Loading...
Tech Trend

Five Major Cloud Security Challenges Businesses Should Prepare for in 2022

1400x700_2018_Martech_west_meitu_1

Despite the increasing capabilities of cloud computing services in the past few years, organizations still confront major security issues that are further set to aggravate in 2022 if not delineated towards proper safety mechanisms. To cater to these challenges, we have developed a list of cloud computing issues that organizations must consider to prevent, detect, and respond to related attacks.

 

Securing cloud resources is often treated separately from securing on-premises resources. However, increased attacks against cloud resources, including using on-premises compromises for lateral attacks against the cloud, make integration of cloud and on-premises security necessary. This also includes securing increased access to public and private cloud resources accelerated by COVID-19.

 

The five cloud security challenges I describe in this article are expected to continue to grow through 2022. Organizations must consider steps to prevent, detect, and respond to related attacks.

 

Threats and Risks

 

According to a 2021 IBM Security X-Force Cloud Threat Landscape Report, many cloud application vulnerabilities are multiplying. The top causes of threat actor vulnerabilities are RDP, misconfigurations, weak authentication, shadow IT use, and on-premises resources to pivot to cloud resources.

 

RDP (Remote desktop protocol)

 

RDP is used to access both cloud and on-premises resources, and threat actors have not missed the attack opportunities, including

  • Weak authentication. The remotely accessed device has an authentication process that is usually single-factor with a password. The vulnerability is enhanced when the same password is used for both RDP access and access to the device.  According to Cloudflare, most organizations do not closely manage the RDP passwords, resulting in weak passwords.
  • Unrestricted port access.  Failure to properly manage access over the usual port used, TCP 3389, results in threat actors knowing where to penetrate firewalls and attempt RDP access or initiate on-path attacks.

See More: Top 10 Cloud Security Software Solutions in 2021

 

Misconfigurations

 

Misconfigurations are one of the biggest reasons for vulnerabilities, whether in the cloud or on-premises. Devin Partida reports that misconfigurations are the third most common attack vector, following phishing and compromised credentials. Breaches enabled by configuration errors and omissions cost an average of $3.86 million.

 

Jen Knobel, writing for Barr Advisory, lists the following common misconfiguration outcomes.

  • Unknowingly exposing data to the public internet without any required authentication
  • Granting public access to storage buckets
  • Improper creation of network functionality
  • Allowing more than necessary access to cloud-stored data by all system users
  • Exposure of encryption passwords and keys

An additional outcome is the compromise of Application Programming Interfaces (APIs). IBM X-Force reports that two-thirds of their analyzed incidents involved improperly configured APIs.

 

Weak authentication

 

Weak authentication often results in credential compromise, one of the top two cloud attack vectors. The X-Force report claims that up to 30,000 cloud accounts are up for sale on the dark web. The use of only passwords or PINs to access both cloud user and admin accounts enables threat actor capture of credentials that can be used at any time.

 

Credential compromise tends to focus on RDP attacks. IBM reports that RDP access to public cloud resources makes up about 71% of the for-sale credentials.

 

Shadow IT

 

Cloud shadow IT consists of cloud services engage (or applications installed) by departments, individual employees, or other organizational entities outside the standard IT security and change management processes. Shadow IT primarily exists because managers get tired of waiting for IT to respond to business needs. Shadow IT is successful because policies, procedures, and monitoring controls do not exist, or are not effective enough, to detect and manage it.

 

Bypassing IT and security review, shadow IT services often suffer from the most common cloud vulnerabilities, such as weak authentication, lack of appropriate data restrictions, and weak or nonexistent assessment of overall risk.

Pivot from on-premises compromise to the cloud

 

In their report, IBM X-Force writes that pivoting from on-premises compromised resources to cloud resources is quickly becoming one of the most popular attack vectors. Once an on-premises system is compromised, weak authentication, lack of network segmentation, shadow IT activities, misconfiguration, and other systemic vulnerabilities enable lateral movement across the internal network and the cloud.

 

It is important to note that these five cloud security challenges do not exist in isolated towers. Instead, they are often related and enable each other.

