What is Cloud Security?

Cloud security refers to a wide range of policies, procedures and/or technologies that are used to protect data, applications, and infrastructure that are hosted or stored in cloud environments.

Organizations are increasingly shifting to cloud-based storage for their digital information because cloud-based storage allows ubiquitous access to company data through the internet. This shift to cloud environments is also known as “cloud migration." While cloud technology enables enterprises to increase productivity, they are also at risk of new forms of cyber threats that are aimed at information stored in the cloud.

‍

Cloud computing services are a computational service provided by a third party ISV to help organizations run their business operations. Shifting to cloud-based operations allows enterprises to off-load tasks that are time consuming for their IT teams. Popular cloud computing services:

IaaS (Infrastructure-as-a-Service)

‍Provides on demand, pay-as-you-go virtualized computing services, network, and storage resources.

PaaS (Platform-as-a-Service)

‍PaaS includes operating systems and database management and development tools that developers need to build and run applications.  

SaaS (Software-as-a-Service)

‍SaaS is an application delivery model that allows users to access data and conduct work activity via an application that is accessible over the internet.

As the digital threat landscape continues to change and evolve, organizations shift from on-premises ecosystems to on-demand cloud computing alternatives, it has become of outmost importance to understand the security requirements needed to keep information secure from internal and external threats. This remains true during the migration process and after consequent deployment since accountability and responsibility of cloud-asset security could remain in the hands of the organization and not the third-party cloud computing provider.

In hybrid or full cloud environments, security may be difficult to manage. Unfortunately, the implications of cyber breaches related to the cloud could be critical, especially if they are associated with sensitive client data, for example. Although third-party providers may offer a list of best security practices and may regularly update their security posture, organizations should remain vigilant and proactive in their cybersecurity perspective.  

‍

Reduced visibility and control

Since organizations may offload some of the management of services to third party providers, they may lose visibility and control of those assets and operations. Regardless, organizations should continuously monitor their cloud-based solutions to ensure the high standard of security practices are in place.

Shadow IT

‍Shadow IT is the exposure of an organization’s digital systems, like software, devices and applications, outside the control or knowledge of the IT department. Because digital activity in the cloud takes place outside the organizations network, cloud shadow IT poses a threat to business continuity given that these services can be accessed anywhere through the internet.

Compliance violations

Utilizing cloud services could add an additional layer of complexity when it comes to compliance regulations. Since it could be more difficult to identify and oversee all cloud-based assets, organizations might lose track of the controls, permissions, and documentation pertinent to each asset.  

Misconfiguration

‍These are vulnerabilities in your systems such as unpatched networks that an attacker can use to breach your systems. Misconfiguration accounts for a significant amount of security breaches in cloud environments. Common cloud misconfigurations are leaving unrestricted inbound or outbound ports, disabling monitoring or logging, opening ICMP access.

External sharing of data

‍When data is shared with third-party service providers, data has the potential to be intercepted or compromised. Encryption of sensitive data and appropriate data management tools will allow organizations to accommodate for any risk external data sharing poses to their organizations.  

Insecure APIs

Since cloud computing occurs via the Internet, cloud service providers may utilize application program interfaces (APIs) to allow organizations to connect and manage their cloud deployment. Unfortunately, these APIs could be exposed to the internet. Additionally, just like any software, it may contain defects, bugs, and vulnerabilities that could be exploited by threat actors.

When organizations move their data to cloud environments, they are creating a new landscape with respective vectors for cyber criminals to attack. Having visibility on these cloud systems is paramount to reducing the risk of a successful cyber-attack.  

Account takeover

‍Account takeover, account takeover fraud, or account compromise refers to a cyber-criminal gaining control of a legitimate business account. This can happen when a threat actor successfully obtains an individual’s login credentials. Account takeover can be detrimental to business operations at any organization because with a legitimate account, attackers can operate covertly, have a stamp of credibility, and authority depending on whose account is compromised.

Insider threat

‍Insider threats are individuals within an organization that pose a threat to cyber security. This can also take the form of human error through unintentional insider threats, for example, accidental data leakage. Threats like these make it crucial to have awareness of user activity and have incident response procedures in place.

Misconfiguration

These are vulnerabilities in your systems such as unpatched networks that an attacker can use to breach your systems. Misconfiguration accounts for a significant amount of security breaches in cloud environments. Common cloud misconfigurations are leaving unrestricted inbound or outbound ports, disabling monitoring or logging, opening ICMP access.

