The use of cloud computing applications has grown significantly in the last two years as the Covid-19 pandemic forced many organisations to adapt to remote working.
Many of those businesses may never go back to being fully on-premises, either because they are switching to a permanently remote model or a hybrid model where employees balance their time between working remotely and working from the office.
It’s easier than ever for enterprises to take a multicloud approach, as AWS, Azure, and Google Cloud Platform all share customers. Here’s a look at the issues, vendors and tools involved in the management of multiple clouds.
While this has brought benefits, the increased use of cloud applications and services also brings security risks. Employees can now access corporate applications from anywhere — and that can be exploited by cyber criminals.
A successful phishing email attack, or a leaked or easily-guessed username and password, could provide an attacker with access to a user account and a gateway to the entire network. And because the user is remote, potentially malicious activity might not get picked up until it’s too late, if at all.
Hybrid cloud is becoming increasingly common in enterprises, because using multiple different public and private clouds can provide benefits when it comes to agility and combining different providers to optimise environments and workloads throughout the organisation. There’s also the benefit that if one cloud service suffers an outage, the business can keep operating, because there’s the ability to keep running from multiple services.
But just as cloud usage brings additional security risks if not managed correctly, this is multiplied in a hybrid cloud environment.
“This complexity and these differences can lead to the opportunity for adversaries,” says Kevin Bocek, VP Security Strategy and Threat Intelligence for Venafi.
The ease of setting up cloud computing accounts means it can be done by anyone — developers, administrators or other IT staff. This can be often be done without the involvement, or even knowledge, of security teams.
“We’re dealing with this new environment where security teams don’t have control, and they have to really change the way that we’ve been trained for the last 20 or 30 years,” says Bocek.
Some organisations, when deploying cloud based services, may believe that the security element is handled entirely by the vendor, when this often isn’t the case.
That can lead to misunderstandings about configuration and issues surrounding the security of potentially internet-facing services — and the data that could be exposed if such services aren’t secured properly.
“What we’ve observed during our investigations is also a lot of misconfiguration in the cloud, and it’s coming back to the lack of skills, and ability for the people to really understand what they are doing. They are just clicking ‘next’, and they are not really looking at what they’re doing. At the end of the day, they might expose interesting information for the attacker,” says David Grout, EMEA CTO at Mandiant,
As a cybersecurity company, Mandiant is often called to investigate security incidents, a quarter of which involve public cloud assets. Like any other software, cloud-based platforms need their security managed — and that starts with applying patches and security updates as soon as possible after they become available.
One of the most important things that can be done to stop attacks is to apply multi-factor authentication to all users of all cloud services. That additional barrier can protect against the vast majority of attacks that attempt to steal identities required to access cloud services.