Cloud Misconfigurations: A Growing Security Threat

Ruth Lanigan

Ruth Lanigan

Cloud Misconfigurations: A Growing Security Threat

Cloud infrastructure, often referred to as IaaS (infrastructure as a service), has been adopted by the numerous organisations worldwide. Cloud infrastructure has many benefits including flexibility and agility but with that it also has its vulnerabilities and risks. One such vulnerability is cloud misconfiguration, which is becoming a prevalent source of risk for organisations. According to a study done by Trend Micro, cloud misconfiguration is now the number one risk to cloud environments in 2020.

A cloud misconfiguration occurs when a cloud-related system, asset, or tool is not configured properly. This improper setup may in turn jeopardise the security of your cloud-based data depending on the affected system, asset, or tool. Examples include:

  • EBS data encryption is not turned on.
  • Unrestricted outbound access
  • Access to resources is not provisioned using IAM roles.
  • EC2 security group port is misconfigured.
  • Publicly exposed cloud resources.
  • EC2 security group inbound access is misconfigured.
  • Unencrypted AMI is discovered.
  • Unused security groups are discovered.
  • VPC Flow logs are disabled.

A recent example of a breach that occurred due to a cloud misconfiguration is the attack on Razer, which potentially exposed 100,000 customers to phishing and fraud.

In April for instance, Key Ring, creator of a digital wallet app used by 14 million people across North America, found that it exposed 44 million IDs, charge cards, loyalty cards, gift cards and membership cards to the open internet via an Amazon Web Services S3 server.

In June, an AWS cloud-storage bucket that was left open to the public internet has exposed thousands of Joomla users’ personal information. And in July, an exposed ElasticSearch server belonging to Software MacKiev put 60,000 users of the Family Tree Maker software at risk.

How much can misconfigurations cost you?

The cloud security company DivvyCloud found from their “2020 Cloud Misconfigurations Report” that between the start of 2018 and the end of 2019, breaches that were caused by cloud misconfigurations cost companies around the world an estimated $5 trillion. The report also noted that more than 33 billion records have been exposed over the last two years as thousands of companies move to cloud environments without the appropriate security systems in place. For the most part, these breaches were totally avoidable.

So what is the cause?

It is easy to assume that security technologies will keep us safe from hackers who trawl the internet looking for software vulnerabilities to exploit. But nothing could be further from the truth.Security is underpinned as much by user behaviour as it is by the technology solutions that enforce it and so it is no surprise that human error is a major cause of organisations’ compliance problems and in obstructing their digital transformation to the cloud. As misconfigurations don’t exist within a computer’s operating system, they are less visible to traditional security testing tools, which means they can often go undetected without constant monitoring from dedicated security teams. Businesses need to know what misconfigurations are imminent within their organisation and how serious they are in order to reduce the risk of a serious vulnerability. As a result, scanning for vulnerabilities alone is often not enough to manage risk in their cloud infrastructures, complete visibility into your infrastructures is key and with this a strategy to prevent and detect misconfigurations needs to be put in place.

Other than human error, companies are lacking a holistic approach to security which opens them up to undue risk often caused by:

  • Failure to shift from outdated security models
  • A lack of unified cloud visibility
  • Unprecedented rate of change, scale or scope
  • Unencrypted data stores exposed to a public internet – this provides cyber-criminals with opportunities to undertake various activities such as stealing and ransoming data and installing malicious digital skimming code onto websites.

What can you do?

It’s important to note that while misconfigurations are a risk, they can be effectively managed. With the right tools and processes in place, you can leverage cloud infrastructure in a secure way. Correctly configuring cloud infrastructure requires close collaboration among development, IT, operations, and security teams. It also requires an understanding of proper configurations.

As public clouds become more widely used within an organisation, the risk of misconfiguration grows. But it can be avoided as long as organisations use cybersecurity and policy automation to keep up with the sheer volume of network activity. If more IT security tasks are automated, organisations are better prepared to reduce hybrid cloud complexity and improve network visibility to prevent cloud misconfiguration happening in the first place.

The goal for businesses is to make sure that a misconfiguration never occurs in the first place. Your organisations defence strategy should clearly outline everything from how assets should be configured right through to an incident response plan.

Steps your organisation can take:

  • Review access controls to ensure only authorized users can take action on specified cloud resources. This includes ensuring IAM policies are properly implemented, for example bucket policies on storage accounts inside of Amazon S3.
  • Increase visibility – To effectively discover misconfigurations, businesses need to increase visibility into their weaknesses. Organisations must understand the weaknesses that impact their security and cloud infrastructure.
  • Know your cloud environments and transition to a cloud provider – this cannot be a one-time event but must be monitored and enforced constantly, as the software-defined nature of the cloud leads to frequent changes.
  • Enforce the principle of least privilege by only giving your users the permissions they need to do their jobs. Consider setting up multifactor authentication and single sign-on for extra layers of security.
  • Implement logging, which can identify changes to your cloud environments and help determine the extent of an incident.

Summary:

Gartner predicts that by 2021, over 75% of midsize and large organisations will have adopted a multi-cloud or hybrid IT strategy. As cloud platforms become more prevalent, IT and DevOps teams face additional concerns and uncertainties related to securing their cloud instances.

It’s important to note that while misconfigurations are a risk, they can be effectively managed. Correctly configuring cloud infrastructure requires close collaboration among development, IT, operations, and security teams. With the right tools and processes in place, businesses can leverage cloud infrastructure in a secure way. It is therefore imperative that businesses secure their cloud networks by arming their teams with both the right tools and knowledge in the most efficient way possible.

Ruth Lanigan

Ruth Lanigan