The recent report by Palo Alto Networks reveals that 80% of security threats exist in cloud environments, compared to 19% in on-premises ones. It revealed that one of the reasons for such a discrepancy is that cloud ecosystems are more dynamic. On average, companies change more than 20% of externally accessible cloud services monthly, which increases attack surface risks.
Fortunately, companies can mitigate some cloud risks in advance by adopting proper security measures themselves or with the help of providers of cloud services. This article provides three professional tips on how businesses can secure their ever-changing cloud ecosystems.
1. Improve Visibility Across the Cloud
Most companies use a variety of cloud services and tools from different providers. As these services grow in numbers, it becomes increasingly difficult to understand which of them are used and when. This lack of visibility leads to multiple security risks, like misconfigurations, which can become potential entry points for hackers.
Additionally, without proper visibility, companies can’t fully control the expansion of shadow IT, or software resources that are used without a security team’s approval. This is another critical risk factor, as these resources typically don’t meet a company’s data protection standards.
Here are some recommendations to avoid the highlighted security challenges:
Conducting a cloud asset inventory
A company can begin by analyzing its existing cloud assets (web services, containers, storage, databases, etc.) to determine potential security risks. They need to pay particular attention to security information and event management (SIEM) and firewall logs to determine which cloud services are used within their organization.
Then, decision-makers can collect feedback from employees to understand which of these services are essential to their work. Services that pass the security team’s review can be added to the list of cloud applications approved for employee usage.
To mitigate shadow IT, companies should conduct such an assessment at least once or twice a year. In addition, we recommend implementing a centralized cloud asset management tool to keep track of new solutions from different cloud service providers.
Monitoring cloud-based apps and services
Inventory can only help you discover some of the cyber risks. To ensure strong security, IT professionals must continuously monitor their cloud assets to detect any threats at application (database and services) and infrastructure (storage and computing resources) levels.
For instance, companies can utilize cloud monitoring tools offered by their cloud provider like Amazon CloudWatch or Azure Monitor. These monitoring tools can collect data from an entire cloud ecosystem (such as events, metrics, logs, etc.) and visualize it in dashboards, helping IT specialists quickly identify suspicious activities and other issues.
Companies can also implement dedicated tools for configuration tracking. For example, AWS users can adopt an AWS Config service to log any configuration changes and alert corporate IT specialists in case of problems and inconsistencies.
Adopting artificial intelligence tools
We recommend companies enhance their monitoring stack with AI and ML-based tools from AWS, Azure, or Google Cloud. AI can help process data much faster, allowing companies to monitor their cloud ecosystems in real time. For example, Amazon GuardDuty uses ML algorithms to analyze various events from DNS, Amazon CloudTrail, and Amazon VPC logs and delivers anomaly reports via a unified dashboard.
2. Mitigate the Human Factor
Employees are a common entry point for hackers that target a cloud ecosystem, with 74% of security breaches involving the human element according to Verizon’s 2023 Data Breach Investigations Report.
To reduce the impact of human factors on cybersecurity, companies should opt for a zero-trust security model, which implies that every user, service, or app is potentially malicious. This, in turn, means that companies must control user access to features and data more strictly to reduce the potential attack surface.
Using the RBAC framework, companies can assign roles to users to limit access based on their positions and functions within organizations. These roles can range from “administrator” with almost unlimited access to any systems to “reader”, who can view specific resources but is not permitted to modify them.
Suppose a company uses Azure cloud; in that case, it can utilize Azure RBAC, a default and free platform feature that determines which user groups can access and manage virtual machines, virtual networks, SQL databases, and so on. In turn, For companies using AWS, a combination of RBAC and ABAC (attribute-based access control) would be more suitable. The ABAC implies using attributes to define access rights which can provide an additional security level.
In addition, we recommend conducting regular employee training and teaching them to identify and respond to the most common threats, such as pretexting, phishing, and tailgating. Companies can even initiate phishing simulations to test employees’ security awareness.
3. Don’t Neglect Common Security Practices
Lastly, companies should not neglect using well-known yet proven security practices such as multi-factor authentication (MFA). Although MFA adoption is growing yearly, more than a third (36%) of corporate users still don’t rely on it, which creates unnecessary cloud security risks.
Fortunately, implementing MFA is relatively easy, especially for cloud platform users. For example, Google Cloud’s customers can add MFA to their cloud apps by using the Cloud Identity and Access Management (IAM) dashboard in the Google Cloud Management Console, while IBM customers can use IBM Cloud App ID to add phone or email-based MFA.
Final Thoughts
By nature, cloud ecosystems are flexible and dynamic, and this is a great cyber security risk in itself. As companies replace existing cloud services and implement new ones, they expand the attack surface, putting corporate and customer data at risk.
The practices described above – running cloud inventory and continuous monitoring and implementing measures like RBAC and MFA – are great ways to mitigate most modern cyber risks in advance. Nevertheless, decision-makers should remember that no practice is a silver bullet, especially given the rate at which new vulnerabilities emerge. So these practices should preferably become a part of a comprehensive cloud security strategy, constantly reviewed and updated for emerging threats and new business goals.