Misconfiguration of a cloud resource can expose sensitive data or give cybercriminals access to IT and other resources.
As more organizations move to the cloud, securing your assets has never been so important.
Misconfiguration of a cloud resource can expose sensitive data or give cybercriminals access to IT and other resources.
Types of cloud compromises
Stolen credentials
If multi-factor authentication (MFA) is not enabled, cloud resources that are accessible via the internet are vulnerable to the use of stolen credentials, brute force attacks, and common password attacks.. Cybercriminals can also use phishing attacks aimed at IT administrators to gain access to the keys to cloud resources. if a user with an active session is compromised, the criminal can access the resource as if they were that user.
Misconfiguration
Moving to the cloud does not mean moving away from security duties: responsibility for security of cloud resources is shared between the customer and the provider. Using default settings, or not paying attention to configuration, can result in data storage or other resources being accessible to unauthorised users. Failure to enable logging and monitoring can make it harder to detect compromises early, and to investigate what occurred.
Vulnerabilities
As with software hosted in-house, services hosted in the cloud are also subject to security vulnerabilities. Furthermore, unsecured APIs can open cloud resources to the risk of a breach.
How to protect against cloud breaches
Identify all of your cloud apps
Consider deploying a cloud app security broker (CASB) to help you identify all cloud apps that are in use, and enforce your organization’s policies automatically.
Manage authentication
Enable MFA for access to cloud resources. Protect secrets, like keys to cloud resources, using tools designed to manage them (such as cloud-native password vaults).
Configure and audit access
Only grant such access as is absolutely necessary for a user (principle of least privilege). Restrict resources to internal sharing, using group policies to prevent unwanted sharing with external parties. Cloud providers now offer tools to audit configuration settings and help reduce risks of unauthorised access. Set default permissions for data repositories to private, or an equally restrictive setting.
Encrypt data at rest and in transit
Damage from unauthorised access can be reduced if data is encrypted.
Check cloud access logs regularly
If possible, send logs to your central repository. Set up rules to alert you of significant changes to configuration or unusual download activity.
Get a cloud security assessment
Many organizations benefit from external help to identify weaknesses in their cloud configuration.
How to respond to a Cloud Environment Compromise
We encourage policyholders who experience an actual or suspected cyber incident to notify us immediately.
CTA to Notify a Claim or Incident
Extended detection and response (XDR) tools
XDR tools go one step beyond endpoint detection and response (EDR) tools, to monitor and detect certain attacks on cloud resources.
Preserve evidence
Preserve logs for cloud resources before they roll over. If you have centralized logs, protect them and preserve a copy.
"ALARMING STATISTICS: US$4.1 million Average cost of data breaches resulting from cloud misconfiguration."
"Our Cloud Security practice can help you understand gaps as well as steps you can take to secure cloud assets."
