With the growing demand for remote work and the use of public cloud services, a new cost is generated by the adoption of new technologies: the increase in the attack surface of organizations. While offering many benefits that make it easier to do business, this new domain has made room for cybercriminals to run wild, with few IT professionals understanding exactly how to manage and secure a public cloud environment.
According to the Gartner, 95% of cloud security breaches are the fault of the organizations themselves. Simple oversights such as credential overprivileges, exposed remote access, and misconfiguration of database storage are some of the most common mistakes organizations make in the cloud that can leave customers vulnerable to ransomware attacks, exposing data to the public Internet and compromising workloads.
Cybercriminals are not only finding new ways to take advantage of these misconfigurations to gain access to an organization’s network through the cloud, but they are also extending techniques they already know work for this new attack vector. As customers move to cloud environments, so do cybercriminals, which means threats like ransomware are as common in the cloud as they are on local networks.
To develop an in-cloud security strategy we need to start with the basics: what does “shared responsibility” mean? There are many reasons you might decide to move to the public cloud, including: improved costs to your business, additional agility to scale up and down services on demand, or improve time-to-market for your products and services. But it can be a “double-edged sword”.
While providers like AWS, Azure, and Google provide a great deal of flexibility in how you can build your cloud environment, one of the consequences of this is that they cannot fully protect the data, virtual machines, or virtual networks running in those environments.
What this means is that providers have a duty to protect the cloud, including ensuring the physical security of the data center. But whatever you put in the cloud, whether it’s data or virtual machines, is entirely up to you. When you understand that you have a heavy responsibility to protect your data, you need a high level of visibility and security automation in these cloud environments. Among the main resources for this protection we must include:
- The ability to protect and view all of your cloud resources: You need to be able to get a complete inventory of environments across all your public clouds (virtual machines, storage, containers, user authentication, etc.). This will reveal deployments that are insecurely configured, suspicious access, and sudden spikes in cloud spending. You need to know in real time when an attack, for example, enables a new feature in your cloud without your authorization or when your database is improperly exposed to the internet, causing a great risk of data leakage.
- Cloud-native workload protection: Protect virtual machines and virtual desktops running on these machines against the latest threats, including ransomware, fileless attacks, and server-specific malware through the use of next-generation antivirus that have techniques modern and advanced protection (use of neural network, anti-ransomware/anti-exploit protection, deep machine learning etc.). Your cloud resources also need to be protected as they were on your local networks.
- Network edge protection: Secure inbound and outbound traffic to your virtual network and desktop environments, and provide secure remote access to private applications running in the cloud by implementing a virtual firewall in these environments. Consider adopting key features such as Intrusion Prevention System (IPS) and Web Application Firewall (WAF), as well as adopting VPN and ZTNA for more secure access to corporate resources and systems.
- Use a system of synchronized security and layered protections, where all the data, monitoring and management of the cloud are gathered in one place, facilitating not only administration, but also the identification of a possible attack taking place in your infrastructure. Cybercriminals use a variety of techniques to bypass defenses. They often try various approaches until they find a weakness that can be exploited. Be sure to defend against all possible attack vectors.
- Cloud data needs to be encrypted: Encryption is essential to preventing cybercriminals from seeing stored information and is a requirement for many compliance standards and security best practices.
When it comes to the public cloud approach, it’s critical to understand the shared responsibility model and which security tasks are managed by the provider and which tasks are managed by you. As cloud vendors’ security obligations can only go so far, it is important that all gaps are filled using the right tools to effectively manage and protect risk. A multi-tiered approach enables partners to ensure visibility, compliance and security of public cloud environments.