RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2022/06/28 08:23:14

Security threats in the cloud

The main security threats in the cloud: data theft, data loss, account hacking, gaps in interfaces and Application Programming Interface (API), DDos attacks, insider actions, the ability to penetrate hackers, as well as downtime through the fault of the provider.

Content

2022

Named trends in information security in the clouds in 2022

In 2022, demand for cloudy INFORMATION SECURITY services is growing rapidly against the background of a sharp increase attacks in the number of the Russian information systems. This was announced on June 27, 2022 by the company. In the Stack Group high-risk zone, not only, but also state IT infrastructure resources, and industrial transport financial power clusters., Evgeny Gorokhov Co-founder M1Cloud and Managing Director of Stack Group, spoke about the trends in cloud information protection environments in 2022.

The risks that a business may face using its own physical infrastructure are the inability to update the fleet due to a rupture of supply chains, the inability to install software updates, the inability to renew licenses, and the lack of support for foreign vendors.

Against the background of the growth of cyber threats in the market, the range of information security solutions has decreased due to the departure of large vendors whose technologies have become inaccessible to Russian users. The departure of foreign vendors is fraught with high risks of information protection, because the solutions of these vendors have been integrated into the infrastructure and now require a rethink of the entire architecture of the IT landscape. Therefore, the business is looking for new information security products that can not only solve data protection problems, but also provide seamless integration with the existing infrastructure.

Despite the gaps in the information security technology market after the departure of some foreign vendors, the Russian information security market is quite stable. There are large Russian players in the information security market who are able to cover the entire range of business needs. Of course, Russian developers, in order to provide alternative information security products, will have to build new functionality around existing infrastructure solutions, or adapt their technologies, or create completely new ones that require rebuilding the IT configuration, but these tasks are quite specific and solvable in the foreseeable future.

Business often chooses clouds because most cloud projects are initially implemented with security in mind. Service providers are constantly increasing their competencies in the field of information protection, developing their own services and solutions that meet the needs of customers as much as possible, and also tracking new items from leading hardware and software vendors, integrating them into their products.

According to a study by ICS Media and VK Cloud Solutions, the majority of companies surveyed (81%) consider cloud technologies a reliable solution for storing business data. For many companies, clouds are one of the available solutions for data protection, since cloud systems are provided with a secure loop at all levels: from the data center to protecting personal data and protecting against DDoS attacks. Therefore, business is increasing the share of cloud capacity in the total volume of hybrid infrastructure, while more companies are investing in secure clouds amid growing threats aimed at critical systems. According to Stack Group experts, by the end of the year, the segment of cloud information security services for data protection will grow by 30-40%.

Over the past 2-3 years, we can observe an increase in state requirements in the field of cybersecurity, including the protection of personal data, state information systems and critical information infrastructure, and we can also note the strengthening of the independence of the Internet. Business must comply with market regulations to leverage secure cloud solutions at the server and virtualization levels to meet operational and access requirements for critical infrastructure storage, processing, or transfer. All this guarantees the sustainability of the business and the continuity of business processes.

So, we can say that the Russian market for cloud information security services is mature and stable, information security technologies are largely tested on thousands of unique cases, there are many years of experience in their use and support. Cloud information security services have great functionality for business information systems, and providers are ready to provide assistance with migration, integration, administration and technical support at all stages of operation of a secure infrastructure.

99% of cloud resources provide excessive permissions

On April 14, 2022, it was reported that a team Palo Alto of Unit 42 researchers concluded that cloudy users, roles, services and resources were providing excessive permissions, putting organizations at risk of compromise. According to experts, incorrectly configured control identification and access () IAM opens the door for malefactors targeting cloud infrastructure and accounting. data

Illustration: securitylab.ru

Unit 42 researchers analyzed more than 680 thousand identities in 18 thousand cloud accounts and more than 200 different organizations in order to understand their configurations and usage patterns. As it turned out, 99% of cloud users, roles, services and resources provided "excessive permissions" that were not used for 60 days. Hackers can use such permissions to move through the victim's network and expand the radius of the attack.

safety content There were twice as many unused or redundant permissions in built-in policies (CSPs) as in policies created by clients.

File:Aquote1.png
"Removing these permissions can significantly reduce the risk to which each cloud resource is exposed and minimize the attack surface for the entire cloud environment," -

noted experts.
File:Aquote2.png

Incorrect settings, according to the company, are the cause of 65% of detected cyber incidents in, cloud while time 53% of analyzed cloud accounts used unreliable, and password 44% reused passwords. Moreover, nearly two-thirds (62%) of organizations have public cloud resources.

The Unit 42 team discovered and identified five cybercriminal groups using unusual methods to directly attack cloud service platforms:

  • TeamTNT - one of the rather dangerous threats from the point of view sight of cloud ID counting methods. Grouping operations include moving within clusters, Kubernetes creating botnets IRC, and capturing compromised cloud workload resources for cryptocurrency mining Monero.
  • WatchDog - uses specially created scripts in the Go language, as well as repurposed crypto-jacking scripts from other groups (including TeamTNT) and is a threat aimed at open cloud instances and applications.
  • Kinsing is a grouping aimed at collecting cloud credentials, open Docker API Daemon interfaces harmful using processes based on GoLang. containers Ubuntu
  • Rocke - Specializes in ransomware and crypto-jacking operations in cloud environments and is known for leveraging the processing power of compromised Linux-based systems typically hosted in a cloud infrastructure.
  • 8220 - Grouping uses PwnRig or DBUsed tools, which are variants of the XMRig Monero mining software. It is believed that the grouping arose from the fork of GitHub software of the Rocke grouping.[1]

2021:43% of all cloud accounts are out of date, unused and at risk

Varonis, one of the representatives of the global market for security and data analytics, on September 2, 2021 shared the results of the SaaS risk report for 2021. The report looked at the main trends and challenges companies face when trying to control users' digital identities and shadow privileges, as well as the risks of enterprise data in cross-cloud infrastructure.

