Cloud security helps organisations protect networks, endpoints, and applications from various malicious attacks, sophisticated cybercriminals, ransomware, and advanced persistent threats. The main forces driving growth in the cloud security market are increasing adoption of BYOD and IoT technology, more cloud-based security services, more demand for cloud computing, and the emergence of smart cities.
The increased digital identity of all firms and the growing trends of BYOD and IoT have resulted in massive growth in advanced cyberattacks, thus creating the need for more cloud-based security services. This is particularly true in retail, where cloud security services are continuously being deployed to protect customer-sensitive data and the digital identities associated with each customer.
The cloud security market is expected to expand at a 25.5 percent compound annual growth rate and become a $12.73 billion market by 2022, according to MarketsandMarkets. Asia-Pacific offers the strongest growth opportunities due to a strong SMB presence in the region that is turning toward cloud security services to protect against advanced persistent threats.
From compromised credentials to misconfigured containers to the excessive use of privileged accounts, here's a look at six of the biggest cloud security threats technical experts are worried about this year.
Improperly configured containers
Containers have taken the enterprise by storm over the past 18 months, but organizations don't really understand how to properly configure them, according to Matt Chiodi, Palo Alto Networks' chief security officer, public cloud. Nearly half of business accept traffic to a Kubernetes pod from any source, Chiodi said, which is akin to opening the firewall on a traditional server and allowing access to anyone.
Some 15 percent of companies, meanwhile, aren't using identity and access management policies to control access to their Kubernetes instance even though it's offered natively by the cloud providers, Chiodi said. Containers offer organizations amazing benefits around portability, Chiodi said, but as with any new technology, companies are struggling to configure it properly.
Containers are often deployed with the default security configurations, which Chiodi said is a problem since they're configured out of the box to be user-friendly rather than security-friendly or risk-focused. Chiodi recommended that businesses use the CIS (Center for Internet Security) benchmarks when deploying Docker or Kubernetes.
Not properly caring for account or subscription credentials poses a significant risk to businesses since an adversary could use that to compromise a company's entire digital operation, according to Tim Jefferson, Barracuda Networks' SVP of data protection, network and application security.
If a threat actor gets in and has root user credentials to a subscription, Jefferson said the scope of nefarious activities could increase to the point where they delete the entire data center with a single key. When moving to the public cloud, Jefferson said firms must instrument identity from the outside, starting with access control and ensuring everything's done correctly before deploying any services.
Businesses need to understand where their credentials are and how they're managed since an adversary with a credential can delete all of a company's data and infrastructure, Jefferson said. Most hackers have found that the best way of monetising their credential access is through bitcoin mining since it's more difficult to detect than stolen data, Jefferson said.
Weak identity and access management safeguards
As organizations go to the cloud, they need to revisit the fundamentals of their identity and access management (IAM) strategy to ensure it's robust enough to integrate across two or three different public cloud as well as between five and seven different SaaS providers, according to David Cass, IBM's global partner and competency leader for cloud security.
Specifically, Cass said that businesses should ensure their IAM tools federate identity across all of the providers so that access to certain clouds isn't cut off. The IAM program should have multiple forms of integration, Cass said, as well as good visibility around monitoring identities and credentials.
Protecting the credential store is a particular vital element of the IAM strategy since cloud breaches typically stem from compromised credentials, Cass said.
Excessive use of privileged accounts
Issues around privileged users get lifted and shifted from the existing on-premise environment into the cloud when companies migrate, according to Mike Sprunger, Insight Enterprises' senior manager of cloud and network security. But the stakes are higher, since privileged users have a greater scope of control in a cloud deployment since it's a wide-open platform, Sprunger said.
Having attribution around privileged accounts is vital, so Sprunger urged companies to stop allowing their employees to use shared accounts, especially if those accounts are privileged. And third-party vendors wanting admin-level privileges to support their customers is a problem in and of itself, Sprunger said.
Sprunger acknowledged that some third-parties need to have one-time access to the logs, if only for the purpose of performing audits. If third-parties are given elevated access, Sprunger said the business needs to watch what we're doing and keep an eye on the logging or auditing system to ensure there's no problem in the environment.
Misconfigured cloud storage
Sensitive data continues to be exposed by cloud storage misconfigurations on AWS and Elasticsearch even though the issue is easy to address, according to Tim Erlin, Tripwire's VP of product management and strategy. These types of misconfigurations happen all the time of internal networks, but Elin said it's less of a big deal in those instances since they're not exposed on the internet.
But the stakes are higher when it comes to cloud-based technologies means that configuration management challenges can result in outside leaks, Erlin said. Specifically, Elin said that misconfigurations can result in data being exposed to more people, with hackers not having to do any work whatsoever to gain access to the sensitive data.
There are tools on the market that identify misconfigurations, Erlin said, with AWS adding features that clearly indicate when storage has been made publicly accessible.
Lack of visibility
Learning to use the cloud well across the development, operations, and security cycles requires a significant investment of both time and money, and it often takes customers a while to mature, according to Chris Noell, Alert Logic's SVP of product.
The first step in the cloud journey is often the unleashing of a development team or opening up an application, during which time security might not be top of mind, Noell said. Customers on the road to cloud maturity often end up having developers make mistakes, but frequently lack visibility into the fact that a mistake was made, Noell said.
If an organisation is running a test environment with completely innocuous data, Noell said a configuration error may not be that important. But for everyone else, part of the cloud maturity journey is getting the right processes in place for secure implementation, and Noell recommended a tool that provides visibility into configuration status and identifies holes that haven't been patched up.