Cloud services come with their own security challenges for enterprises that use them. Under the Shared Responsibility Model, a cloud service provider (CSP) is charged only with securing the infrastructure that makes cloud services possible. It does not engage in security configuration/monitoring of the operating system or applications. Instead, customers are responsible for security “in” the cloud, or the implementation of security controls to defend their data against digital threats.
Given organizations’ ongoing migration to the cloud, here are six common cloud security threats that enterprises should know about as well as tips on how they can defend against them.
Brute Force Attacks
Bad actors know that organizations’ cloud environments are oftentimes similar in nature to their on-premises environments. These individuals might therefore leverage the open Internet to conduct brute force attacks against corporate cloud-based resources. To prevent brute force attacks, organizations should disable access points to their cloud environment from the open web, such as port 22 and port 3389. Businesses should also activate network flow logs and implement best security practices. These recommended measures include the implementation of a firewall, the installation of anti-virus and other threat monitoring products, and the regular performance of vulnerability scans.
Sometimes, enterprises hard-code API keys, access keys, and other important credentials into their public source code or documentation. That’s a bad idea. Why? Attackers could find a way to expose those details. Organizations should treat all cloud-related credentials as securely as possible by never allowing them to move outside the organization, by changing them once every three months, and by enabling multi-factor authentication (MFA) when applicable.
Organizations might store their passwords securely, but if they reuse those credentials across other web accounts, a third-party security incident such as the LinkedIn and Dropbox “mega-breaches” of 2016 could potentially expose their entire cloud infrastructure. To protect themselves against such external exposure, enterprises should use a unique password and ideally store it using a password manager.
As we all know, not all employees and/or contractors have a company’s best interests at heart. They might want to gain access to sensitive information so that they can sell it to a competitor or leverage it for a ransom payment. Fortunately, organizations can combat insider threats via logging and monitoring solutions. Specifically, they should invest in tools that send out alerts if, for example, someone attempts to escalate privileges with an unauthorized API call or an identity and access management (IAM) policy modification.
Phishing emails pose just as much of a threat to cloud environments as they do to on-premises infrastructure. Enterprises can best defend against these attack messages by enabling MFA on all accounts that offer the feature. They should also make a point of conducting ongoing phishing simulations with their employees so that they can help spot and block a phishing threat.
Irrespective of the security controls they choose to implement, organizations can’t successfully block every type of digital threat. Indeed, it’s likely they will face a security incident at some point, which is why they should have a plan in place for if and when they do. Their response and recovery framework should include, for instance, solutions that can help protect against distributed denial-of-service (DDoS) attacks as well as a robust data backup strategy that can minimize data loss and downtime in the event of a ransomware infection.
The above-mentioned security threats threaten every organization’s cloud infrastructure. Even so, there are lots of other threats out there. Just as there are means to defend against them.
For more information on some of the most common cloud security threats and how Tripwire’s solutions can help protect your cloud-based infrastructure, click here.