The concept of storing sensitive data in the cloud was once seen as ludicrous. Now, businesses are moving into cloud security at an exponential rate with the promise of larger storage space, lower costs, and improved performance. However, with such great benefits come severe risks.
Financial Risks of Data Breaches
Due to the immense amount of confidential data in the cloud, attackers are targeting cloud infrastructures ranging from small-owned businesses to large companies, including Fortune 500s such as CapitalOne, which fell victim to a $270 million data breach in 2019. More recently, in May 2022, an airline company named Pegasus had an open S3 bucket (an Amazon Cloud storage service used to contain data) that held 6.5TB of sensitive data, including plaintext passwords, source code, and PII.
In 2021, the average cost of a cloud breach was calculated to be in the seven figures, with public cloud infrastructures being about $4.80 million, private cloud infrastructures being $4.55 million, and hybrid cloud infrastructures (mix of public and private) being $3.61 million. Out of these figures, it was found that 94% of enterprises use the cloud, 91% of which use a public cloud service such as AWS (Amazon Web Services), Azure, or GCP (Google Cloud Provider).
Due to COVID-19, companies moved toward a remote working style, which also increased employees’ online presence. This resulted in increased severity of data breaches. On average, companies with an 81-100% remote workforce were estimated to lose $5.54 million from a data breach (over $1 million more costly than companies where remote work was not a factor in the data breach).
The cloud is still at its infancy stage, so critical and high severity vulnerabilities present in the infrastructures of enterprises are reminiscent of the simple vulnerabilities that existed within on-premises environments during the early stages of the internet.
Complexities of the Public Cloud
These vulnerabilities exist not only due to cloud infrastructures being a new concept but also because of the cloud’s inherently complex nature. The public cloud typically consists of two different responsibilities:
Customer responsibility – Security in the cloud
Public cloud service responsibility – Security of the cloud
The cloud service provider is responsible for ensuring that their data center is secure from a data breach. For this reason, these data centers are air-tight and implement security best practices. However, despite the security of the public cloud service, serious vulnerabilities can occur when a customer uses a public cloud service to build their own infrastructure. Public cloud services provide the customer with many different use-cases for how they want to customize their infrastructure, and this power can easily result in insecure configurations.
Lack of Resources
The complexities of the cloud have led to a surge in demand for cloud security engineers. This demand was only exacerbated by the COVID-19 pandemic, which increased online presence. However, the supply of security engineers is far behind the demand, and the imbalance is becoming more extreme as attacks against cloud infrastructures are rising.
How to Secure a Cloud Environment
Security engineers alone cannot carry the weight of an entire cloud infrastructure, as it is only as secure as its weakest link. Finding such a weak link within a cloud environment is akin to finding a needle in a haystack, as misconfigurations are typically buried under hundreds and sometimes thousands of policies, identities, and instances.
Therefore, performing penetration tests (simulated attacks) against a company’s cloud infrastructure is becoming exceedingly important. Trained professionals in this field are conditioned to find weak links in such environments, verify them, and directly report them to their point of contact so that these vulnerabilities can be patched before a malicious actor exploits them.
3 Common Mistakes Security Engineers and Developers Make
The following are three common mistakes that security engineers and developers make within a cloud environment:
- Not following the principle of least privilege. Cloud environments are typically improperly configured to provide more access than is necessary.
- Developing insecure applications and functions: Insecure applications and functions can provide an attacker with a pathway into the cloud environment upon exploitation. Privileges can be escalated within a cloud environment if a higher-privileged identity or role is compromised (such as by compromising a VM).
- Security groups are improperly configured, allowing more traffic than is necessary.
Cloud infrastructures are easy to misconfigure, which can result in extreme consequences. Therefore, a cloud infrastructure’s security posture should be tested every time a significant change is applied.
Why Choose SecurityScorecard
At SecurityScorecard, your security posture can be tested and strengthened from all angles, from the cloud to external, internal, mobile, web, and Wi-Fi infrastructures. SecurityScorecard’s penetration testing service ensures that your environment is safe while helping you achieve compliance. The adage that “the best defense is a good offense” is ever more true when it comes to cybersecurity.