Varonis analysts analyze data from more than 200,000 digital personalities and hundreds of millions of cloud assets with DatAdvantage Cloud

It found that 43% of all cloud accounts are outdated, unused and at risk. At the same time, user accounts that no longer use cloud services become an easy target and significantly increase the surface of the attack on the organization.

Also, three of the four cloud accounts of external contractors remain active even after the termination of cooperation with the organization. One of the four "personalities" in SaaS applications and half in IaaS services are machine. Unlike living people, they are subject to the threat of hacking around the clock, as they are always on the system and are usually ignored by security services iz‐za work in the background.

44% of cloud user privileges are not configured correctly - this can make an organization vulnerable to account hacking or data exfiltration. Also, three of the five privileged users of cloud services are shadow administrators. They can make changes at the administrator level and potentially damage the cloud service.

Analysts found that 15% of employees transfer company-critical data to their personal cloud accounts. At best, this means that the data is beyond the control of the security service, at worst, it indicates data theft. And 16% of all cloud service users perform privileged actions and 20% of them have access to confidential corporate data. All this can negatively affect the operation of the cloud service itself or on most of its users.

File:Aquote1.png
Thanks to the cloud, the boundaries between personal and corporate accounts have disappeared. Even ordinary users who are not administrators easily violate the principles of least privilege with the click of the "share" button. If you do not control the entire SaaS/IaaS stack in your organization, users can silently copy, delete, or disclose critical data to almost anyone. This could be your list of Salesforce customers, source code on GitHub, documents on Box and Google Drive, "said Daniel Gutman, head of Varonis in Russia.
File:Aquote2.png

To secure work in the clouds, Varonis has prepared a checklist of security rules.

Experts advise that employees have the minimum access necessary to fulfill their duties, check user activity for suspicious or unintended actions by security policies, and eliminate shadow accounts.

According to Varonis experts, regular verification of access rights, the use of cross-cloud threat detection tools, periodic audit of cloud sharing configuration settings, as well as "hygiene" of remote employee and contractor accounts will help save data in security.

2019

McAfee: 19 Cloud Security Best Practices in 2019

Cloud computing has been commercially available for about 20 years and is used almost everywhere: about 95% of companies note that they have a cloud strategy. Although cloud service providers have significantly improved their security systems, using such services is still fraught with risks. Fortunately, these risks can be minimized with the following best practices:

Protect your data in the cloud:

  • Determine which information is most vulnerable. While the ubiquitous implementation of the highest level of protection will of course be redundant, companies must secure their sensitive data - otherwise they are at risk of losing intellectual property and imposing regulatory penalties. For this reason, first of all, it is necessary to determine which information is subject to protection. A special mechanism is usually used to detect and classify data. Install an end-to-end solution that can discover and protect sensitive information on your network, endpoints, and cloud while providing the flexibility and mobility you need for your organization.
  • How is data accessed and stored? Despite the fact that sensitive data can be stored in the cloud, this possibility is not obvious. According to McAfee[2] McAfee 2019[3], Cloud Adoption and Risk Report, 21% of all files in the cloud contain sensitive information. Experts note a sharp increase in this indicator compared to last year.1 Although most of this information is stored in well-established enterprise cloud services such as, and Box Salesforce Office365 it is important to understand that none of these solutions guarantees 100% security. In view of this, it is important to examine the permissions and context of data access in your cloud environment and make the necessary adjustments. In some cases, you will have to delete sensitive data already hosted in the cloud or quarantine it.
  • Who can share data and how? Compared to the previous year, the volume of confidential data sharing increased by more than 50%.1 No matter how thoughtful your strategy to reduce threats, you cannot only respond to incidents: the risks of this approach are too great. You need to develop an access control policy and enforce it before data enters the cloud. Only a small number of employees should be able to edit documents, most will need to view them. Similarly, not all users who have access to certain data should be given permission to exchange them. You need to create groups and set up rights so that only a narrow circle of persons with the appropriate permissions can forward such information. This will significantly limit the dissemination of sensitive data.
  • Don't rely on cloud service encryption. Comprehensive file-level encryption should be the basis for all security measures in the cloud. While data encryption by cloud service providers protects it from third parties, providers gain access to your encryption keys. For maximum protection, companies need to implement modern cryptographic solutions with their own keys and apply them before uploading data to the cloud.

