Often, I find that only a handful of organizations have a complete understanding of where they stand in today’s threat landscape. That's a problem. If your organization does not have the ability to identify its assets, threats, and vulnerabilities accurately, you’re going to have a bad time.
A lack of visibility prevents both IT and security
administrators from accurately determining their actual exposure and limits
their ability to address their most significant risk on premise. However,
moving computing workloads to a publicly hosted cloud service exposes
organizations to new risk by losing direct physical control over their
workloads and relinquishing many aspects of security through the shared
responsibility model.
Cloud-y With a Chance of Risk
Don’t get me wrong; cloud environments make it very easy for companies to quickly scale by allowing them to spin up new resources for their user base instantly. While this helps organizations decrease their overall time to market and streamline business process, it also makes it very difficult to track user permission and manage resources.
[You may also like: Excessive Permissions are Your #1 Cloud Threat]
As many companies have discovered over the years, migrating
workloads to a cloud-native solution present new challenges when it comes to
risk and threats in a native cloud environment.
Traditionally, computing workloads resided within the organization's data centers, where they were protected against insider threats. Application protection was focused primarily on perimeter protections via mechanisms such as firewalls, intrusion prevention/detection systems (IPS/IDS), web application firewall (WAF) services and distributed denial-of-service (DDoS) protection, secure web gateways (SWGs), etc.
However, moving workloads to the cloud has presented new risks for organizations. Typically, public clouds provide only basic protections and are mainly focused on securing their overall computing environments, leaving individual and organizations workloads vulnerable. Because of this, deployed cloud environment are at risk of not only account compromises and data breaches, but also resource exploitation due to misconfigurations, lack of visibility or user error.
[You may also like: Ensuring Data Privacy in Public Clouds]
The Details
The typical attack profile includes:
- Spear phishing employees
- Compromised credentials
- Misconfigurations and excessive permissions
- Privilege escalation
- Data exfiltrationли>
The complexity and growing risk of cloud environments are placing more responsibility for writing and testing secure apps on developers as well. While most are not cloud-oriented security experts, there are many things we can do to help them and contribute to a better security posture.
[You may also like: Anatomy of a Cloud-Native Data Breach]
Recent examples of attacks include:
- A Tesla developer uploaded code to GitHub which contained plain-text AWS API keys. As a result, hackers were able to compromise Tesla’s AWS account and use Tesla’s resource for crypto-mining.ли>
- js published an npm code package in their code release containing access keys to their S3 storage buckets.ли>
Mitigating Risk
The good news is that most of these attacks can be prevented
by addressing software vulnerabilities, finding misconfigurations and deploying
identity access management through a workload protection service.
With this in mind, your cloud workload protection solution should:
[You may also like: Embarking on a Cloud Journey: Expect More from Your Load Balancer]
There are many blind spots involved in today’s large-scale cloud environments. The right cloud workload protection reduces the attack surface, detects data theft activity and provides comprehensive protection in a cloud-native solution.
As the trend around cybercriminals targeting operational technologies continues, it's critical to reduce organizational risk by rigorously enforcing protection policies, detecting malicious activity and improving response capabilities while providing insurance to the developers.
Read “The Trust Factor: Cybersecurity's Role in Sustaining Business Momentum” to learn more.
Download Now