While cloud quickly became an essential tool, allowing businesses and employees to continue operating remotely from home, embracing the cloud can also bring additional cybersecurity risks, something that is now increasingly clear. Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use of cloud applications meant that suddenly this wasn’t the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools. Cloud computing security threats While it brings a number of positives for workers, remote working also presents an opportunity for cyber criminals, who have quickly taken advantage of the shift to attempt to break into the networks of organisations that have poorly configured cloud security. Corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password – by stealing them via a phishing email or using brute force attacks to breach simple passwords – and they’re in. Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s harder to detect unauthorised access, especially considering how the rise of hybrid working has resulted in some people working different hours to what might be considered core business hours. Attacks against cloud applications can be extremely damaging for victims as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services – no matter where they’re working from – while also being able to use them efficiently. Use multi-factor authentication controls on user accounts One obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services. “One of the things that’s most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power,” says Christian Arndt, cybersecurity director at PwC. Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts. Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers. Use encryption The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn’t involve simply uploading data to the cloud and forgetting about it. There’s an extra step that businesses can take to protect any data uploaded to cloud services – encryption. Just as when it’s stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen. Apply security patches as swiftly as possible Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn’t make it invulnerable to security vulnerabilities and cyberattacks. Critical security patches for VPN and RDP applications have been released by vendors in order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren’t applied quickly enough, there’s the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks. Cybersecurity agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and UK National Cyber Security Centre often issue alerts about cyber attackers exploiting particular vulnerabilities. If the vulnerability hasn’t already been patched, then organisations should react to the alerts immediately and apply the updates. Use tools to know what’s on your network Companies are using more and more cloud services – and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposed without an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk. In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches. “Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there’s something in the system that means more can be exploited for compromise purposes,” says Merritt Maxim, VP and research director at Forrester. SEE: Network security policy (TechRepublic Premium) CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human – especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure. “You don’t have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company. Ensure the separation of administrator and user accounts Cloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services. It’s, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised. It’s also important to ensure that regular users who don’t need administrative privileges don’t have them, because – in the event of account compromise – an attacker could quickly exploit this access to gain control of cloud services. Use backups as contingency plan But while cloud services can – and have – provided organisations around the world with benefits, it’s important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach – and that’s especially true if extra security measures haven’t been applied. SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief That’s why a good cloud security strategy should also involve storing backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there’s something there for the company to work with. Use cloud applications that are simple for your employees to use There’s something else that organisations can do to ensure the security of cloud – and that’s provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them. A business could set up the most secure enterprise cloud suite possible, but if it’s too difficult to use, employees, frustrated with not being able to do their jobs, could turn to public cloud tools instead. This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn’t have two-factor authentication or other controls in place to protect their personal account. Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole. Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security.
MORE ON CYBERSECURITY
Cloud computing in the real world: The challenges and opportunities of multicloudUnsecured servers and cloud services: How remote work has increased the attack surface that hackers can targetLinux malware attacks are on the rise, and businesses aren’t ready for itBosses think that security is taken care of: CISOs aren’t so sureThese researchers wanted to test cloud security. They were shocked by what they found