Address internal cloud security threats

  • Employees must use the cloud transparently. Even if your organization has an enterprise cloud security strategy, your employees can use the cloud at their own discretion. Most people set up accounts Dropbox in or use online services to convert files without first consulting IT specialists. To assess the potential risks of employees working with the cloud, check the proxy server logs firewall and security information and event management systems (). SIEM This will give you a complete understanding of what cloud services are used and determine their value to employees/organizations versus the risks of full or partial deployment of systems in the cloud. It should also be remembered that shadow usage is not only access to new or unresolved services from known endpoints. Companies also need a strategy to combat the movement of data from trusted cloud solutions to uncontrolled ones, smartphones tablets and laptops. Since you can access the cloud service from any connected to the Internet device, uncontrolled personal equipment creates a gap in any security strategy. To limit the download of files to unauthorized devices, you can make security checking a prerequisite for such a download.
  • Make a list of secure services. While most employees use cloud services for work purposes and with legitimate intent, some will inevitably find and install questionable solutions. Of the 1,935 cloud services that are available to the average organization, 173 are high-risk applications.1 Knowing which solutions are used in your company will help you develop appropriate security policies.
    • Determine what type of data can be placed in the cloud.
    • List secure cloud applications that employees can use
    • Inform employees about cloud security best practices, precautions, and tools you need to work securely with these applications.

  • Keep in mind the important role of endpoints. Most users use a web browser to access the cloud, so companies need to implement effective tools to protect the client side and ensure browsers are updated in a timely manner to prevent exploitation of their vulnerabilities. These are the key components of cloud security. To fully protect end-user devices, install advanced, specialized solutions such as firewalls, especially if your company is running on the IaaS or PaaS model.
  • Look to the future. New cloud services appear on the Internet quite often, and the risks associated with them are constantly increasing, which makes it difficult to develop and update relevant policies manually. Although it is too difficult to predict which cloud applications employees will access, you can automatically update web access policies using the risk profile information of a service. This will block access to such a cloud or display a warning to the user. Closed loop remediation (enforcement of policies based on the general risk category of the cloud service or its individual characteristics) must be integrated with a secure web gateway or firewall. The system will automatically update and enforce policies without disrupting the existing process environment.
  • Protect against careless users and intruders. Among the security threats that companies face on a monthly basis, personnel are responsible for an average of 14.8 incidents. In 94.3% of organizations, intrasystem threats arise at least once a month. They are inevitable: the only question is when this problem will affect you. Threats of this kind include both unintentional disclosure (that is, say, accidental forwarding of a document with confidential information) and malicious activity itself - for example, when a sales manager downloads the full version of the client base before leaving for competitors. Both careless employees and hackers can perform actions that indicate malicious use of cloud data. To monitor anomalous phenomena and prevent internal and external data leaks, use solutions with machine learning and user behavior analysis technologies.
  • Trust. But check. Users who are trying to access sensitive data in the cloud from a new device must undergo additional verification. A possible solution is to automatically require two-factor authentication in all high-risk cloud access scenarios. Specialized cloud security solutions can request an additional identifying attribute from the user in real time; they work with existing ID providers and authentication factors (hardware tokens, mobile software tokens, or text messages) that are familiar to end users.

