researchHQ’s Key Takeaways:
- A lack of visibility over applications and workloads running in the cloud exposes organisations to a range of cloud security challenges and risks.
- Common challenges resulting from a lack of visibility in the cloud include the proliferation of shadow IT and cloud-native application misconfigurations.
- Employing measures that prioritise visibility, such as least-privileged access and continuous monitoring, helps organisations mitigate threats and vulnerabilities.
The big move to the cloud has already happened for majority of enterprises and organizations who are invested in providing unhampered, future-proof services. But how can they prioritize visibility in a cloud-first world?
The cloud is the digital world’s ground zero for transformation, innovation, and agility. Its vastness and power enable enterprises and organizations to keep up with high-resource demands and allow them to access mission-critical data anytime, anywhere.
With 85% of businesses worldwide using the cloud to store large amounts of information, it has proven its imperative value, especially during the onslaught of the Covid-19 pandemic. 87% of global IT decision makers attribute the speedy shift to the cloud to the unforeseen global health crisis: a move that proves helpful with economic resiliency. Because of the cloud, enterprises and organizations are able to keep the bulk of their employees working from home. Indeed, even after the pandemic, it is expected that the number of employees working from home (which has already quadrupled compared to before the pandemic started) will still be higher than the number in previous years. Today, organizations are already gearing up for a cloud-first world. In fact, banks and financial institutions are now working toward becoming fully cloud-powered by 2025.
Meanwhile, the big move to the cloud has already happened for majority of enterprises and organizations who are invested in providing unhampered, future-proof services. With a considerable number of people working remotely and accessing the cloud from different parts of the globe, however, the issue of visibility in enterprise cybersecurity has become more evident. In this context, how can enterprises prioritize visibility in a cloud-first world?
Post-migration threats and security risks in the cloud
Those who have already migrated to the cloud are by now enjoying increased connectivity, productivity, and efficiency. Still, there are many things that can be done on the cloud — such as data storage, big data analysis, app and software development, and video- and audio-streaming functionalities — which could cause a lot of moving parts and gaps that would need to be secured. In order to keep security strong, enterprises need to be aware of everything that they need to protect. After all, protecting what cannot be seen is difficult, if not impossible.
After seamlessly and securely migrating to the cloud, enterprises need to be aware of the visibility-related challenges and security risks associated with operating on it.
One of the challenges that affect visibility is having disparate buckets of compute resources. Most organizations make use of varying cloud providers, accounts, and services on top of their on-premises data centers. In fact, four out of five companies have two or more infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) providers.
To add, in a 2019 survey, over 51% of IT security practitioners shared that their organizations have separate identity and access management (IAM) interfaces for their cloud and on-premises environments. Having separate IAMs can be difficult to oversee, as it could allow unauthorized individuals to gain access to critical or sensitive information.
Meanwhile, 86% of companies make use of 11 different software-as-a-service (SaaS) providers, which include cloud-based apps like Gmail or Microsoft 365. The use of a variety of cloud services and apps is double-edged: While it is beneficial to productivity and efficiency, it also creates a complex web of cloud-powered services that is difficult to oversee without the proper tools and workforce.
Despite what they can bring with respect to streamlining operations, not all cloud apps are created equal. According to Netskope data from 2018, almost 93% of cloud applications that businesses use are not enterprise-ready. This means that they do not meet the standards specified in the Cloud Security Alliance’s Cloud Controls Matrix, which includes parameters for data security, access control, and privacy.
The spawning of multiple unsecured services (also referred to as shadow IT) is another security risk that affects visibility. In 2019, before the Covid-19 pandemic hit, a report from software company Igloo stated that 50% of employees use apps and infrastructures that are not approved by their companies to accomplish work-related tasks. As large numbers of employees started shifting to work-from-home (WFH) setups due to the pandemic in 2020, many of them resorted to using personal devices such as their own laptops, computers, or mobile phones for work.
Because the cloud enables speedy access to dynamic resources, developers are able to deploy new servers without having to bother with the hassles that are usually associated with deployment in an on-premises environment, such as provisioning and budgeting. On the other hand, security teams might also be unaware of all the virtual environments that are being spawned. As a result, they might not be able to apply all the necessary protections. Out of haste and in the aim of ensuring that services are able to communicate with one another seamlessly, these quickly deployed virtual private clouds (VPCs), virtual networks, and containers might be configured to have lax security provisions or none at all. It cannot be stressed enough that this is an unsecure practice that could lead to exposed public-facing services.
Because of very permissive configurations and bad coding practices, APIs that might contain sensitive data could become exposed for malicious actors to prey on. Exposed APIs, for instance, could be abused by cybercriminals to conduct remote code execution (RCE) and distributed denial of service (DDoS) attacks. Exposed containers could also lead to cryptocurrency mining, something that we recently observed with cryptocurrency-mining malware targeting both Linux systems and exposed Docker environments.
Cloud-native app development could also cause an increase in the use of and reliance on third-party libraries. In order to match the velocity needed to power these ever-evolving apps, developers often resort to the heavy use of open-source code, libraries, components, and software. Unfortunately, these could be riddled with vulnerabilities — ones that are actively targeted by malicious actors. In particular, Snyk research has determined that vulnerabilities in open-source components have increased in the past three years. It should be emphasized that the exploitation of these vulnerabilities could lead to compliance and security issues.
