Top Cloud Security Challenges & How to Beat Them

October 25, 2022 TH Author Trend Micro CISO : Article, Trend Micro CISO : Cloud, Trend Micro CISO : Compliance, Trend Micro CISO : Cybersecurity Awareness Month, Trend Micro CISO : Detection and Response, Trend Micro CISO : Digital Transformation, Trend Micro CISO : Expert Perspective, Trend Micro CISO : Risk Management, Trend Micro CISO : Skills Gap

An overview of how ngrok, a cloud tunnelling service, works.

What’s at risk

With access to a developer’s machine, cybercriminals can take advantage of local admin privileges or the shared work-in-progress to seed malware. They can also use hijacked credentials to get into the organization’s cloud dev environment or other systems, potentially accessing sensitive information or injecting vulnerabilities into application source code and pipelines. These kinds of breaches are hard to detect because the associated network activity appears legitimate based on the developer’s privileges and identity.

What enterprises can do

As much as possible, organizations should configure security systems to filter outbound connections just as they do inbound ones. Since people will likely seek workarounds if barred completely from using cloud tunnels, it’s also important to set clear policies that identify what the organization considers to be necessary cloud tunneling use cases. And instead of multiple ad hoc cloud tunnels, enterprises should authorize just one, restricted to within the organization and not open to the internet.

Cloud security challenge 3: Misconfiguration exploitation

Software misconfigurations have been found to account for 65 to 70% of all cloud security challenges, with a cost to companies of nearly USD $5 trillion. A Red Hat survey noted 53% of respondents had detected a misconfiguration in their container and/or Kubernetes deployments. Part of the reason these vulnerabilities are so common is that the virtualization and cloudification of IT infrastructure has blurred traditional lines of responsibility between developers and infrastructure or security teams.

What’s at risk

Misconfigurations can take many forms, from erroneously making storage ‘world-readable’ and exposing sensitive information to improperly implementing security controls. This opens up enterprises to a wide range of potential threats: malware, data theft, hijacked repositories, arbitrary workloads (including cryptocurrency mining), and more.

What enterprises can do

Adopting good cloud security posture management (CSPM) practices is key. Doing so helps establish clear domains of responsibility, allowing security teams to set policy, and requiring application and infrastructure developers to ensure their work conforms. CSPM software tools give enterprise security teams the visibility to check and monitor cloud resources proactively for misconfigurations—catching them early and correcting them before vulnerabilities can be exploited.

A unified approach to tackling cloud security challenges

Questions of “who’s responsible?” don’t relate only to teams within the enterprise. Public cloud services require careful delineation of roles between the enterprise and cloud providers to ensure end-to-end security. In the shared responsibility model, cloud providers are responsible for the security of their infrastructure, APIs and data storage and handling in the cloud. It’s up to the enterprise to use those cloud services securely, involving multiple layers of internal roles and functions: security, cloud operations, DevOps and the like.

You May Also Like

Cybersecurity Trends for 2022

Security Culture Matters when IT is Decentralized

How Your Cybersecurity Strategy Enables Better Business