Build strong partnerships with trusted cloud service providers

  • Compliance is still a prerequisite. The company can move most of the key business functions to the cloud, but compliance will always be the responsibility of it, not third parties. Regardless of whether your business is governed by the California Consumer Protection Act, PCI DSS Data Security Standard, GDPR, HIPAA, or others, you must choose a cloud platform that allows you to comply with all industry standards and regulations. Then you should find out what aspects of regulatory compliance your provider is responsible for, and which ones remain in your competence. While many cloud service providers have been certified by a variety of industry and government regulators, deploying compliance applications and services to the cloud and maintaining that compliance in the future is your responsibility. It should be noted that previous contractual obligations and legal barriers may impede the use of cloud services: the movement of data to the cloud is interpreted as a transfer of control over this data.
  • Brand compliance is also important. The transition to the cloud does not necessarily occur at the expense of the brand promotion strategy. Develop a comprehensive plan to manage identity and authorization in cloud services. Software applications that meet the requirements of SAML, Open ID, and others support the application of enterprise-style elements in the cloud.
  • Find trusted service providers. Cloud service providers that focus on accountability, transparency, and compliance with accepted standards typically hold SAS 70 Type II or ISO 27001 certifications. Cloud service providers should be prepared to provide all necessary documentation and reports in a ready-to-use manner - such as audit results and certification information, along with necessary information about the evaluation process. All audits should be conducted by independent experts based on existing standards. The cloud service provider is responsible for keeping the certificates received up-to-date and notifying customers of any changes in their status. At the same time, the client's duty is to study the scope of application of each standard: for example, some widespread regulatory documents do not assess the effectiveness of safety systems; the reliability of audit firms and auditors can also vary.
  • How do they protect you? No cloud service provider guarantees 100% security. Over the past few years, many key providers have been attacked by hackers, including AWS, Azure, Google Drive, Apple iCloud, Dropbox and others. It is important to familiarize yourself with the security strategies of the cloud service data and the peculiarities of its multi-lease architecture. Unauthorized access to the service provider's hardware or operating system automatically exposes all information placed with the service provider to risk. For this reason, it is necessary to implement protective measures and study the data of previous audits in order to identify potential weaknesses in the security system. If the supplier uses third-party services in this area, you should also familiarize yourself with the data of their certifications and audits. After that, you will be able to determine what security problems need to be resolved on your part. For example, less than 10% of providers use data encryption when storing. Even fewer services support the use of cryptographic customer keys.1 For reliable and secure work in the cloud, you need to find service providers that, on the one hand, provide comprehensive protection, and on the other, give users the opportunity to close any gaps in it.
  • Carefully review the contracts and service level agreements of the selected cloud provider. A cloud service contract is the only warranty of service and the main document that you will appeal to when problems arise. For this reason, it is important to carefully examine all contractual conditions, including in appendices and supplementary agreements. For example, a contract could clarify whether a provider company will be responsible for your data or become the owner of your data. (Only 37.3% of providers indicate that customer data is customer property. The rest either do not directly establish the owner of the data, thereby creating a legally unclear moment, or clearly claim that all data uploaded to the cloud is their possession.1) Does the service provide open access to information about security events and response to them? Does the provider provide monitoring tools or the ability to connect corporate controls? Will you receive monthly reports on security events and responses to them? What happens to your data if you refuse to use the service? (Note that only 13.3% of cloud service providers delete user data as soon as the account is closed. The rest keep this information for a year, and some providers specifically stipulate their right to keep this information indefinitely.) Controversial contract terms can be discussed during negotiations, but if a service provider calls them non-renegotiable, you will have to decide whether the risk associated with accepting these terms is acceptable to your business. If not, you need to find an alternative way to manage this risk - implement cryptographic or monitoring tools or contact another provider.
  • What to do in the event of an emergency? Since each cloud service provider has its own security system and none of them guarantees 100% data protection, it is imperative to have an incident response plan (IR plan). When making such plans, the provider should act as a partner and take into account your opinion. Identify communication channels, functions, and responsibilities, and consider possible problem response scenarios in advance. Service Level Agreements (SLAs) should clearly state the information that the service provider is required to provide in the event of an incident, the procedure for working with data to ensure its availability, and the assurance of support that will be required to effectively implement the corporate IR plan at each stage. While the best way to detect attacks in a timely manner is through continuous monitoring, it is necessary to perform a full-scale system review at least annually, as well as perform additional tests at every significant architectural change.
  • Protect your IaaS environments. When working in IaaS environments, such as AWS and Azure, you are responsible for the security of operating systems, applications, and network traffic. To protect the infrastructure from malware, you need to deploy advanced protection technologies at the OS and virtual network levels. Lists of allowed applications and tools to prevent unauthorized memory use will help protect specialized workloads, and machine learning-based security is great for file systems and general-purpose applications.
  • Neutralize and remove malware from the cloud. Malware infects applications through shared folders that are automatically synchronized with folders in the cloud. Thus, the dangerous code passes from one hacked user device to others. To prevent malware ON , software, and extortioners data theft, install a cloud security solution and scan files stored in the cloud. If hacker software is found on a host or cloud application, it can be quarantined or deleted. This will protect sensitive data and avoid malware damage.
  • Perform regular audits of your IaaS configurations. Misconfiguring critical IaaS (AWS or Azure) settings results in significant vulnerabilities. On average, at any time, at least 14 IaaS instances with configuration errors are running in any organization. The number of related security incidents reaches 2,300 per month. Worse, more than 5% of all misconfigured AWS S3 buckets used.1 To avoid such potential data breaches, you must check your configurations for errors in the Identity and Access Control, Network Settings, and Encryption settings.

Fortinet: Four Key Cloud Security Concepts

On July 18, 2019, the company Fortinet introduced four main technology concepts safety cloudy.

According to Fortinet, the most important advantage of the cloud is that it allows you to deploy, manage and host critical applications faster than any other method. At the same time, employees and customers gain access to critical information in real time - wherever they are, and no matter what device they use. This requires flexible resource management, with the ability to scale and move resources, as well as simple and intuitive applications, with real-time access to data and the ability to quickly update to constantly changing trends. The same applies to internal workflows on different devices and clouds, which must be highly available, flexible, and responsive to support critical functions and execute transactions.

Fortinet outlined four main concepts for cloud security. Фото: digitaltransformationnow.net

Security is a critical component of any cloud environment, especially given that cybercriminals they are striving to use a rapidly expanding surface, attacks according to Fortinet. But to achieve high efficiency, security technologies must be as flexible and dynamic as the protected cloud itself. infrastructure In addition, protecting the cloud with legacy security solutions is as impossible as creating a modern cloud using legacy network components and traditional application development strategies.

Effective security solutions must protect not only communications between data and users, but also protect literally every connection to every physical or virtual device in a distributed infrastructure, even for those devices that constantly move within multi-cloud infrastructures (or even between them).

In such environments, difficulties often arise due to the use of various security systems - the fact is that the deployment of solutions presented on only one cloud platform is often impracticable on other platforms, or can impose functional restrictions. This actually limits the true potential of the cloud. Too many organizations, having seen the scale and severity of the problem, have not been able to find a holistic approach to solving it.