‍

Cloud environments are hosted by 3^rd parties that have their own security posture. However, it is still vital for organizations to develop a monitoring system that allows them to keep track of user accounts and other digital assets that might be at risk of a cyber-attack in the cloud and throughout their digital ecosystem. To do this, choose a security solution that provides integration capabilities to your desired cloud infrastructure, with visibility of your digital assets, and can detect and response capabilities for threats aimed at your cloud environment.

Cloud computing is the on-demand availability of computer resources (such as software, data storage, computing power, etc.) over the Internet. It provides organizations flexibility and ease of scalability, typically because organizations completely or partially allow a third-party provider to manage the cloud infrastructure, software, or service. The three most common cloud computing services are: SaaS (Software as a Service), PaaS (Platform as a Service), and IaaS (Infrastructure as a Service).  

Cloud security aims to provide a framework and/or technologies, among other solutions, that can be used to protect these cloud-enabled assets.  

Each organization faces its own set of unique problems, given the size, complexity, and scale of their cloud environment – because of that, they should take into consideration the scope of their deployment and understand that each cloud security solution may look different.

NIST (National Information Technology Library) has a list of guidelines and FAQs that can guide organizations through the development of their cloud security posture. Some of the guidelines, written by the Federal Trade Commission, essentially advice organizations to:

• Take advantage of the security features offered by cloud service companies.
• Take regular inventories of what is kept in the cloud.
• Not store personal information when it is not necessary.
• Understand that security is your responsibility.

Furthermore, holistic security guidelines, such as the NIST Cybersecurity Framework, can also be applied to cloud computing. This framework highlights five key-functions that organizations should consider when managing and developing their cybersecurity lifecycle: Identify, Protect, Detect, Respond, and Recover. As mentioned in their website, “these five widely understood terms, when considered together, provide a comprehensive view of the lifecycle for managing cybersecurity risk over time."

Organizations can identify and mitigate human-related security breaches in the cloud by:

Conducting regular security audits

‍These may help organization identify vulnerabilities and quickly deploy suitable patches.

Offering security awareness and training

‍Having a security-aware workforce may help employees understand what necessary steps they should take to mitigate any and all human-prone cyber risk.

Establishing an Identity and Access Management (IAM) discipline

‍IAM could allow organizations to keep unauthorized access of specified assets to a minimum. It attempts to ensure that the right people access the right resources at the right time.

Leveraging encryption and key management

‍Proper encryption of data should be utilized. Furthermore, organizations should leverage strong encryption and ensure proper management of encryption keys to keep data secure.        

Each organization’s cloud architecture is unique and has its own set of individual considerations. With that in mind, organizations should consider the following common factors when selecting cloud security solutions and providers:

Certifications & Standards

Technologies & Service Roadmap

Data Security, Data Governance and Business policies

Contracts, Commercials & SLAs

Reliability & Performance

Migration Support, Vendor Lock in & Exit Planning

Business health & Company profile

Organizations could lean on a few well-known ones to enhance and develop the security of their cloud environments:

Ensure that internet-facing services are secure

‍Although it’s always better to completely limit access to and from the internet to a cloud environment, it’s not always possible. As such, it is recommended to review any internet-facing services and establish secure processes and procedures.

Leverage a zero-trust network.

‍In zero-trust networks, nothing is trusted by default.

Understand the shared responsibilities

‍With cloud services, both the organization and the provider share responsibility of cloud applications and the data. It is of outmost importance for all parties to understand their portion of the shared responsibilities to ensure a robust security posture.

Darktrace/Cloud for a secure cloud environment

Darktrace/Cloud is powered by Self-Learning AI, which learns an organization’s normal business operations so it can recognize subtle deviations that indicate a cyber-attack. In this way, Darktrace offers highly bespoke security solutions that can be deployed anywhere a company has data, including standard cloud deployments, as well as serverless deployments and microservices. 

Darktrace/Cloud provides total visibility of an organization’s data in a single pane of glass. It analyzes network data in the cloud alongside control pane events. It covers IaaS, PaaS, and SaaS to regain control over single and multi-cloud infrastructure. Not only can it identify emerging threats across these areas, but it can also take targeted, proportionate action to autonomously neutralize cyber-attacks, without disrupting business. 

With all these capabilities, Darktrace can protect organizations from major threats to data security. For example, Darktrace/Cloud can detect data exfiltration and insider threats, protecting sensitive information stored in the cloud. It can identify unusual data downloads and when it detects a suspicious data flow in Kubernetes cluster, it can contain it. Finally, since Darktrace/Cloud’s AI grows with each business’s data, it benefits organizations at all stages of their cloud journeys.