Each year, the Cloud Security Alliance (CSA) releases its Top Threats to Cloud Computing study to raise awareness of key risks and vulnerabilities in the cloud and promote strong security practices.
The latest edition, The Egregious 11, ranks the top eleven cloud threats and provides recommendations for security, compliance, risk and technology practitioners. This installment reflects the widespread surge in cloud use and overall maturation in organizations understanding of cloud environments. However, it hints at continued over-reliance on cloud vendors to protect workloads, a troublesome trend we also observed in the CyberArk Global Advanced Threat Landscape 2019 report.
The CSA recorded a drop in rankings of traditional cloud security issues under the responsibility of cloud service providers such as denial of service, shared technology vulnerabilities and CSP data loss suggesting these issues are less of a concern for organizations than in years past. The biggest threats now come from issues like misconfigurations and insufficient identity access management where the customer is solely responsible for security.
As organizations utilize the cloud to enable remote work and accelerate digital transformation, there is a need to understand where potential security risks exist and address them head on. Heres a look at five of the Egregious 11, along with steps organizations can take to strengthen their security posture. To explore all 11 cloud security challenges, along with CSA recommendations, check out the full study.
Data Breach
With the average total cost of a data breach now at $3.92 million, its unsurprising this is ranked as the number one cloud threat. Cyber attackers are after data particularly personal information and data accessible via the Internet is the most vulnerable asset to misconfiguration or exploitation. As more data shifts to the cloud, effectively protecting it begins with the question, Who has access to this?
Misconfiguration and Inadequate Change Control
Misconfigurations including granting excessive permissions or unchanged default credentials occur when computing assets and access are set up incorrectly. Misconfiguration of cloud resources is a leading cause of data breaches and can result in deleted or modified resources and service interruptions. The dynamic nature of the cloud makes traditional change control approaches for proper configuration extremely difficult.
To overcome cloud misconfiguration maladies, the CSA urges organizations to embrace automation tools that can continuously discover issues like unmanaged privileged accounts and instances to prevent misuse.
Insufficient Identity, Credential, Access and Key Management
The cloud introduces a host of changes and challenges related to identity and access management (IAM) and particularly to privileged access management (PAM), since privileged credentials associated with human users as well as applications and machine identities are exceptionally powerful and highly susceptible to compromise in cloud environments.
Once an attacker obtains privileged credentials, they can gain full access to sensitive databases, or even to an organizations entire cloud environment. Attackers know this. Many recent attacks targeting IaaS and PaaS environments have exploited unsecured credentials, resulting in cryptojacking, data breaches and destruction of intellectual property and other sensitive data.
The CSA stresses the need for strict IAM controls for cloud users and identities including following the principle of least privilege to protect privileged access to high-value data and assets. It also notes that cloud access keys (e.g., AWS access keys, Google Cloud keys and Azure keys) must be rotated and centrally managed, while unused credentials or access privileges are removed.
Account Hijacking
Using phishing methods, vulnerability exploitation or stolen credentials, malicious attackers look for ways to access highly privileged accounts in the cloud, like cloud service accounts or subscriptions. Account and service hijacking means full compromise: control of the account, its services and the data within. The fallout from such compromises can be severe from significant operational and business disruptions to complete elimination of organization assets, data and capabilities.
To protect against account hijacking, the CSA recommends defense-in-depth and strong IAM and PAM controls, such as credential lifecycle and provisioning management and segregation of duties.
Insider Threats
Malicious insiders can be current or former employees, contractors or other trusted third parties who use their access to act in a way that could negatively affect the organization. Since insiders have legitimate access, pinpointing potential security issues can be extremely difficult and remediating incidents can be costly. According to the Ponemon Institutes 2020 Cost of Insider Threats Study, the average global cost ofinsider threatsrose by 31% in two years to $11.45 million and the frequency of incidents spiked by 47% in the same time period.
Whether its a privileged user abusing their level of access or inadvertently misconfiguring a cloud resource, having a PAM program in place to protect from these insider abuses is paramount.
