researchHQ’s Key Takeaways:
- Cloud misconfigurations, such as improper authorisation, expose organisations’ data and workloads to malicious attack.
- Under the shared responsibility model, cloud configurations are the responsibility of the organisation running workloads in the cloud, not the service provider.
- Organisations should regularly check, audit, and modify their configurations and user access rights within the cloud.
- Logging tools offered by cloud service providers help organisations understand what is happening in the cloud, allowing them to monitor, and respond to, unauthorised access.
- The best security solutions bolster the pre-set features offered by service providers to detect, prevent, and manage threats within the cloud.
Cloud security has become a significant issue as organizations increasingly move their workload to the cloud. Research into the safety of cloud-integrated workloads recently revealed that over 21,000 orchestration containers and application programming interfaces (APIs) were at risk, including popular applications such as Kubernetes, Marathon, RedHat OpenShift and Portainer. The worst security offenders discovered were 300 open administrator dashboards that did not require any means of authentication. This isn’t the first time that a misconfigured cloud has left organizations vulnerable to attacks. Some examples of cybersecurity incidents caused by a misconfigured cloud include the Alteryx breach, which exposed data on over 120 million households, and a recent incident in which misconfigured Google Groups settings left 9,600 organizations exposed.
The risks of cloud misconfiguration
Perhaps the most significant security consideration when it comes to a misconfigured cloud application is that it doesn’t take much technical knowledge to extract data or compromise an organization’s cloud assets. The worst cases of exposed data can often be attributed to simple human error rather than a concerted attack. For example, a recent security incident inadvertently exposed roughly 3.5 million records, which included user credentials, email addresses, Social Security numbers, and other confidential data. All of these records were easily available to anyone who had the desire to access them, without the need to use sophisticated tools or techniques. The nature of the data involved also meant that they could be used for malicious purposes or more complex attacks. Email addresses and Social Security numbers could be used to perform social engineering, while user credentials could be used to access even more accounts. In the case of containers or APIs, applications could be manipulated or even deleted, which could significantly affect an organization’s operations.
Configuration is a responsibility of the organization
Given that cloud services are offered by service providers that handle the hardware and back-end portions of the cloud, it’s easy to assume that they are also responsible for every aspect of security. The truth is that configuration is an aspect of the shared responsibility model of cloud security that often falls in the hands of the organization.
Businesses should not take cloud configuration lightly, nor should they assume that simply storing the data in the cloud makes it safe. Implementation of certain best practices can strengthen an organization’s cloud security and prevent their data from being publicly exposed:
Get to know your cloud. While added convenience is one of the main advantages of using cloud services, it doesn’t necessarily mean that implementing a cloud workload is a “plug and play” affair. A company’s IT staff should take the time to learn all the settings and permissions of its cloud service and take advantage of any integrated security features. While this might take some time and effort on the part of the IT staff, it is necessary for securing the platform.