Four key cloud security concepts

According to Fortinet, organizations should use the following security concepts to address these challenges when implementing their cloud strategies:

  1. Create security-aware cloud environments. As a rule, data leaks occur as a result of cybercriminals using the weakest link in the attack surface. In many organizations, cloud adoption expands the attack surface exponentially. To eliminate these weak links, you need to provide a single level of security everywhere, even when the infrastructure is constantly changing. Since infrastructures are expanding and changing at such a rapid pace, it is important that any changes to the network are carried out in strict accordance with the overall security plan. Requiring appropriate security tools, policies, and procedures before any new resources are deployed allows security solutions to be tailored to changes in infrastructure and applications. To do this, you need to choose security tools that understand the infrastructure in which they will be hosted, and that can ensure consistent operation in all environments, including multi-cloud environments, ensuring policy enforcement and high transparency for secure application launch and secure connectivity from data centers to the cloud. Even minor differences in adaptability and implementation can lead to security holes that cybercriminals will willingly exploit.
  2. Native cloud security. Because data and workflows must travel throughout the infrastructure and in the cloud, security solutions must work together. Choosing a cloud firewall from the same vendor whose products protect an organization's physical assets does not necessarily guarantee a solution. Such solutions should seamlessly interact with cloud services and monitor the operation of these services, as well as be able to identify cloud resources in the same logical way as they identify other resources. However, while the underlying technology used to protect networks is significantly different from the technologies used to protect cloud resources, security aspect management practices should remain the same. That's why natural integration into cloud infrastructure is crucial. This problem is exacerbated by the fact that cloud environments are very different from each other, and organizations often use a heterogeneous set of technologies with disparate security measures in different cloud environments. This can create additional problems for coordination and security. In addition to native integration into the cloud, security tools must also be able to broadcast security policies "on the fly" so that these policies are comprehensively applied in different environments. To do this, choose a vendor with solutions that are initially integrated into as many cloud platforms as possible and that provide a single level of security and connectivity from the data center to the cloud, regardless of the cloud infrastructure used.
  3. Various form factors. Comprehensive, consistent protection requires that the same security solutions be deployed on as many platforms as possible and as many different form factors as possible. For example, applications should be able to access a cloud-based security solution to identify and protect individual types of data and transactions. Container applications must have access to container security tools for easy integration of security features into the application chain. And ideally, these tools should work in the same way as solutions deployed in distributed infrastructure, including branch offices and peripherals. But you should not expect a virtual version of the firewall to be suitable for deploying a cloud or container. As mentioned earlier, if you need consistency in the implementation of security policies, and if you need to be able to solve unique problems characteristic of individual ecosystems, then each of the form factors of the solution must be initially integrated into the environment in which it is located.
  4. Centralized management. One of the biggest complaints from network administrators is that they lack a single console with which they can see the entire infrastructure and manage their entire network, and which provides transparency to physical and virtual networks. If you use solutions to manage security that can detect attacks and protect infrastructure only in individual segments of the network, but not throughout the network, then this will most likely lead to an infrastructure compromise. To address security gaps, organizations need a single dashboard that provides visibility and creates consistent security policies across the infrastructure for effective risk management. Security solutions should share and correlate threat information, obtain and implement centralized policies and configuration changes, and coordinate all resources to respond to detected threats in a timely manner.

Traditional security models, when special equipment is placed on a network gateway to monitor predictable traffic and devices, are already outdated. Today's security solutions must span the entire distributed infrastructure, dynamically scale as applications grow, and automatically adapt as the infrastructure adapts to changing requirements. And, just as importantly, these solutions need to ensure consistent functionality and policy enforcement regardless of their form factor and deployment location. This may require a rethink of all existing security infrastructure.

If the cloud plays a significant role in the organization's future, it may be better to find a single provider that supports the entire application lifecycle, all infrastructure development plans, and expansion plans - that is, a solution that offers comprehensive protection and functionality for multiple public and, private cloud domains even if it means replacing traditional security hardware that is already installed in the local infrastructure.

The native integration capabilities of a wide range of security tools that provide automation and centralized management are at the heart of the security infrastructure and enable comprehensive policy implementation, collaborative threat intelligence collection and use, centralized management and orchestration, and a unified view of the entire distributed infrastructure. All this allows an organization to deploy any application in any cloud infrastructure with confidence. Without a powerful, integrated, and automated security infrastructure that embraces, expands, and adapts to the entire network, the organization loses control tools and will act blindly, and cybercriminals will readily exploit this weakness.

2017: SAP CIS: Key Barriers to Cloud Service Adoption

2016: Kaspersky Lab Data

According to a Kaspersky Lab survey, 13% of Russian companies have at least once faced incidents related to the security of cloud infrastructure in a year. At the same time, about a third of companies (32%) lost data as a result of these incidents. Every day, cloud-based enterprise infrastructures and networks, regardless of their size, are subject to a large number of internal and external attacks. However, business does not yet take this threat seriously: only 27% of Russian companies believe that the overall security of their corporate network depends on the security of their virtual systems and cloud infrastructures. The [4]

Companies are most concerned about the protection of external cloud services. Thus, respondents worry that incidents can occur at suppliers outsourcing on which they are transferred, from business processes third-party cloud services or in where To IT infrastructure the company leases computing power. However, despite all this concern, only 15% of companies conduct third-party security checks.