Dont Be An Egregious Offender. Secure Your Cloud with PAM
The cloud has fundamentally changed the notion of privilege. Now, even ordinary user credentials in the cloud and DevOps environments can hold as much power as administrator-level credentials do for other types of systems. Add in a complex and highly dynamic mix of machines and applications and the privilege-related attack surface grows dramatically.
Poor cloud security practices will inevitably lead to a breach or failed audit and force organizations to slow down something that simply isnt an option in the always-on, ultra-competitive digital era.
Strong privileged access controls help ensure that humans, applications and machines have only the necessary levels of access to sensitive applications and infrastructure to do their jobs and that activities occurring within the cloud environment arent risky (or if they are, privileged access controls enable SecOps teams to take swift action).
If youre looking for more in-depth guidance beyond the CSAs initial recommendations, tap into these actionable steps for protecting privileged access in cloud environments.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from CyberArk authored by Justyna Kucharczak. Read the original post at: https://www.cyberark.com/blog/the-egregious-11-examining-the-top-cloud-computing-threats/
Visit link:
The Egregious 11: Examining the Top Cloud Computing Threats - Security Boulevard
- Roundup Of Cloud Computing Forecasts, 2017 - Forbes - May 3rd, 2017 [May 3rd, 2017]
- RCom arm in tie-up for cloud computing - Moneycontrol.com - May 3rd, 2017 [May 3rd, 2017]
- How Do You Define Cloud Computing? - Data Center Knowledge - May 3rd, 2017 [May 3rd, 2017]
- 5 Cloud Computing Stocks to Buy - TheStreet.com - May 3rd, 2017 [May 3rd, 2017]
- Cloud Computing Continues to Influence HPC - insideHPC - May 3rd, 2017 [May 3rd, 2017]
- Red Hat's New Products Centered Around Cloud Computing, Containers - Virtualization Review - May 3rd, 2017 [May 3rd, 2017]
- Adobe bets big on cloud computing for marketing, creative professionals - Livemint - May 3rd, 2017 [May 3rd, 2017]
- Verizon sells cloud services to IBM in 'unique cooperation between ... - Cloud Tech - May 3rd, 2017 [May 3rd, 2017]
- How Cloud Computing Is Turning the Tide on Heart Attacks - Fortune - May 3rd, 2017 [May 3rd, 2017]
- Hospital CIOs see benefits of healthcare cloud computing - TechTarget - May 3rd, 2017 [May 3rd, 2017]
- Trends In Cloud Computing - Business Solutions Magazine - June 6th, 2017 [June 6th, 2017]
- A deeper dive into cloud security as a service: Advantages and issues - Cloud Tech - June 6th, 2017 [June 6th, 2017]
- OpenText buys cloud computing firm for US$103 million - TheRecord.com - June 6th, 2017 [June 6th, 2017]
- Belfast IT firm celebrates cloud computing success in 57 countries ... - Belfast Telegraph - June 6th, 2017 [June 6th, 2017]
- Meet The Cloud Wars Top 10: The World's Most-Powerful Cloud-Computing Vendors - Forbes - June 6th, 2017 [June 6th, 2017]
- How to approach cloud computing and cyber security in 2017 - Information Age - June 6th, 2017 [June 6th, 2017]
- CFOs have discovered the big stick of cloud computing - InfoWorld - June 6th, 2017 [June 6th, 2017]
- Belmont Stakes Odds 2017: Latest Vegas Betting Lines Before Post Positions Draw - Bleacher Report - June 7th, 2017 [June 7th, 2017]
- Cloudistics Announces New Cloud Computing Program That Enables High Margin Reoccurring Revenue Models for ... - Marketwired (press release) - June 7th, 2017 [June 7th, 2017]
