Addressing Blind Spots In Cloud Security
In 2020, several large firms were caught unaware by a cyberattack caused by a backdoor in the popular SolarWinds Orion network monitoring software. As many cloud-based solutions enable automatic updates, enterprises tend to miss reviewing software upgrades. This attack opened the eyes of enterprises to a new attack vector and highlighted the criticality of analyzing all third-party software for any possible vulnerabilities and the access rights they have.
The attacks have continued unabated in 2021. In January this year, network equipment manufacturer Ubiquiti had a data breach when unauthorized access to its database was given to a third-party cloud provider. In the same month, Pixlr, a popular free online photo editing app’s database containing more than 1.9 million user records were leaked by hackers,who were able to gain access, thanks to an unsecured AWS S3 bucket.
These are only a few examples of many breaches that happen on a daily basis.
As cloud-related workloads have increased, so have the number of enterprise security incidents. The quick transition to a remote model has created huge challenges for the IT team to ensure secure remote access. Another big downside to the increase in cloud adoption is that many organizations are unknowingly exposing their sensitive content to the Internet. This could include personally identifiable information, intellectual property, or healthcare and financial data. The leakage of data not only brings about reputation issues but also leads to serious regulatory compliance problems.
The rapid growth of the cloud has created another serious concern. The overnight shift to remote working has encouraged many enterprise users to use Shadow IT, SaaS-based applications that are used by employees, but without knowledge of the IT team. Gartner believes that an average of 30-40% of the purchases in the enterprise involves shadow IT.
Protecting sensitive data in the cloud is even more important today, as there is no boundary or physical control over who has access. If the security of a cloud service is breached in any way, attackers can gain access to confidential information or intellectual property.
DDoS attacks is another popular way among hackers to inundate a website or server with large volumes of traffic to deny access to legitimate users and cause them to crash. Cloud account hijacking, in which cloud credentials are stolen by a hacker, is another serious threat. Once the account is hijacked, hackers are able to conduct malicious activities including manipulating data, carrying out attacks, inserting malware or leaking confidential information.
Ensuring better cloud security
To reduce risk, organizations need cloud-centric network security solutions that provide visibility across all applications. This could also include the various SaaS applications that employees access on a daily basis. Applications could be given access using a risk-based approach for prioritization that takes into account data protection and compliance requirements. Security solutions must have the ability to stop unknown threats, including zero-day attacks, in real-time.
A zero-trust strategy can prove to be extremely beneficial in these times, as this assumes that no one can to be trusted – even internal users. This can ensure protection for a company’s most valuable assets. The zero-trust strategy must be holistic and reinforced on endpoints to ensure protection for remote working environments. Security can also be reinforced through a combination of identity-based authentication and granular access control capabilities.
Network segmentation can be another important strategy in the fight against hackers. This refers to an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This allows network administrators to control the flow of traffic between subnets based on granular policies. Ultimately, this improves monitoring, helps in boosting performance, and most importantly in enhancing security.
Security must also be embedded by design and must be a strong consideration during software development. DevSecOps could be a good consideration for enterprises that want to move in this direction. This integrates security into all stages of the software delivery process, ensuring that developers think about security when they write code. DevSecOps effectively shifts security inspection closer to when software is being developed and ensures that software is tested for security problems before it is deployed. Moreover, it helps IT teams to address security issues quickly if they appear after deployment.
In a fast-changing world, a disjointed, disconnected approach to securing the network perimeter no longer works. Many organizations have accumulated a huge number of security point solutions for different functions. This creates information overload and most organizations do not have the required number of security analysts to decipher these logs and arrive at an intelligent analysis. Hence, there is a need to consolidate different security systems and have an integrated approach. The security solution must have integrated and unified capabilities to ensure that protection is consistently enforced across all applications: across the network, cloud, and wherever the users and offices are.