"Despite the fact that the latest large-scale hacks took place inside the data center, traditional security systems still focus only on protecting the network perimeter and controlling access rights. This rarely takes into account the negative impact of solutions for protecting physical infrastructure on the performance of virtual environments, "explained Veniamin Levtsov, vice president for corporate sales and business development at Kaspersky Lab. - Therefore, in converged environments, it is so important to use the appropriate comprehensive protection, ensuring the security of virtual systems with specially designed solutions. We implement an approach in which, regardless of the type of infrastructure, all systems provide a single coverage of the entire corporate network in terms of security. And in this, our technologies and modern VMware developments (such as microsegmentation) complement each other perfectly. "

2015: Forrester: Why are customers unhappy with cloud suppliers?

According to a Forrester report (summer 2015), the lack of transparency on the part of cloud providers is the main source of customer dissatisfaction[5]

Opaque cloud

A recent study by Forrester Consulting shows that many organizations believe that cloud service providers provide them with insufficient information about cloud interaction, and this harms their business.

In addition to lack of transparency, there are other factors that reduce the enthusiasm for moving to the cloud: this is the level of service for customers, additional costs and adaptation during migration (on-boarding). Organizations love the cloud very much, but not its suppliers - at least not as much.

The study was commissioned by iland, a provider of corporate cloud hosting, conducted throughout May and covered infrastructure and ongoing escort professionals from 275 organizations in the U.S., U.K. and Singapore.

"Among all the difficulties of today's cloud are annoying flaws," writes Lilac Schoenbeck, vice president of support and marketing for the iland product. "Such important metadata is not reported, significantly hindering the adoption of the cloud, and yet organizations are making growth plans based on the assumption of the boundlessness of cloud resources."

Where is the key to achieving business harmony? Here is what VARs need to know to try to resolve the problems and lead the parties to reconciliation.

Inattention to customers

Apparently, many cloud users do not feel the same individual approach.

Thus, 44% of respondents replied that their provider does not know their company and does not understand their business needs, and 43% believe that if their organization were simply larger, then, probably, the supplier would pay more attention to them. In short, they feel the cold of the rank-and-file deal buying cloud services, and they don't like it.

And also: there is one practice, which was pointed out by a third of the companies surveyed, which also instills a feeling of pettiness in the transaction - they are charged for the slightest question or incomprehensibility.

Too many secrets

The supplier's reluctance to provide all information not only annoys customers, but often costs them money.

All respondents to the Forrester survey responded that they felt certain financial implications and impact on current work due to missing or closed data about their cloud use.

"The lack of clear data on cloud usage parameters leads to performance problems, difficulties in reporting to management about the real cost of use, payment for resources that are not consumed by users, and unforeseen bills," Forrester states.

And where is the metadata?

IT executives responsible for cloud infrastructure in their organizations want a cost and performance metric that provides clarity and transparency, but it's obviously hard for them to get that across to suppliers.

Survey participants noted that the metadata they receive about cloud workloads is usually incomplete. Almost half of the companies responded that there was no data on compliance, 44% indicated no data on usage parameters, 43% - retrospective data, 39% - safety data, and 33% - billing and cost data.

Transparency issue

The lack of metadata causes all sorts of problems, respondents say. Almost two-thirds of respondents reported that insufficient transparency does not allow them to fully understand all the benefits of the cloud.

"The
lack of transparency raises a variety of issues and this is primarily a question of usage parameters and disruption," the report said.

About 40% try to eliminate these gaps themselves by purchasing additional tools from their own cloud suppliers, and the other 40% simply purchase the services of another supplier, where such transparency is present.

Regulatory compliance

Whatever one may say, organizations are responsible for all their data, whether on local DSS or sent to the cloud.

More than 70% of respondents in the study said that their organizations regularly audit, and they must confirm compliance with existing standards, wherever their data is. And that puts an obstacle to cloud acceptance for nearly half of the companies surveyed.

"But the regulatory compliance aspect of you should be transparent to your end users. When cloud providers hold or do not disclose this information, they do not allow you to achieve this, "the report said
.

Compliance issues

More than 60% of companies surveyed said that regulatory compliance issues limit further adoption of the cloud.

The main problems are as follows:

  • 55% of companies associated with such requirements replied that the most difficult thing for them to implement proper controls.
  • About half say they struggle to understand the level of compliance provided by their cloud provider.
  • Another half of the respondents replied that it was difficult for them to get the necessary documentation from the provider about compliance with these requirements in order to be audited. And 42% find it difficult to get documentation of their own compliance with the requirements for workloads running in the cloud.

Migration challenges

It seems that the on-boarding process is another area of ​ ​ general dissatisfaction: just over half of the companies surveyed answered that they were not satisfied with the migration and support processes that cloud providers offered them.

Of the 51% dissatisfied with the migration process, 26% responded that it took too long, and 21% complained about the lack of live participation from the provider's staff.

More than half were also not satisfied with the support process: 22% cited a long wait for a response, 20% a lack of knowledge of support staff, 19% a protracted problem-solving process, and 18% received bills with higher-than-expected support costs.

Obstacles to the Cloud

Many of the companies surveyed by the Forrester firm are having to hold back their expansion plans in the cloud because of the problems they are experiencing with services already in place.

At least 60% responded that the lack of transparency in usage, regulatory compliance information, and robust support keeps them from using the cloud more widely. If it weren't for these issues, they would have moved more workloads to the cloud, respondents say.

