Share this Post
Cloud computing has revolutionized the personal and professional digital workspace over the last decade, and it is clear that global business is transforming to a cloud-first narrative at a spectacular rate.
Most businesses already have some form of cloud presence, ranging from Office collaboration platform-as-a-service tools to 100% cloud-native digital pure plays. The cloud is definitely not going anywhere soon!
One of the biggest driving forces pushing customers to the cloud is the perceived excellence of cloud vendor security.
It is safe to say that the number one issue concerning businesses with any form of digital footprint is the overall security of their product.
Business leaders want to know it is safe to move digital workloads away from the monolithic on-premise data centre world, into a highly scalable, highly available cloud microservices infrastructure.
The physical protection once provided by having all infrastructure services on-premise is rapidly diminishing. Cloud migration strategies are accelerating the transition of workloads into the cloud, and cloud providers must convince business leaders that a secure cloud is the future.
Cloud providers spend billions of pounds globally securing their cloud platforms, but how secure is the cloud in 2021?
How Secure is the Cloud 2021 Guide 🇬🇧
The Covid-19 pandemic has cast a significant and long shadow over everyone’s lives in 2020.
And there is little doubt that the Coronavirus will shape future cloud thinking especially when it comes to cybersecurity.
Global cloud providers have seen an influx of new customers since March 2020.
To put this into context, of the big three providers, Amazon reported year-on-year cloud revenue grew 29%, Microsoft Azure grew about 31%, and Google Cloud reported 45% growth.
March 2020 also saw a seismic shift of office workers being asked to work remotely.
How Will the Events of 2020 Shape Cloud Security in 2021?
This rapid growth may potentially open the door to several unexpected security failures in the future, and cloud misconfiguration is widely seen as the number one risk. Well prepared businesses were ready for this eventuality with well-rehearsed disaster recovery plans being put into action.
However, a much bigger percentage were caught floundering, desperate for cloud services to get their employees online and working again. Cybersecurity experts are concerned that the rapid transformation will result in copious amounts of incorrectly configured cloud services.
The Risk of Cloud Misconfiguration
Inexperienced Home Workers Divulging Sensitive Information ℹ️
In making of How secure is the could guide we came upon a recent study by Netwrix that found that 11% of reported cloud security incidents in 2020 were caused by server misconfiguration.
The most common forms of misconfigured servers resulted in confidential data being exposed to the public internet, usually from cloud storage platforms, exposed data creates a snowball effect for other threats including phishing, MalSpam, and ransomware attacks.
Cybersecurity incidents surged in the first few months of the pandemic, with hackers exploiting inexperienced home workers to divulge sensitive information. Notable attacks include Honda’s European division and the University of California who reportedly paid over $1 million to rescue Covid-19 research data.
It’s important to look back at 2020 because it was a year like no other, and as the majority of organizations are still being forced to continue remote working well into 2021, these threats are still very real.
Securing Cloud Environment ☁️
The cloud in 2021 is a very secure place to be, but as discussed there is still a lot of expectations on individuals and businesses to approach security and management of the cloud themselves. We expect outsourcing cloud security-as-a-service to increase in popularity throughout 2021.
Outsourcing will help to reduce the impact of phishing, ransomware, and other malware attacks, but it will also tackle the problem many organizations face with having a lack of IT experts available to secure their cloud environment.
Other benefits include a lesser chance of accidental information sharing by employees, and fewer mistakes being made by system administrators thanks to additional managed services.
Systems and controls can be introduced to limit the chance of data theft by employees (the insider threat) such as an added emphasis on endpoint device protection.
Threats to the Supply Chain
Potentially the Biggest Cyberattack in History 📜
Last year ended with news breaking about potentially one of the biggest cyberattacks in history.
The SolarWinds Supply Chain attack involved threat actors targeting the SolarWinds Orion content delivery infrastructure.
They successfully breached the infrastructure and infected “legitimate” application updates with malware, SolarWinds customers downloaded the compromised software which left a backdoor open for the hackers.
The SolarWinds platform was used to attack high profile US Government institutions and Tech Giants. The fallout from the breach is still not fully understood but the scale of the breach highlights the significant impact a successful supply chain attack can have.
The SolarWinds hack sent shockwaves through the industry and it will certainly force the hand of the regulators and governments to introduce additional legislation throughout 2021. It has been described as a moment of reckoning for the cybersecurity industry.
The reliance of so many illustrious businesses on SolarWinds asks big questions on why so many rely on a single product, but the industry is full of similar stories of product reliance, and this attack will likely cause security professionals to recommend diversifying supplier products to reduce risk.
PAM and IAM
Mitigating Cybersecurity Risks in the Cloud 💭
So far, we have concentrated on how the events of 2020 will impact cybersecurity decision making as we go into 2021. But what can you do to mitigate these cybersecurity risks in the cloud?
One key area to address is the way users access critical infrastructure, and hardening the process by using Privileged Access Management (PAM) and Identity Access Management (IAM).
Both of these methods have a dramatic impact on cybersecurity and will absolutely help defend against data breaches, insider threats, and help you meet strict compliance regulations.
IAM is very well known, but perhaps PAM is not so commonly recognized. Both approaches promote Multi-Factor Authentication with secure permission-based or programmatic access to computer resources.
PAM access controls create an abstraction layer directly on a server, and access is usually protected by software or hardware-based tokenized access. A good example of PAM is RSA Secure ID SSO Authentication.
