Moving to the cloud has pretty much become an imperative for organizations of all sizes, yet the elephant in the room is cloud security. While in many ways the cloud is more secure than on-premises environments, recent headlines about cloud data exposure underline the fact that companies still don’t entirely understand the differences between securing a legacy environment and protecting a cloud.
Palo Alto Networks’ Unit 42 recently published a report highlighting the new and ongoing threats to cloud security that it found between late May and early September 2018.
Cloud Security Trends and Tips: Key Learning to Secure Your AWS, Azure and Google Cloud Environments presents an interesting and somewhat disturbing picture.
Since the technology model is relatively new, customers are still learning how to manage it, said Matt Chiodi, chief security officer, public cloud, for Palo Alto Networks. Consequently, many don’t understand the Shared Responsibility Model of cloud security that defines what the cloud provider is responsible for and what the customer needs to take care of. That leads to the key issues described in the report: account compromises, crypto-jacking, container security, risky configurations, and host vulnerabilities.
The top three, from Chiodi’s point of view, illustrate the problem all too clearly.
First, he noted, account compromises have increased in scale and velocity. Twenty-nine per cent of organizations experienced them during the quarter examined in the report. But the difference between an on-premises compromise, where a single server is invaded, and the cloud is huge.
“In a traditional on-prem environment, if a Linux host is compromised through a non-root account, the hacker owns that account. If it’s a root account, the hacker owns the host,” he said. “In the cloud, the hacker owns the host and everything in that cloud account.” Yet companies still allow people to operate as root, which is contrary to best practices, and 41 per cent fail to rotate access keys every 90 days as recommended.
His second key issue is crypto-jacking. Although its frequency has decreased as the price of Bitcoin has fallen (in May, almost 25 per cent of organizations using cloud services experienced it, by September the number fell to around 11 per cent), it’s still important because it requires the hacker to have control of the cloud account in order to spin up the necessary resources to mine cryptocurrency at the victim’s expense (and cryptocurrency mining uses a lot of resources). Again, application of best practices such restricted outbound access from cloud accounts (which over a quarter of organizations neglect), it would mitigate the problem, Chiodi said.
His third hot topic was containers. Almost half of organizations (46 per cent) accept traffic from any source to Kubernetes pods, and 15 per cent don’t use identity access controls in their Kubernetes environments. Again, best practices can protect this increasingly critical environment.
And, if a company hasn’t developed its own practices, Chiodi recommends the Center for Internet Security‘s best practices, which offer security benchmarks for all three major cloud platforms (Amazon Web Services, Google Cloud Computing Platform, and Microsoft Azure), as well as the operating systems, server software, desktop software, and network and mobile devices that interact with them.
Learn more about the report, and about best practices for securing clouds, at the Palo Alto Networks Cloud Security Summit in Toronto on Jan. 17.