- CloudCheckr, cloud computing company expects rapid growth in Rochester - WXXI News - June 7th, 2017 [June 7th, 2017]
- IBM Losing Facebook's WhatsApp as Cloud Customer, says CNBC - Barron's - June 7th, 2017 [June 7th, 2017]
- What My Father Taught Me About Cloud Computing - Virtualization Review - June 7th, 2017 [June 7th, 2017]
- Workday Phenomenon Goes Global As Cloud Computing Goes Mainstream - Forbes - June 7th, 2017 [June 7th, 2017]
- New Cloud Computing and IT Outsourcing Requirements in the Financial Sector - JD Supra (press release) - June 9th, 2017 [June 9th, 2017]
- 3 Things You Should Know About Cloud Computing Right Now - Fortune - June 9th, 2017 [June 9th, 2017]
- Learning in the Sky: Collaborative Robots Embrace Cloud Computing - Machine Design - June 9th, 2017 [June 9th, 2017]
- Best Practices To Manage Your Hybrid Cloud - Forbes - June 9th, 2017 [June 9th, 2017]
- Here's how venture capitalists are thinking about cloud computing companies and technologies - GeekWire - June 9th, 2017 [June 9th, 2017]
- Amazon is helping veterans find jobs in cloud computing - Marketplace - Marketplace.org - June 9th, 2017 [June 9th, 2017]
- New Cloud Computing and IT Outsourcing Requirements in the Financial Sector - Lexology (registration) - June 9th, 2017 [June 9th, 2017]
- Growing Patent Claim Risks in Cloud Computing - Lexology (registration) - June 9th, 2017 [June 9th, 2017]
- The benefits of cloud computing, Rust 1.18, and intelligent tracking prevention in WebKit SD Times news digest ... - SDTimes.com - June 9th, 2017 [June 9th, 2017]
- Edge Computing Is New Cloud Computing Tech Investors Should Track - GuruFocus.com - June 9th, 2017 [June 9th, 2017]
- Real Estate Weekly: Digital Realty Becomes A Cloud Computing Giant - Seeking Alpha - June 9th, 2017 [June 9th, 2017]
- Virtualization admin? Pivot -- pivot now -- to a cloud computing career - TechTarget - June 10th, 2017 [June 10th, 2017]
- Why isn't Cloud Computing in the 2017 Belmont Stakes? - FanSided - June 11th, 2017 [June 11th, 2017]
- Cloud Computing Companies Move Into Medical Diagnosis (GOOG, IBM) - Investopedia - June 11th, 2017 [June 11th, 2017]
- China's cloud industry moving to new era with emergence of unicorns - TechNode (blog) - June 12th, 2017 [June 12th, 2017]
- Terry Crews Is On Crackdown 3 Trailer, No Cloud Computing For Single Player - EconoTimes - June 12th, 2017 [June 12th, 2017]
- The Risks and Perquisites of Cloud Computing - DATAQUEST - June 12th, 2017 [June 12th, 2017]
- Alibaba Cloud announces launch of data centres in India and Indonesia - Cloud Tech - June 12th, 2017 [June 12th, 2017]
- Indonesia banks have yet to implement cloud computing - Jakarta Post - June 13th, 2017 [June 13th, 2017]
- 'Sweden is heaven for cloud computing': Amazon Nordic chief - The ... - The Local Sweden - June 14th, 2017 [June 14th, 2017]
- Amazon.com to open second government cloud-computing region ... - The Seattle Times - June 14th, 2017 [June 14th, 2017]
- Shadow raises $57 million for its cloud computing service for ... - TechCrunch - June 14th, 2017 [June 14th, 2017]
- Amazon Still Leads Cloud Rankings, But Competition Is Coming On Strong - Fortune - June 16th, 2017 [June 16th, 2017]
- Alibaba to enter European cloud computing market in mid-2017 | Air ... - Air Cargo World (registration) - June 17th, 2017 [June 17th, 2017]
- Alibaba to enter European cloud computing market in mid-2017 - Air Cargo World (registration) - June 17th, 2017 [June 17th, 2017]
- Pressing Tech Issue: Enterprise Software Vs. Cloud Computing? - Credit Union Times - June 17th, 2017 [June 17th, 2017]
