Cloud services are increasingly coming under fire. It is essential to close virtual gateways for cybercriminals, explains Christine Schönig, Regional Director Security Engineering CER, Office of the CTO at Check Point Software Technologies.
Dangers lurk in the clouds.
With the rise of hybrid working models, companies increasingly shift workloads (IT service units with a specific task) to the cloud. While this change offers excellent benefits in terms of flexibility and scalability, it also entails increased risks for security and compliance. A simple misconfiguration can expose your entire organization to threat actors who can access your critical data or launch ransomware attacks.
Gartner predicts that by 2025, 99 percent of cloud security problems will be due to human error. When organizations are increasingly dependent on third parties such as AWS, Microsoft Azure, IBM, and Google Cloud Platform to manage their data securely, concerns about cloud vulnerabilities and general misconfigurations are likely to increase. Add to this knowledge and talent gaps that only add to fears about cloud security.
The cloud provider provides basic cloud security, but it is up to the companies to secure their data within the cloud. This is no easy feat, mainly since many large enterprises now use three or four cloud platforms as part of a multi-cloud strategy.
Attacks on cloud service providers are increasing.
The past year has seen a spate of attacks exploiting vulnerabilities in the services of industry-leading cloud providers, as the results of Check Point’s 2022 Security Report clearly show. These are usually critical vulnerabilities in the cloud infrastructure that are very difficult to secure. Cybercriminals aim to gain complete control over a company’s cloud infrastructure or entire IT. This can have devastating consequences for the companies affected.
The OMIGOD vulnerability, which opened the floodgates for cyberattacks on cloud services in 2021, is a warning example. In September, four critical vulnerabilities were discovered in Microsoft Azure’s software agent, allowing users to manage configurations in remote and on-premises environments. An estimated 65 percent of the Azure customer base was left vulnerable to this vulnerability, putting thousands of organizations and millions of endpoints at risk. This OMIGOD vulnerability allowed threat actors to remotely execute arbitrary code on an organization’s network and gain root privileges, effectively allowing them to take over the web.
Microsoft fixed the vulnerability as part of the September 2021 update, but the company’s automatic fix appeared to be ineffective for several days. Other vulnerabilities in Microsoft Azure cloud services were uncovered throughout the year, including the “ChaosDB” vulnerability, which allowed cybercriminals to gain root privileges by retrieving multiple internal keys that eventually enabled them to access databases and accounts from managed target companies. Companies vulnerable to this particular “gateway” included Coca-Cola, Skype, and even security specialist Symantec.
Locking the doors and strengthening internal security
Improving cloud security is about having the services of the right solutions and fostering a security-first mindset. Enterprises need to ensure that the “doors” to their applications and data are firmly closed. To this end, identity and access management should be coordinated and the principle of “least privilege” implemented so that data is only accessed when strictly necessary.
Cloud security becomes even more complex with multi-cloud environments. Therefore, all cloud security across vendors should be consolidated into one solution that monitors all malicious activity while also reducing the workload through automation. Safety should be introduced at the earliest stage of application development.
The service shift to the cloud will only accelerate as organizations see many benefits. So it’s time to take a responsible approach to security and compliance, thereby increasing IT security. It’s a daunting task but combined with the right solutions to secure cloud networks, supported by artificial intelligence and automation, and it reduces the workload involved in preventing threats.