Cloud Security – Important security steps you need to implement
Once a wise man said, “Better Safe Than Sorry”
There are many instances where the vulnerabilities are exploited either due to the insufficient precautions taken by the companies or the superior expertise of the attackers.
In recent times, one of a major and well-known Indian food-service player came under such attack. We have kept the company name anonymous as this example is taken not to degrade the company but to simply understand and thereby learn from the simple mistakes which can very easily be prevented.
Lesson 01: Setup Backup
It is very obvious that when you are running operations at such a large scale, you always create the backup. But creating the backup on a different server was not so obvious, at least in this case. One of the major mistakes that this company committed was to back up the data in the same server. But once the server was breached, the data including the backup was doomed to be compromised. So, always create the backup of your data and create it in a place which is different from the original data.
Lesson 02: Setup Least Privilege Policies
Another vulnerability, in this case, was that access to most of its IT facilities was available online and on any device with internet access. This could have been one of the ways from where the attackers may have penetrated the system. It is always a good practice to restrict the access to on-premises company assets whenever possible and only to those employees who need to use the resources. Not putting all the data on the public domain is a wise decision. So, restrict the access of users on need basis and keep the data within the organization and restrict the public access as much as possible. It would be useful to use Privilege Identity Manager, Restrict Network access, Setup Location-based access policies to keep the vulnerabilities to the minimum.
Lesson 03: Encrypt your data
A very important lesson which is very evident in this case is that the company never encrypted any of its data. If the data was encrypted, then even if it was captured by the unauthorized accounts, it would not have leaked the sensitive information. So, a very important lesson here is to keep your data encrypted. This should be done for both in transit as well as at rest. This will ensure that even in the case of a data breach, your data is not accessible to the attackers.
Lesson 04: Use a strong password and change them frequently
According to the recent Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” It is very surprising to find the number of instances where the breach was caused due to not any sophisticated hacking technique, but with the help of simple guesswork. The Dropbox data breach resulting in 60 million user credentials being stolen started with an employee reusing a password at work – it’s that simple. Many hackers use a technique where they use many probable passwords and, in many cases, this technique works. A simple habit of choosing a strong password and changing it frequently goes a long way to save you from one of the most common vulnerabilities.
Lesson 05: Use Alerting and Monitoring systems
A constant monitoring of the surroundings of the business would be a robust way of protecting your organization from probable vulnerabilities. The organization should define the state of normalcy and setup alerting and monitoring systems in case of detection of any anomalies from the normal pattern. Web application firewall for Azure Application Gateway is one great example of such a robust system. Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. With this system in place, you can monitor attacks by using a real-time WAF log. The log is integrated with Azure Monitor to track WAF alerts and easily monitor trends. A WAF solution can react to a security threat faster by centrally patching a known vulnerability, instead of securing each individual web application. Existing application gateways can easily be converted into firewall-enabled application gateways.
We would like to mention one more not so famous, but very important example of cloud security of Code Spaces. Code Spaces is not a well-known company. Its hack didn’t affect millions of people. But It is interesting because it’s an example of a company put completely out of business by a single cloud security incident. The hacker compromised Code Spaces’ Amazon Web Services account and demanded a ransom. When the company declined, the hacker started destroying their resources until there was barely anything left.
We have identified the following 7 critical cloud security threats.
Data breach A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. The risk of a data breach is not unique to cloud computing, but it consistently ranks as a top concern for cloud customers. According to CSO Online, data breaches exposed 5 billion records in 2018.
DDoS attacks A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.
Insider threats Insider threats to cloud security are also underestimated. Most employees are trustworthy, but a rogue cloud service employee has a lot of access that an outside cyber attacker would have to work much harder to acquire. A recent research report noted, “53% of organizations surveyed confirmed insider attacks against their organization.”
Insecure APIs Application Programming Interfaces are important software components for cloud services. In many cloud systems, APIs are the only facets outside of the trusted organizational boundary with a public IP address. Exploiting a cloud API gives cyber attackers considerable access to your cloud applications. This can be a major challenge.
Account hijacking Using stolen credentials, attackers may gain access to critical areas of cloud computing services, compromising the confidentiality, integrity, and availability of those services.
Spectre & Meltdown Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.
Human error According to Jay Heiser, research vice president at Gartner, “Through 2020, 95% of cloud security failures will be the customer’s fault.” This then becomes the biggest chance of any vulnerability possible when it comes to security. So, once again the most important step that you can take to secure your cloud environment is to make sure that all the guidelines and procedures laid down by the different agencies and your cloud service provider are followed properly.
As we have seen, the cloud computing environment is very dynamic and so are the threats. The systems are evolving literally every day and better security measures are coming in place every day. In a way, the systems are getting secure with each passing day, but with it, the capabilities of the attackers are also getting stronger. With the evolving system, the attackers may also find better ways to breach into the system and so it becomes very essential to stay updated with the latest developments on the security front and keep monitoring your systems all the time. This may require a constantly evolving expertise and experience in monitoring, detecting and thereby eliminating any possible threats. We, at G7 CR Technologies, have a dedicated team that handles all these threats. A team that is up day and night, available 24×7, for 365 days in a year. A team that has relevant experience and expertise to keep you safe from any security threat. We have kept hundreds of customers safe from such threats over the years and we know what it takes to make such commitment and keep it. We provide a wide range of Security & Governance Services. We help our customer build secure hosting architecture and manage security systems end to end, keeping them updated and protected from potential vulnerabilities. So, if you are worried or unsure about your cloud security, feel free to reach out to us and we promise to make it secure.