Identity Access Management
IAM is commonly associated with cloud providers and how access control is provided using permission-based rules and KMS key rotations to cloud resources. Implementing one or both of these technologies correctly is an essential practice to secure the cloud in 2021.
Enforcing a key rotation policy on all cloud users will provide even greater security protection but implemented role-based access is even better.
The best security practice is that no users have direct access to production cloud platforms, linked accounts should be used to assume roles in production environments with associated user credentials being protected by an encrypted key vault.
Segmentation and Zero Trust Security
Define Roles and Acquire Permission-Based Access 🦮
A well-defined IAM, PAM, and KMS strategy is the foundation needed to start building a zero-trust security platform. Bringing in assumed roles and permission-based access controls push the zero-trust methodology of trust no-one, always authenticate!
The National Cyber Security Centre (NCSC) suggests additional measures must be introduced to secure all users (office or remote based), secure all devices (BYOD or Business owned), secure all applications (Internet, SaaS, patching), and secure all access to data.
How to Achieve Zero-Trust
Securing the network to zero-trust standards is another essential requirement, 2021 will see the expected growth of Secure Access Service Edge (SASE) [pronounced SASSY].
The cloud-based WAN convergence technology combines a Cloud Access Security Broker (CASB) - a vault for user credentials, and a Firewall-as-a-Service (FWaas) platform to secure web gateways.
Achieving zero-trust is very challenging, and the starting block is the need to know exactly what infrastructure you have and what it does. This is achievable in the cloud as your cloud console is a valid source of truth but having the technical capability and manpower to achieve it is difficult.
Secure Containers and Microservices
Hard Task but a Necessary One 📚
2021 will see significant growth in infrastructure as code and DevOps practices in the workplace as businesses aim to transform cloud workloads into a secured container and microservice infrastructure.
Misconfiguration is a real treat to DevOps and Microservices, simply not encrypting your cloud storage, having it open to the internet, and not running any versioning tools can leave you wide open to attack.
DevOps comes with the added threat dimensions of accidental misconfiguration. Infrastructure-as-code with Terraform, CloudFormation, and ARM templates carries risk is no code control platform is used.
How Does It Work?
When baking a container image, it is very likely that as yet unknown vulnerabilities will be included in the base image, or worse malware could be present, potentially resulting in the creation of unsanctioned and uncertificated container images.
Security signed product releases from an in-house registry is a very hard thing to do, but as we saw with the SolarWinds hack, it is a process that is unbelievably important.
Once your container stack is live, any misconfigured container or microservices APIs can result in allowing unauthenticated access, exposing etcd secrets, and the publishing of host namespace and volume paths.
To put it simply, if you fail to isolate your container resource and implement resource limits anyone who knows of the API can interact and manipulate your resources, and potentially traverse the network with root access.
So You Never Overlook Anything 👀
The ability to log almost every aspect of your cloud infrastructure is critical, and achieving this standard is essential for cloud customers in 2021.
Verbose logging is great, but it is very easy to end up with excessively large volumes of data, amounts that are impossible for humans to decipher.
SIEM based logging tools and AI/ML log datasets are needed to efficiently scan the logs and detect security anomalies. You could also try best malware scanners for the same use!
Human defined parameters can be set that will trigger automated alerts or automated routines. The best products will empower cloud users to monitor, process, analyse and visualise the log data.
The benefit of using the cloud for detailed logging is that logs can be dumped and recycled in a top cloud storage bucket on an automated schedule.
Emphasis on endpoint protection
Remote Work Opens Up Companies to Attacks ⚠️
Remote working and mobile communications have increased the attack surface for many businesses around the globe. Homeworking introduced a new wave of risk and threats to data integrity. Everyday business data is now being served to individual homes and unauthorized access is a real threat.
The increase in home workers has increased the number of mobile and tablet devices being used to connect to business services, controlling this access is pivotal to securing the cloud.
Multiple new BYOD devices bring added risk of unexpected vulnerabilities, it could be as simple as a user not patching their personal device or the use pirated software.
How to Fight Back?
Training employees is so important when it comes to BYOD, users must know the requirements and expected work conduct if using their own device.
Ideally, users should only be issued with company laptops and devices, something that is achievable for smaller businesses, but companies with a huge number of employees may struggle to order so many devices in bulk during a pandemic.
Appropriate technical measures must be in place to enforce required business standards, this is typically cloud directory services, top VPN services, and an enforced security policy that is pushed to each endpoint, packaged with antivirus and antimalware definitions.
There is no doubt the 2021 Cloud has evolved into a reliable, security defined platform, but as we enter an era of top multi-cloud hosting, understanding and protecting hybrid data transfers between the Cloud is becoming even more important.
Cloud platforms are very secure and offer highly durable and robust services, the biggest problem is user misconfiguration. When leveraging cloud services, the shared responsibility model comes into play.
The provider is responsible for protecting data, applications, infrastructure, and physical protections, but the customer is responsible for the service configuration. The provider typically offers extensive documentation, training, and advice on best practices, but ultimately it’s the customer’s responsibility to protect their cloud account.
Securing Containers and protecting microservices will be more important than ever as the technology continues to boom, but we must continue to bear in mind that there is still a great risk from a user’s inability to secure their platform of choice correctly.
Looking at the latest technology trends for healthcare for instance, gives us an idea on how much more emphasis needs to be put on a growing number of internet devices.
The advice given here will assist customers to move towards greater observability of their cloud service and start their journey on making the cloud a secure place to be in 2021.