Organizations are increasingly developing new applications and migrating existing ones to a cloud environment to leverage capabilities like flexibility, security, instant access, scalability, and cost-effectiveness. There are many compelling reasons businesses and IT leaders replace legacy and on-premise IT solutions with cloud technology that accelerates innovation and supports emerging trends like remote work. According to Deloitte Insights, the cloud grew faster by some metrics in 2020 than the previous years due to increased demand driven by COVID-19, lockdowns, and work from anywhere. A Marc 2020 report predicts that more than 90 percent of global enterprises will be on the hybrid cloud by 2022. However, the broadly celebrated cloud computing presents an added level of risk since organizations outsource essential services to third parties, making it challenging to maintain data security and privacy. What are the principal vulnerabilities in the cloud?
Before jumping into the security issues faced in the cloud, it is essential to understand the current cloud security shared responsibility model. Safeguarding cloud workloads is customarily a shared responsibility between the customer organization and the cloud service provider, and dismissing any cloud security vulnerabilities will lead to data breaches and privacy violations. It is essential to note that the amount of responsibility per party depends upon the cloud service (infrastructure as a service, platform as a service, or software as a service) that an organization uses and the cloud model (private, public, or hybrid).
Regardless of the cloud service or model a business subscribes to, clients should understand some of the common security vulnerabilities and risks and enforce security controls to protect their cloud workloads from cyberattacks.
This article highlights the current predominant cloud security threats in 2021, together with real-world examples of attacks resulting from those threats:
1. Data Breaches
Cloud data breaches can occur when unauthorized individuals access cloud systems and exfiltrate data or disrupt systems. Research conducted by global intelligence firm IDC found that 80 percent of the companies surveyed had experienced at least one cloud data breach in the past 18 months. Nearly half of the organizations reported ten or more breaches. CISOs attribute cloud data breaches to other cloud security concerned that also made it to this list. Some of the causes include well-meaning insiders, malicious attacks, stolen or compromised credentials, and misconfigurations. Let us take one of the recent examples of cloud-based data breaches, the Capital One Financial Corporation incident in 2019. In this attack that resulted in a hefty fine of $80 million, an ex-employee at AWS illegally accessed the victim’s cloud servers using a misconfigured web application firewall and leaked the personal information of over 106 million customers.
Misconfiguring cloud settings is a leading cause of data breaches in the cloud. Cloud service providers typically design their infrastructure to be straightforwardly usable and allow easy data sharing. However, some organizations are unfamiliar with cloud deployments, resulting in misconfigurations that expose systems and data to breaches. An article on Infosecurity Magazine states that cloud breaches exposed a whopping 33.4 billion records in just two years, racking a staggering $5 trillion in costs to enterprises worldwide. Most of these exposures initially resulted from misconfigurations comprised of human errors that take place in key settings of portals and cloud components.
3. Account Takeover
The increased reliance on cloud-based services has contributed to a high number of online account hijacking. In this incident, a malicious actor hijacks and uses a stolen account’s information to conduct unauthorized activities, such as inserting false information, manipulating data, or redirecting clients to illegitimate sites. In most cases, hackers carry out account takeover through phishing, sending spoofed emails to users, or password guessing—account takeover damages a brand’s reputation and the relationships a business has with customers.
4. Insider Risks
Insider risks, either accidental or malicious activities, are a significant cloud security issue for organizations. A malicious insider with authorized access to an organization’s network and sensitive information can misuse their access to harm an organization. Businesses are, in most cases, are unprepared to spot and respond to insider threats. Seventy percent of respondents in a survey considered the insider threat riskier than an outside attack. When an attacker gains insider access, they can go undetected for months and cause severe, lasting damages.
5. Weak Access Controls
Unlike on-premise infrastructure secured in the organization’s network perimeter, cloud workloads are located on third-party locations and accessible from the public internet. Weak access controls grant attackers unauthorized access to cloud-based resources. Besides, compromised credentials enable hackers to gain direct access to cloud systems and data without the victim’s knowledge.
6. Insecure APIs
A myriad of software products uses APIs to communicate and interoperate with the knowledge of the internal workings of individual codes. For APIs to work, developers need to grant access to sensitive business information. A recent Akamai Report revealed that a full 83 percent of web traffic today is now API traffic. Dmitry Sotnikov, vice president of cloud platform at 42Crunch, attributes this API proliferation to microservices architectures and the general trend to cloud computing, mobile, IoT, and rich web apps. Most frequently, cloud system owners make APIs public to help with rapid adoption and enable developers and partners to access services and share data straightforwardly.
Unfortunately, developers sometimes implement APIs that lack adequate authentication and authorization. As Sotnikov says, “rapid, agile interactions of hundreds if not thousands of APIs within a single company makes it impossible for the security team to manually control and enforce security policies and best practices across all of them.” Dark Reading recently posted that some 66 percent of organizations say they have slowed deploying an app into production because of API security concerns.
7. DoS and DDos
Hackers can flood cloud systems with web traffic than their resources can handle at its peak, stalling operations entirely and making the service inaccessible to authorized customers and internal users. Indeed, distributed denial of service attacks (DDoS) is a significant security risk in a cloud computing environment, where multiple users share resources. At the same time, mitigating DDoS in cloud systems is a challenge due to the difficulty of distinguishing attackers’ requests from legitimate user activities. DDoS attacks will become common over the next few years, with Cisco predicting that the total number of DDoS incidents will double from 7.9 million recorded in 2018 to over 15 million by 2023.
8. Regulatory Compliance
The cloud technology adoption journey requires organizations to comply with new regulations. The stringent process involves collecting, storing, processing, and reporting more granular data across multiple assets and product classes. Additionally, expansion into new geographical locations creates additional regulatory challenges, resulting in a compliance burden. Ben Cole, TechTarget’s Executive Editor, remarks, “As the number of regulatory requirements grows and reporting requirements become more complex, the compliance burden will continue to be of utmost concern for organizations, especially those organizations that deal with commerce, healthcare, and research data.”
9. Vendor Lock-In
Another critical concern in a multi-cloud strategy is the fear of vendor lock-in. Organizations become dependent on a particular vendor for apps and services to the extent that the business cannot migrate to another vendor with acceptable operational impacts and switching costs. A real-world example is how Apple locked consumers into using iTunes in the early days of the service, since music purchased via the service could only be played within the cloud application or on an iPod. Flexera 2020 CIO Priorities report shows that 68 percent of CIOs are worried about vendor lock-in regarding the public cloud. A Fujitsu survey found that sourcing flexibility can help avoid vendor lock-in that remains a major hybrid IT adoption challenge.
10. Shadow IT
Shadow IT closes our list of the common cloud issues. Shadow IT involves using IT-related hardware or software without involving the IT or security group within an organization. With the rapid adoption of cloud-based services, users have become comfortable downloading and using applications and services to assist them in their work without involving IT teams. Cisco reveals that cloud services, especially SaaS, have become the biggest category of shadow IT. A recent Forbes Insights survey titled “Perception Gaps in Cyber Resilience: Where are Your Blind Spots?” found that more than 1 in 5 organizations have experienced a cyber incident due to an unsanctioned IT resource. Unfortunately, shadow IT presents serious security gaps since security personnel is not involved in vetting such shadow applications.
Protecting the Cloud
Cloud technology continues to provide numerous capabilities for organizations but also presents security concerns that cannot be mitigated using traditional security tools and strategies. Fortunately, businesses can turn to managed security services and other leading security experts to bolster cybersecurity and safely shift from legacy to modern cloud solutions hassle-free.