Organisations in Singapore are increasing their reliance on the cloud. Nearly nine in ten organisations in the country are using cloud services, with about 70% taking a hybrid cloud approach.
Singaporean companies are adopting the cloud for many reasons. Computing, increased functionality, and data storage can all be achieved at a fraction of the cost on the cloud, where companies can easily scale their usage to optimise their expenditure without the need to invest in expensive hardware or hire maintenance teams to secure and run on-premises servers.
However, the data needs to be secured, regardless of whether it is stored on-premises or in the cloud. Threat actors are increasingly targeting cloud environments, where confusion about security responsibility and accountability between cloud service providers and the customer often leaves security gaps and data exposed.
Cloud installations require a shared responsibility model. The service provider is responsible for securing the infrastructure, physical network, and hypervisor. The organisation is responsible for securing its operating system (OS), account, data, and network. Relying on the developer – rather than a security expert – to secure the data is a bad idea, as they focus on developing new applications and services rather than securing data.
Types of threats
Threat actors are always after high-value targets and hence tempted by the credit cards being processed on the cloud, the customer data that is stored there, and the health information healthcare companies store about their patients. Customer and healthcare data can easily be encrypted and exfiltrated by threat actors and held for high ransoms, while credit cards can be stolen and sold by threat actors on the dark web to other cybercriminals that use sophisticated schemes to generate fast cash.
See also: Keys to achieving human-centred automation testing
There are several common threat vectors that need to be protected by your security team.
1. Misconfigured resources
“Your cloud environment is as secure as its configuration”
See also: Human element still important for effective mass communication
Misconfigurations are settings within the cloud application that control things like access and sharing rules. In a typical cloud setting, there may be hundreds of configurations that need to be constantly monitored to protect against configuration drift.
These configurations are tricky. Each cloud environment uses its own terminology, which makes it impossible to develop a one-size fits all security policy. Furthermore, those using hybrid or multi-cloud environments must have a deep understanding of each of these settings to enable the different clouds to work together.
A misconfiguration relating to access control, for example, can inadvertently expose entire databases full of information to anyone with the right link. There have been several cases in the past where the storage buckets were publicly accessible without any authentication.
2. Compromised access keys and credentials
Access keys and credentials are used to control which users have access to the cloud, as well as the level of access within the system that they have. If an access key is compromised through a phishing attack or some other way, threat actors can easily access the cloud at will.
Security teams using AI-enabled identity security tools can identify compromised access keys, and prevent major attacks like ransomware or data theft. These tools use different techniques to identify stolen access keys. In some instances, they might use IP information to identify a user who gained access from a specific IP address after attempting to access the cloud with multiple user IDs. It could also detect behavioural anomalies, such as a user downloading more data – or different types of data – than usual.
Once the threatening access has been identified, the security team can remove access from the user, and further harden their cloud security posture.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
3. Vulnerabilities in OS and applications
Just like on-premises services, cloud servers have OS such as Linux and Windows, and just like any OS, they also have vulnerabilities. When these are exploited, threat actors can gain an initial footprint or assist in larger attacks such as privilege escalation, lateral movement, or others. Similarly, cloud applications provided by cloud service providers are also known to have vulnerabilities (not tracked/ recorded very actively) that can be exploited.
Thus, vulnerability management in the cloud environment is equally important to reduce the attack surface and make the cloud environment less lucrative of a target by the threat actors.
4. Hybrid and multi-cloud risks
As mentioned earlier, hybrid and multi-cloud installations introduce additional risk factors to cloud security. In the case of hybrid installations, the on-prem instance is connected to the cloud instance, while multi-cloud installations use services from multiple cloud providers.
In each of these circumstances, there is a risk of a threat actor breaching either the on-prem or cloud installation. Once there, they can work to expand their access and move laterally into the connected installation.
Securing Your Cloud Environment
CNAPP is a cloud-native application protection platform. It provides a clear line of sight into the cloud throughout the lifecycle of the cloud from development to production, as it simplifies assessment, monitoring, detecting, and acting on any cloud threat or vulnerability. Similar to an extended detection and response (XDR) security platform, CNAPP should be an open-architecture platform that includes multiple tools from multiple vendors to create a best-in-breed approach.
CNAPPs help organisations reduce risk by identifying cloud misconfigurations, automating security-related tasks, and providing visibility for hybrid and multi-cloud environments.
Prateek Bhajanka is the APJ Field CISO Director at SentinelOne