2014

  • The role of IT departments is gradually changing: they are faced with the task of adapting to the new realities of cloud IT. IT should educate employees about security concerns, develop comprehensive data management and compliance policies, develop recommendations for implementing cloud services, and set rules on which data can and cannot be stored in the cloud.
  • IT departments are able to fulfill their mission to protect corporate data and at the same time act as a tool in the implementation of "Shadow IT," implementing measures to ensure data security, for example, introducing the'encryption-as-a-service' approach enciphering. This approach allows IT departments to centrally manage data protection in the cloud, providing other departments of the company with the ability to independently find and use cloud services as needed.
  • As more companies store their data in the cloud and their employees increasingly use cloud services, IT needs to focus more on implementing better mechanisms for controlling user access, such as multi-factor authentication. This is especially true for companies that provide third parties and suppliers with access to their data in the cloud. Multi-factor authentication solutions can be centrally managed and provide more secure access to all applications and data wherever they reside - in the cloud, or on the company's own hardware.

Ponemon and SafeNet Data

Most IT organizations are in the dark about how enterprise data is protected in the cloud - as a result, companies are putting their users "accounts and confidential information at risk. This is just one of the findings of a recent autumn 2014 study by the Ponemon Institute commissioned by SafeNet. The study, entitled "Information Management Challenges in the Cloud: A Global Data Security Survey," surveyed more than 1,800 IT and IT security professionals worldwide.

Among other findings, the study found that while organizations are increasingly leveraging cloud computing capabilities, corporate IT is facing challenges managing and securing data in the cloud. The survey showed that only 38% of organizations clearly defined roles and responsibilities for ensuring the protection of confidential and other sensitive information in the cloud. To make matters worse, 44% of enterprise data stored in the cloud is not controlled or managed by IT. In addition, more than two-thirds (71%) of respondents noted that they face new difficulties in using traditional security mechanisms and techniques to protect sensitive data in the cloud.

With the growing popularity of cloud infrastructures, the risks of confidential data leaks are also increasing About two-thirds of the surveyed IT professionals (71%) confirmed that cloud computing is of great importance to corporations today, and more than two-thirds (78%) believe that the relevance of cloud computing will remain in two years. In addition, respondents estimate that about 33% of all information technology and data infrastructure needs of their organizations can be met today with cloud resources, and over the next two years this share will increase to an average of 41%.

However, the majority of respondents (70%) agree that it is becoming more and more difficult to comply with the requirements for maintaining data privacy and protecting it in a cloud environment. In addition, respondents note that the risk of leaks is most affected by such types of corporate data stored in the cloud as email addresses, consumer and customer data and payment information.

On average, more than half of all cloud services in enterprises are implemented by third-party departments rather than corporate IT departments, and on average, about 44% of enterprise data hosted in the cloud is not controlled or managed by IT departments. As a result, only 19% of respondents could declare their confidence that they know about all cloud applications, platforms or infrastructure services currently used in their organizations.

Along with the lack of control over the installation and use of cloud services, among the respondents there was no consensus on who is actually responsible for the security of data stored in the cloud. Thirty-five percent of respondents said that responsibility is shared between users and cloud service providers, 33% believe that responsibility lies entirely with users, and 32% believe that a cloud computing service provider is responsible for data security.

More than two-thirds (71%) of respondents noted that protecting sensitive user data stored in the cloud using traditional security tools and methods is becoming more difficult, and about half (48%) note that it is becoming more difficult for them to control or restrict end users access to cloud data. As a result, more than a third (34%) of IT respondents said that their organizations have already implemented corporate policies that require the use of security mechanisms such as encryption as a prerequisite for working with certain cloud computing services. Seventy-one (71) percent of respondents noted that the possibility of encrypting or tokenizing confidential or other sensitive data is of great importance to them, and 79% believe that the importance of these technologies will increase over the next two years.

When asked what exactly is being done in their companies to protect data in the cloud, 43% of respondents said that their organizations use private networks to transmit data. About two-fifths (39%) of respondents said that their companies use encryption, tokenization and other cryptographic means to protect data in the cloud. Another 33% of respondents do not know what security solutions are implemented in their organizations, and 29% said they use paid security services provided by their cloud computing service providers.

Respondents also believe that managing enterprise encryption keys is essential for securing data in the cloud, given the increasing number of key management and encryption platforms used by their companies. In particular, 54% of respondents said that their organizations retain control over encryption keys when storing data in the cloud. However, 45% of respondents said that they store their encryption keys in a software form, in the same place as the data itself, and only 27% store keys in more secure environments, for example, on hardware devices.

As for access to data stored in the cloud, sixty-eight (68) percent of respondents say that managing user accounts in a cloud infrastructure is becoming more difficult, while sixty-two (62) percent of respondents said that their organizations have access to the cloud for third parties. About half (46 percent) of those surveyed said their companies use multifactor authentication to protect third-party access to data stored in cloud environments. About the same number (48 percent) of respondents said that their companies use multifactor authentication technologies, including to protect the access of their employees to the cloud.

2013: Cloud Security Alliance Study

Cloud Security Alliance (CSA), a nonprofit industry organization that promotes cloud-based security practices, recently updated its list of top threats in a report titled "Cloud Evil: 9 Top Threats in Cloud Services in 2013."

The CSA points out that the report reflects the consensus of experts on the most significant security threats in the cloud and focuses on threats stemming from sharing shared cloud resources and accessing multiple users on demand.