 

Managing the Challenges

 

Organizations regularly spend effort and budget on effectively protecting their on-premises networks. However, it has become increasingly clear that they tend not to pay as much attention to what is happening in the cloud: both approved and unapproved. A shift in perspective is needed.

 

Managing weak authentication and pivoting

 

Cloud resources are an extension of on-premises resources. Cloud networks connected to internal networks must be treated as trust zones that need close attention. This requires managing traffic and access between the cloud and the data center.

 

Figure 1 shows that there should be no level of trust between the cloud resources and the on-premises network. This is the beginning of a move to an overall zero-trust information processing environment.

Zero-trust network (ZTN) design is a foundational change that addresses weak authentication and threat actor pivoting from compromised on-premises systems to the cloud or vice versa. As I wrote in a previous article, ZTN never assumes a subject (entity attempting access) is who he says he is during a point-in-time authentication to an object (information resource being accessed). It also never assumes that it is who or what it says it is because a subject has credentials.

 

ZTN tools include adaptive authentication and the creation of explicit trust zones. Adaptive authentication checks a subject’s context when processing a login request. Context can have the time of day, day of the week, geographic location, and the device used. Adaptive authentication can also include continuous authentication that looks at user behavior. If behavior deviates too far from established baselines, the subject may be asked to authenticate again or might be logged off the resource.

 

Organizations create explicit trust zones with network segmentation designed to pull perimeters around objects. In Microsegmentation: One Step Toward a Zero-Trust Network, I wrote that micro segmentation using firewalls or VXLAN technology could bring a perimeter right to a server. The network segments created are explicit trust zones. Moving from one trust zone to another is assessed, and re-authentication, or stronger authentication, may be required for access.

 

Organizations should consider ZTN for on-premises and cloud infrastructure. In addition, security teams should consider moving from on-premises to cloud resources as a move from one trust zone to another.

Managing RDP

 

Strengthening RDP access requires looking at several things. The University of Berkeley’s Information Security Office provides a long list of recommendations for managing RDP access, including

  • Use of multi-factor authentication
  • Patching of RDP software
  • Enabling network-level authentication
  • Using GPO to limit who can log in using RDP
  • Setting an account lockout policy
  • Tunneling of RDP through IPSec or SSH

The use of RDP gateways can bring all of this together into one solution.

 

Managing shadow IT

 

Shadow IT might be the hardest to manage because it is not just a technology issue. It can also come with a ton of political baggage.

 

Shadow IT usually emerges because IT is perceived as not being responsive to business needs. This causes business managers with goals they need to meet to look for other paths to getting the tools they need. Consequently, they take it upon themselves to contract cloud services outside the standard SDLC and change management procedures.

 

Managing shadow IT begins with ensuring a good working relationship between IT and the business. Also needed are policies that specify the consequences of engaging services or using resources that did not go through the approval and documentation steps that ensure secure operation and continued attention to vulnerability and threat management.

 

Finally, organizations need a way to monitor for unapproved use of cloud resources. Microsoft provides a tutorial on how to approach this with its Cloud Discovery solution. Other solutions exist that also accomplish this. Organizations should include in their 2022 budgets the TTP needed to implement the right solution.

 

Managing misconfigurations

 

Misconfigurations happen across all of the other four cloud challenges. Recommendations above include steps to help control unmanaged configurations: both intentional and accidental. However, the best solution to managing configurations is to have more than one set of eyes look at what is configured, why, and the associated risk. This is the function of policy-mandated change management procedures. As with shadow IT, employees should clearly understand the consequences of bypassing change management to make changes in the cloud or on-premises.

 

Confidential computing also helps combat the misconfiguration of container and API interfaces. For example, suppose a threat actor gains access into a high-trust zone and compromises an application server. In that case, she will have no access to applications running on the server discretely, virtually, or in containers. Further, all decrypted data in memory used by the applications are secure from theft or damage. I covered how this works in What Is Confidential Computing and Why It’s Key To Securing Data in Use.

 

Another critical element of configuration management is strict controls over who can create cloud resources, the approval process required, and the detection of unapproved changes.

Read more:Five Major Cloud Security Challenges Businesses Should Prepare for in 2022

Leave a Reply

Your email address will not be published. Required fields are marked *