Cloud Misconfiguration: Your Biggest Public Cloud Security Risk
For many businesses, embracing a public cloud service such as Microsoft Azure or Amazon Web Services (AWS) is a smart and cost-effective way to establish cloud environments, without incurring the costs associated with maintaining their own cloud infrastructure. However, when a company embraces public cloud services, they will also be facing a number of new security risks.
Fundamentally, the biggest threat to your cloud security doesn’t come in the form of bots or zombie networks or hackers… it’s cloud misconfiguration. Based on our own estimates and analyses working with cloud-enabled companies, more than 70% have at least one major misconfiguration in their cloud environment which impacts security and may leave them vulnerable to more risk.
In short, due to the very public nature of cloud infrastructure, embracing the cloud means the security risks can potentially be more severe than those a company typically faces.
Cybersecurity In 2018: The Wild Wild Digital West
There is no doubt that various forms of cybercrime are on the rise, and have been for years. It becomes difficult to understate just how damaging cybercrime can be. According to Microsoft, cybercrime can now globally cost $500 billion per year, with an average attack costing a business $3.8 million dollars in combined damages, fees, and cleanup costs.
Nor is there any reason to think that this situation will change in the future. Juniper Research estimates global costs will be in the trillions within just a couple years.
Making matters worse, there is no such thing as “security through obscurity.” One of the single most incorrect – and damaging – myths about cybersecurity is that small businesses don’t have to worry because they’re too small to be noticed. This is entirely incorrect. SmallBizTrends estimates that at least 43% of cyber attacks are aimed specifically at small businesses.
In short, if you are online, you at at risk of cybercrime. Right now cybersecurity is truly a “wild west” situation. The only people you can rely on to protect you is yourself, and any security partners you can trust.
The Importance Of Keeping Your Pubic Cloud Environment Safe And Properly-Configured
So, it is clear that cloud security is something every cloud-enabled business needs to take seriously. In the case of public cloud servers, this can be difficult because of their "shared responsibility" security model. That is, responsibility for security is effectively split between two parties – yourself, and your public cloud provider. Your cloud provider will be taking care of physical security, as well as protection of their servers at a high level. You are responsible for configuration, access privileges, data, and other security measures that relate specifically to your account.
In future blog articles, we will be delving more deeply into security concerns for specific platforms, such as Azure and AWS. However, for now, these are some of the most critical – and most commonly misconfigured – aspects of public cloud systems.
1 – Not enabling logging and alerts
Knowledge is the foundation of all good security initiatives. Every cloud server should have logging enabled, so that you know at all times who is accessing your servers and what they are doing. This should be accompanied by automated alerts, sent via means like email or SMS, that will instantly notify your admin should unauthorized access be detected.
2 – Incorrect access rights
Access privileges are among the most critical elements of data security. No one should have access to more data than they need, given their role and relationship to you. Unfortunately, this is also one of the most common areas where mistakes are made. Storage buckets such as those on AWS, containing large amounts of miscellaneous information, are particularly prone to being misconfigured and, thus, open to abuse.
3 – Not watching for ephemeral resource use.
Once compromised, cloud resources can easily be spun up, accessed, then spun back down before administrators even know it. For example, DXC Technology were hit with a $64,000 bill because a management key was leaked onto GitHub. This allowed allowed threat actors to spin up over 200 virtual machines and use them for nefarious purposes. Admins should be vigilant in monitoring all resource use.
4 – Credential abuse.
Compromised credentials are the primary way in which threat actors take advantage of cloud environments. This is why two-factor authentication is so important, especially for cloud administrator accounts. This significantly reduces the viability of a single set of stolen credentials.
5 – Lack of Disaster Recovery / Business Continuance (DR/BC) planning.
You cannot abdicate responsibility for DR/BC planning to cloud vendors. At a bare minimum, always back up your own data. You should also have a plan for both data disaster recovery for business continuity in the case that your cloud infrastructure is compromised or becomes unavailable. The more you rely on cloud services for daily activities, the more important this planning becomes.
AuditWolf Makes Security Auditing Simple
Are you committing the 7 Deadly Sins of Azure Misconfiguration? Find out now. Download our latest whitepaper: The 7 Deadly Sins of Microsoft Azure Misconfiguration and How to Fix Them.
Topics: Cloud Configuration Management