The report, released Monday, aims to help cloud users and cloud service providers implement better risk mitigation strategies.

So the main threats...

Data theft

Theft of confidential corporate information always scares organizations with any IT infrastructure, but the cloud model opens up "new, significant attack highways," CSA points out. "If the multi-lease cloud database is not thought out properly, then a flaw in the application of one client can open up to hackers access to data not only of this client, but also of all other cloud users," CSA warns.

Any "cloud" has several layers of protection, each of which protects information from different types of "attempts."

So, for example, physical protection of the server. Here we are not even talking about hacking, but about theft or damage to information carriers. Taking the server out of the room can be difficult in the literal sense of the word. In addition, any self-respecting company stores information in data centers with security, video surveillance and restricted access not only to outsiders, but also to most of the company's employees. So the likelihood that the attacker will simply come and take the information is close to zero.

Just as an experienced traveler, fearing robberies, does not store all the money and valuables in one place, SaaS company does not keep all the information on one server. So, hacking, even if it happens, becomes much less painful. What does it threaten the user? Almost nothing. As practice shows, most often a database of email addresses is stolen when a server is hacked. This means that the user will receive a share of spam to the mailbox. And that's it.

The second layer of cloud protection is data protection. SaaS company encrypt all traffic using the https protocol using an SSL certificate. So the data will be safe from attempts by traffic analyzers to intercept them.

Data loss

Data stored in the cloud can be stolen by attackers or lost for another reason, writes CSA. If the cloud service provider does not implement proper backup measures, the data can be accidentally deleted by the provider itself or they will suffer in a fire or natural disaster. On the other hand, a customer who encrypts data before uploading it to the cloud, who suddenly lost the encryption key, will also lose their data, adds CSA.

The fear is justified, but problems can be avoided by backup. Companies that care about customers and reputation automatically copy the database daily and at least twice. Thus, if the user contacts technical support with a message about accidentally deleted but important files, they can be restored.

Such a problem should also be solved proactively, on the part of the user, and refers to the issue of instructing and computer literacy of colleagues, as well as restricting access rights to modify and delete files.

Account Theft/Service Hacking

In the cloud, a cracker can use stolen registration information to intercept, spoof or issue distorted data to redirect users to malicious sites, writes CSA. Organizations should prohibit the distribution of their registration data to other employees and the use of the same passwords for all services. It is also necessary to implement a reliable one two-factor authentication to reduce risk, the CSA recommends.

Unprotected interfaces and APIs

Weak software interfaces or Application Programming Interface (API), used by customers to manage and interact with cloud services, expose the organization to a number of threats, writes CSA. These interfaces must be properly designed and necessarily include authentication, access control, and encryption to ensure the necessary security and availability of cloud services.

The CSA also adds that organizations and third-party contractors often use cloud interfaces to provide additional services, making them more complex and increasing risk because it may be necessary for a customer to report their registration data to such a contractor to facilitate service delivery.

DDoS-attacks

Attacks such as "" can be launched on the cloud denial of service that overload the infrastructure, forcing the use of a huge amount of system resources and preventing customers from using this service. The attention of the press is most often attracted by distributed, or DDoS-ataks, but there are other types of DoS attacks that can block cloud computing, writes CSA. For example, attackers can run asymmetric DoS-attacks application layers using vulnerabilities in Web, servers databases or other cloud resources to flood an application with a very small payload.

Malicious insider

In an environment, IaaS PaaS or SaaS where a proper level of security is not provided, an insider with unseemly intentions (for example, a system administrator) may gain access to confidential information that is not intended for him, CSA warns.

Systems that rely only on a cloud service provider for security put themselves at great risk, CSA writes. "Even if encryption is implemented, if the keys are not stored only by the customer, being available only for the duration of data use, the system is still subject to malicious insider actions," CSA points out.

Using cloud resources by hackers

Cloud computing enables organizations of all sizes to harness enormous computing power, but someone may want to do so with unseemly intentions, CSA warns. For example, a hacker can use the combined power of cloud servers to crack an encryption key in minutes.

Cloud service providers should think about how they will track people using the power of cloud infrastructure to the detriment, how such abuses will be identified and prevented, writes CSA.

Lack of forethought

In pursuit of lower costs and other cloud benefits, some organizations are rushing to use cloud services without fully understanding all the consequences of this step, writes CSA. Organizations must conduct an extensive, thorough review of their internal systems and potential cloud supplier to fully understand all the risks to which they are exposing themselves, moving to a new model.

Related vulnerability

In any cloud delivery model, there is a threat of vulnerability through shared resources, CSA points out. If a key component of shared technology - for example, a hypervisor or an element of a common platform - is compromised, it puts not only the affected customer at risk: the entire cloud environment becomes vulnerable.

Cloud services can run slowly

Quite a popular claim to the "clouds." Indeed, the operation of such services may be unstable, but due to problems with the Internet. Slowly but surely the situation with the Internet in the country is improving. And a self-respecting company can take care of the quality of communication itself.

Notes and see also

  1. 99% of cloud resources provide excessive permissions
  2. the 2019
  3. Cloud Adoption and Risk Report
  4. study "Business Information Security" was conducted by Kaspersky Lab and B2B International in 2016. The study involved more than 4395 IT specialists from 25 countries around the world, including Russia..
  5. Why are customers unhappy with cloud providers?.