging enough in the data center, becomes even more difficult in the cloud. Issues include a shortage of skilled people and a proliferating number of security technologies. Taking a reactive approach is not realistic; organizations must get ahead of attacks to stay protected.
Public clouds run on a shared security model, with the customer responsible for access control and security countermeasures in a continually shifting environment. As the customer implements new cloud technologies like cloud-based containerization and data lakes, they are on the hook for defending themselves against a range of unique, cloud-specific threats. These include attempts to penetrate “leaky” cloud storage buckets, cloud console takeovers, cloud DDoS ransom, compromises of Office 365, and more.
Organizations Are Facing Major Cloud Security Threats
Appealing as the cloud may be for its flexibility and economic benefits, cloud infrastructures present serious security challenges. These include the shared security model, the rapid release of new cloud features, access control issues, and more.
Statistics from McAfee reveal problems on a massive scale:
- The average organization has 2,200 individual IaaS misconfiguration incidents per month.
- 24% of organizations are missing high-severity patches in their public cloud environments.
- 27% of organizations have users with compromised public cloud accounts.
The Top Cloud Security Challenges
Cloud Security Challenge 1: New Cloud Security Threats
The cloud opens up new attack surface areas, ranging from smaller vulnerabilities to entirely new types of cyber threats.
- “Leaky bucket” cloud storage that leaves sensitive data exposed.
- Cloud console takeovers that give hackers control of the entire cloud.
- Cloud-based email like Office 365 brings spear phishing, account takeovers, and business email compromises that can result in financial or IP theft.
- SaaS services that can be hijacked through failures from the SaaS provider or internal users.
The cloud presents a range of new security risks, from smaller vulnerabilities to entirely new types of threats.
Cloud Security Challenge 2: Managing the Impact of the Shared Responsibility Security Model
Cloud customers work within the shared responsibility security model.
The CSP is responsible for securing its infrastructure and network. Their SecOps team monitors the computing, storage, and network hardware composing the cloud platform. The customer, in turn, is responsible for their own data and application security, including the patching and access control issues that arise with working in the cloud.
This shared responsibility model makes a great deal of sense. The CSP cannot be expected to know which users are authorized to use the software installed in the customer’s cloud. Nor is it realistic for the CSP to remember the specifics of how the customer wants to secure its data and applications.
However, the shared responsibility model leads to a lot of problems too. At a minimum, the cloud becomes yet another digital asset SecOps has to monitor by installing cloud-based versions of on-premises SIEM systems, intrusion detection systems (IDSs), and other security tools.
Cloud Security Challenge 3: Rapid Changes and High-Volume Feature Releases
CSPs frequently introduce new features and solutions to attract new customers and keep existing customers from defecting. Some of these changes can have huge impacts on SecOps. For instance, a CSP might launch a complete Internet of Things (IoT) management platform along with a data analytics service to go with it. That’s fine – right up until someone in the business decides to take advantage of this new feature without telling SecOps...and in doing so, inadvertently exposes their network and data to hundreds or thousands of untracked and unsecured devices.
The relentless pace of change makes it hard for SecOps to keep up.
Cloud Security Challenge 4: Immaturity of IaaS and SaaS Security
CSPs make many security tools available in their cloud platforms, such as virtual web application firewalls and cloud-based IDSs. However, these CSP security offerings tend to be immature or incomplete compared to their traditional data center counterparts. This gap leads to SecOps teams having to install and manage their own tools.
Unfortunately, cloud resources can be exceptionally challenging to configure. A single flaw may expose the organization to massive risks.
Cloud Security Challenge 5: Protecting against Cloud-Specific Threats
The cloud is vulnerable to all of the same threats as on-premises infrastructure but comes with its own unique risks.
- Multitenant architectures used by CSPs create an additional layer of vulnerability. An attacker could use Spectre or Meltdown to access data on multiple VMs hosted on the same cloud hardware.
- Human error is always a huge problem, but the cloud magnifies common mistakes into organization-wide vulnerabilities. Simple configuration errors can leave entire databases unprotected. These mistakes often result from application testing or other processes that require the use of a database in a nonproduction environment and are easily missed by SecOps teams...often because they’re never even made aware of these test instances.
- Advanced persistent threats (APTs) are often based in the public cloud, so that they can infiltrate an organization’s cloud assets laterally.
- Insider threats are also particularly common and devastating in cloud environments because access can be so far-ranging. If monitoring and access controls are deficient, insiders can conduct malfeasance and fraud on a broader basis than they might on-premises.
Cloud Security Challenge 6: Managing Access Control
Who accessed what? That’s one of the most critical questions facing SecOps teams as they analyze session logs and reports.
Deciphering the access control map becomes more complicated in the cloud. Users may get in using a “side door” by accessing digital assets remotely without having to pass through the corporate network. Cloud access security brokers (CASBs) can help, as can identity access systems that have been set up for cloud use.
Using cloud deployments can inadvertently set up side-door access to critical data and systems.
Cloud Security Challenge 7: Handling Hybrid and Multicloud Architectures
Few organizations are 100% in the public cloud. Many businesses have data across on-premises, public, and private cloud architectures. Others have applications and data that span AWS, Azure, and Google cloud. Such hybrid cloud architecture sets up a tricky security dynamic for SecOps to track by requiring many overlapping and repetitive systems for multiple cloud instances, further increasing the possibilities for human error and the need for automation.
Cloud Security Challenge 8: People Shortage
A shortage of skilled, available, and affordable SecOps personnel is becoming an increasingly urgent issue for almost every security organization that’s working in the cloud.
80% of security professionals say it is becoming increasingly difficult to find people with the skills they need.
And 68% say this skills shortage is impacting their security operations.
Midmarket firms are stuck in an especially difficult position. They urgently need to move to the cloud for reasons of business agility but struggle with recruiting and retaining enough SecOps team members with strong cloud skills to support their ambitions.
Manage the Latest Cloud Security Threats with Next-Gen MDR
Managing the latest cloud security threats is challenging, but it is possible using Next-Generation Managed Detection and Response (Next-Gen MDR). These solutions use artificial intelligence (AI) to provide robust monitoring, threat anticipation, and threat hunting.