- 7 Tips for Securely Moving Data to the Cloud - Government Technology (blog) - June 20th, 2017 [June 20th, 2017]
- Chinese tech giant Alibaba joins key open-source cloud computing foundation - GeekWire - June 20th, 2017 [June 20th, 2017]
- Microsoft Could Surpass Amazon in Cloud Computing This Year (AMZN, MSFT) - Investopedia - June 20th, 2017 [June 20th, 2017]
- GDS Holdings Limited (GDS) Announces Strategic Partnership with Tencent Cloud - StreetInsider.com - June 20th, 2017 [June 20th, 2017]
- Cloud first - Philippine Star - June 20th, 2017 [June 20th, 2017]
- Three Considerations for Reducing Risk in Cloud Computing - CIOReview - June 21st, 2017 [June 21st, 2017]
- Cloud Computing and Digital Divide 2.0 - CircleID - CircleID - June 21st, 2017 [June 21st, 2017]
- Microsoft will ride artificial intelligence, cloud computing to higher ... - CNBC - June 21st, 2017 [June 21st, 2017]
- Cloud-Computing Business Lifts Oracle's Profit -- Update - Fox Business - June 21st, 2017 [June 21st, 2017]
- Report affirms continued cloud spend for US businesses in 2017 - Cloud Tech - June 22nd, 2017 [June 22nd, 2017]
- Catching up with an interconnected federal cloud - GCN.com - June 22nd, 2017 [June 22nd, 2017]
- Cloud-Computing Business Lifts Oracle's Profit -- 2nd Update - Fox Business - June 22nd, 2017 [June 22nd, 2017]
- Cisco adapts to the rise of cloud computing - The Economist - June 22nd, 2017 [June 22nd, 2017]
- Amazon accuses Walmart of bullying in cloud computing clash - BBC News - June 22nd, 2017 [June 22nd, 2017]
- Companies plan to spend more on cloud computing services this year, higher prices among drivers: Clutch - Canadian Underwriter - June 23rd, 2017 [June 23rd, 2017]
- Survey: businesses ramp up spending on cloud computing DC ... - DC Velocity - June 24th, 2017 [June 24th, 2017]
- Morgan Stanley: Cloud computing is at 'an inflection point' but how big will it get? - GeekWire - June 26th, 2017 [June 26th, 2017]
- How the cloud has changed education and training - TNW - June 26th, 2017 [June 26th, 2017]
- Cloud computing key to 4th industrial revolution - News VietNamNet - VietNamNet Bridge - June 26th, 2017 [June 26th, 2017]
- Lady Eli, Cloud Computing Among Workers for Brown - BloodHorse.com (press release) (registration) (blog) - June 26th, 2017 [June 26th, 2017]
- Microsoft signs cloud-computing partnership with Box - The Seattle Times - June 27th, 2017 [June 27th, 2017]
- Microsoft Signs Cloud Computing Partnership with Box - CIO Today - June 30th, 2017 [June 30th, 2017]
- US action on Microsoft email case could devastate cloud computing - Irish Times - June 30th, 2017 [June 30th, 2017]
- Cloud computing challenges today: Planning, process and people - TechTarget - July 2nd, 2017 [July 2nd, 2017]
- Five podcasts to catch up on the latest trends in cloud computing - TechTarget - July 2nd, 2017 [July 2nd, 2017]
- Microsoft reportedly set to lay off thousands as part of massive sales reorganization - GeekWire - July 3rd, 2017 [July 3rd, 2017]
- VMware to surge more than 20 percent because the Amazon cloud ... - CNBC - August 25th, 2017 [August 25th, 2017]
- Google Unveils Custom Hardware Chip for Cloud - Investopedia - August 25th, 2017 [August 25th, 2017]
- Cloud Computing Confirmed for Travers | TDN | Thoroughbred Daily ... - Thoroughbred Daily News - August 25th, 2017 [August 25th, 2017]
- Why 2017 Is The Year To Understand Cloud Computing - Nasdaq - August 25th, 2017 [August 25th, 2017]
- Biz Cloud Computing - Four States Homepage - August 25th, 2017 [August 25th, 2017]