Cloud infrastructure, often referred to as IaaS (infrastructure as a service), has been adopted by the numerous organisations worldwide. Cloud infrastructure has many benefits including flexibility and agility but with that it also has its vulnerabilities and risks. One such vulnerability is cloud misconfiguration, which is becoming a prevalent source of risk for organisations. According to a study done by Trend Micro, cloud misconfiguration is now the number one risk to cloud environments in 2020.
A cloud misconfiguration occurs when a cloud-related system, asset, or tool is not configured properly. This improper setup may in turn jeopardise the security of your cloud-based data depending on the affected system, asset, or tool. Examples include:
EBS data encryption is not turned on.Unrestricted outbound accessAccess to resources is not provisioned using IAM roles.EC2 security group port is misconfigured.Publicly exposed cloud resources.EC2 security group inbound access is misconfigured.Unencrypted AMI is discovered.Unused security groups are discovered.VPC Flow logs are disabled.
A recent example of a breach that occurred due to a cloud misconfiguration is the attack on Razer, which potentially exposed 100,000 customers to phishing and fraud.
In April for instance, Key Ring, creator of a digital wallet app used by 14 million people across North America, found that it exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet via an Amazon Web Services S3 server.
In June, an AWS cloud-storage bucket that was left open to the public internet has exposed thousands of Joomla users’ personal information. And in July, an exposed ElasticSearch server belonging to Software MacKiev put 60,000 users of the Family Tree Maker software at risk.
How much can misconfigurations cost you?
The cloud security company DivvyCloud found from
their "2020 Cloud Misconfigurations Report” that between the start of 2018
and the end of 2019, breaches that were caused by cloud misconfigurations cost
companies around the world an estimated $5 trillion. The report also noted that
more than 33 billion records have been exposed over the last two years as
thousands of companies move to cloud environments without the appropriate
security systems in place. For the most part, these breaches were totally
avoidable.
So what is the cause?
It is easy to assume that security technologies will keep us safe from hackers who trawl the internet looking for software vulnerabilities to exploit. But nothing could be further from the truth.Security is underpinned as much by user behaviour as it is by the technology solutions that enforce it and so it is no surprise that human error is a major cause of organisations’ compliance problems and in obstructing their digital transformation to the cloud. As misconfigurations don't exist within a computer’s operating system, they are less visible to traditional security testing tools, which means they can often go undetected without constant monitoring from dedicated security teams. Businesses need to know what misconfigurations are imminent within their organisation and how serious they are in order to reduce the risk of a serious vulnerability. As a result, scanning for vulnerabilities alone is often not enough to manage risk in their cloud infrastructures, complete visibility into your infrastructures is key and with this a strategy to prevent and detect misconfigurations needs to be put in place.
Other than human error, companies are lacking a
holistic approach to security which opens them up to undue risk often caused
by:
Failure
to shift from outdated security modelsA
lack of unified cloud visibilityUnprecedented
rate of change, scale or scopeUnencrypted
data stores exposed to a public internet – this provides cyber-criminals with
opportunities to undertake various activities such as stealing and ransoming data
and installing malicious digital skimming code onto websites.
What can you do?
It’s important to note that while
misconfigurations are a risk, they can be effectively managed. With the right
tools and processes in place, you can leverage cloud infrastructure in a secure
way. Correctly configuring cloud infrastructure requires close collaboration
among development, IT, operations, and security teams. It also requires an
understanding of proper configurations.
As public clouds become more widely used within an organisation, the risk of misconfiguration grows. But it can be avoided as long as organisations use cybersecurity and policy automation to keep up with the sheer volume of network activity. If more IT security tasks are automated, organisations are better prepared to reduce hybrid cloud complexity and improve network visibility to prevent cloud misconfiguration happening in the first place.
The goal for businesses is to make sure that a
misconfiguration never occurs in the first place. Your organisations defence strategy
should clearly outline everything from how assets should be configured right
through to an incident response plan.
Steps your organisation can take:
Review
access controls to ensure only authorized users can take action on specified
cloud resources. This includes ensuring IAM policies are properly implemented,
for example bucket policies on storage accounts inside of Amazon S3.Increase
visibility - To effectively discover misconfigurations, businesses need to
increase visibility into their weaknesses. Organisations must understand the
weaknesses that impact their security and cloud infrastructure.Know
your cloud environments and transition to a cloud provider - this cannot be a
one-time event but must be monitored and enforced constantly, as the
software-defined nature of the cloud leads to frequent changes.Enforce
the principle of least privilege by only giving your users the permissions they
need to do their jobs. Consider setting up multifactor authentication and
single sign-on for extra layers of security.Implement
logging, which can identify changes to your cloud environments and help
determine the extent of an incident.
Summary:
Gartner predicts that by 2021, over 75% of
midsize and large organisations will have adopted a multi-cloud or hybrid IT
strategy. As cloud platforms become more prevalent, IT and DevOps teams face
additional concerns and uncertainties related to securing their cloud
instances.
It’s important to
note that while misconfigurations are a risk, they can be effectively managed. Correctly
configuring cloud infrastructure requires close collaboration among
development, IT, operations, and security teams. With the right tools and
processes in place, businesses can leverage cloud infrastructure in a secure
way. It is therefore imperative that businesses secure their cloud networks by
arming their teams with both the right tools and knowledge in the most
efficient way possible.
Find out more