31 October 2019

As organisations embrace digital transformation and migrate operations and data to the cloud, too many overlook crucial security considerations which, if left unaddressed, could leave critical data and assets exposed to cyber-attacks.

 

The growing trend of public and private cloud adoption is driven by the pursuit of efficiency, agility and scalability. While these benefits are undeniable, digital transformation can also lead to a loss of control and additional complexity for security teams.

By 2020, Gartner forecasts that the number of organisations with more than half their data in the cloud will have more than trebled compared to 2018.

 

The challenge of digital transformation

 

Security professionals are tasked with defending their organisations against a vast range of cyber threats. As organisations grow and networks become increasingly fragmented across on-premise, cloud and hybrid networks, these problems are only compounded.

In light of the unique challenge of defending cloud infrastructure and applications against cyber threats, cloud security has now become a specialism in its own right, requiring not only purpose-built tools and technologies but also specialist skill sets.

 

Cloud security: a shared responsibility

 

Many cloud providers are making efforts to improve the security of their platforms and applications to help address customer security concerns, but organisations need to consider their own obligation to mitigate cloud security risks by ensuring that policies, processes and training procedures are in place.

One of the core principles of cloud security is that of shared responsibility, where security obligations are split between the provider and the customer. The Amazon Shared Responsibility Model, for example, mandates that while Amazon physically secures its infrastructure, AWS customers are responsible for securing their own applications and data.

Gartner research has indicated that the vast majority of security failures are attributable to customers rather than service providers. Many of these failures are entirely preventable. Cloud misconfiguration, for example, is a growing problem, with unsecured Amazon S3 buckets causing high profile breaches at organisations including Netflix and Ford.

Amazon, Microsoft and Google dominate the cloud market, but the ubiquity of these services means that badly configured servers can easily be spotted by cybercriminals. The process of setting up and securing servers is far from easy, and the pace of digitisation can often lead to serious oversights.

The interconnectedness of cloud environments can mean that a small weakness in one area can expose vast swathes of sensitive information in another. In the case of Capital One, for example, it is alleged that a misconfigured web application firewall exposed the personal information of over 100 million customers housed in AWS.

 

Why SaaS environments are at risk

 

More and more organisations are using SaaS application suites such as Office 365 and G Suite and many expect that they are secure by default, when in reality, most aren’t.

With more than 150 million active commercial monthly users, Office 365 is the most widely used cloud application suite in the world. This makes it a prime target for cybercriminals, with a growing number of attacks specifically targeting O365 users, and hackers constantly devising new ways to target them.

More sophisticated phishing campaigns, new malware infiltration techniques and tricks to circumvent default security controls are now more common than ever and recent research has suggested that a quarter of phishing scams bypass default O365 security controls.

Fake security alerts, meeting requests and email non-delivery notifications are just some of the ways criminals are attempting to trick O365 users into divulging their account passwords and conduct Business Email Compromise attacks.

 

The issue of cloud visibility

 

As if the challenge of cloud security wasn’t already an uphill struggle, it becomes all but impossible without visibility of network traffic, users and application activity.

Shadow IT – the use of software and applications by individuals without the knowledge of the IT department – is a problem faced by almost all organisations. With this in mind it is rarely possible to know where all of an organisation’s data resides.

Apps, if installed locally, will require regular updates and patching, which is unlikely to happen if their use is unknown. This can mean critical vulnerabilities remain unfixed, potentially allowing attackers to use them as a foothold to gain access to other systems and data.

The uptick in remote working and BYOD (Bring Your Own Device) can exacerbate this issue further, as more users access systems from outside the office using unapproved apps and unsecured devices.

Finding ways to improve visibility beyond the network perimeter is therefore essential. Many cloud service providers offer default detection capabilities for common attacks, but without specialist expertise they can often be mismanaged. Additionally, few organisations have the resources to monitor systems around-the-clock to identify genuine incidents.

 

How to improve cloud security

 

To make tangible improvements to cloud security, organisations can take a variety of steps.

Conduct regular security awareness training

Human error continues to be one of the most common causes of cloud breaches, so it is essential that employees and contractors understand their role in maintaining cloud security by undertaking regular security awareness training. Effective training should cover areas including password management, device management, social engineering and data protection, and be updated regularly to reflect the latest risks.

Enforce multi-factor authentication

A key step that organisations can take to improve cloud security is to enforce multi-factor authentication (MFA) across all cloud applications to prevent unauthorised account access. Enforcing MFA is usually relatively straightforward – a simple change in the Office 365 admin centre, for example.

Create dedicated application suite admin accounts

Accounts with elevated privileges are frequently targeted by cybercriminals. To limit the risk of these accounts being compromised, system admins should have separate personal accounts with only the necessary privileges for day-to-day operations, and high privilege accounts should be used only for specific admin purposes.

Prevent email auto-forwarding

A frequent tactic to compromise Office 365 and G Suite accounts is to set up email rules to automatically forward incoming and outgoing mail to external addresses, as was the case in a sophisticated BEC attack investigated by Redscan. Admin rules should be set up to block all users from creating forwarding rules to external domains.

Commission regular security assessments

Complete threat prevention is almost impossible to achieve so it is crucial to test each cloud environment’s defences to help identify and fix vulnerabilities before they are exploited by cybercriminals.

A CREST penetration test from an approved provider will help provide independent assurance of security controls, guide future investments and also support GDPR, ISO 27001 and PCI DSS compliance requirements. Cloud security provider rules of engagement should be consulted prior to any engagement to ensure testing is permitted and critical system security vulnerabilities are reported appropriately.

Monitor cloud environments for threats

One of the more challenging but crucial steps organisations need to take to improve cloud security is to build a capability to continuously detect and respond to threats.

Activating full audit logging in cloud application suites like Office 365 and G Suite could be a crucial first step to help identify unusual activity such as abnormal logins and unauthorised file changes. Cloud-native detection technologies such as next-gen SIEM and EDR tools are compatible with popular cloud environments, and these can help to improve visibility and respond to threats more promptly and efficiently.

 

Opting for a managed cloud security service partner

 

While there are straightforward steps all organisations can take to improve cloud security, the sheer complexity of defending fragmented hybrid and multi-cloud environments can be daunting. Most businesses lack the resources and specialist skillsets to perform regular cloud security assessments as well as 24/7 monitoring.

Many organisations are therefore turning to managed service providers to act as a virtual extension of their resources, to reduce the strain on internal teams and to help continuously identify and respond to threats.

 

Why choose Redscan?

 

Redscan is an award-winning provider of cloud security services, designed to help organisations make tangible, lasting improvements to the security of their cloud environments.
ThreatDetect™, our Managed Detection and Response service, combines industry-leading security expertise, the latest cutting-edge technologies and aggregated security intelligence to detect, respond to and remediate threats, 24/7.

Our experts work closely with customers to understand each organisation’s unique cloud security challenges and identify how to achieve the threat visibility needed. Utilising our deep knowledge of offensive security enables us to keep up with the latest adversarial tactics and continuously innovate to improve the effectiveness of our services in an ever-changing threat landscape.

Read more about our cloud security capabilities

 

Read more:

Redscan a winner at the Computing Security Awards for the fourth year running

What does it take to build a successful SOC?

Redscan shortlisted as double finalist at Storage, Digitalisation and Cloud (SDC) Awards

 

back to all posts