Organizations of all sizes have been moving their systems, software, and development tools to the cloud. “The cloud” does not exist as a single place or entity; instead, it is a computing model that makes servers, networks, storage, applications and development tools available through the internet. Cloud computing eliminates the need for a business to make investments in hardware, software, staffing and maintenance and is a cost-effective, efficient way to scale IT resources.
Why should you care about cloud security?
Cloud security is just as important as security of on-premises systems, data and applications. With cloud solutions, an organization’s sensitive data and personally identifiable information (PII) are stored in the cloud infrastructure and must be protected from cyberattacks and data loss due to any event, just as a business would protect that data on any platform.
Cloud security also lets a business reap the full benefits of the cloud. Employees working from home or in a hybrid work environment can easily and securely access apps and data from any location. With a secure cloud, businesses can back up their data to recover it if a disaster strikes.
Cloud Security Challenges
While cloud infrastructures are marketed as being secure, there are security challenges. Here is a list of six key cloud security challenges your clients can face:
- Data breaches
- Data loss
- Delayed software updates and patch management
- Malware Injection
- Insufficient identity, credential, access, and key management
- DoS and DDoS attacks
As the hybrid workspace starts to mature, many companies will continue to use the cloud, but configuration of cloud services is still an issue. If a business fails to properly secure their cloud computing infrastructure and it is breached, the business is responsible – not the cloud service provider.
Attackers continue to focus on the cloud to access and exfiltrate data. There have been data breaches on S3 data buckets and Elasticsearch databases. And cloud services continue to be attacked via traditional phishing and remote access misconfiguration. For example, Microsoft researchers disrupted the cloud infrastructure used by an email scammer group that compromised their initial targets through classical phishing emails, such as voicemail notifications. Once the attackers could access the mailbox, they updated the email-forwarding rules to exfiltrate sensitive emails, including financial emails. The attackers set up look-alike domains to trick victims into entering their email credentials, and even used legacy protocols to bypass multifactor authentication when enabled.
Data can be lost in the cloud due to:
- Disasters like fire, flood or earthquake
- Accidental deletion when a user or software application inadvertently deletes data; SaaS applications import large data sets using bulk uploads and they can sometimes overwrite data
- Malicious activity from an insider (e.g., disgruntled or terminating employee) or from a cyberattack
Delayed patch management and software updates
Software solutions often have millions of lines of code. Companies try their best to test their solutions before release, but bugs and vulnerabilities are commonly found afterwards. To fix these issues, companies release patches to fix bugs and other issues. Keeping business-critical applications and operating systems up to date increases the overall security posture and strengthens the operational capabilities of an organization by fixing bugs, issues and vulnerabilities in software solutions. According to the Ponemon Institute, 60% of data breaches are directly attributed to attackers exploiting a known unpatched vulnerability.
Patch management is the process of helping a business to identify, download, install and verify patches in order to ensure systems and applications stay up to date and secure. This can all be quite rigorous and time consuming for IT administrators, but automated solutions make it much easier.
A malware injection attack happens when an attacker creates a malicious server or application and injects it into the cloud infrastructure. The malicious code or server is then executed as a valid instance and redirects the cloud user’s requests to the attacker’s module or instance. The most common forms of malware injection attacks are SQL injection attacks and cross-site scripting attacks.
Structured Query Language (SQL) is a standard language for building and manipulating databases. It is often used in web and other servers. SQL injection attacks insert a malicious SQL code into a server to manipulate it and display database information that the attacker isn’t authorized to access. This information may include various types of data, including sensitive corporate data, credentials and PII.
While SQL injections can be used to attack any SQL-based database, these techniques primarily target websites. A malicious actor can carry out a SQL injection by simply submitting a SQL command into a vulnerable website search box and retrieving all user accounts for this web application.
Cross-site scripting Is a technique that resembles a SQL injection. It takes advantage of a web application’s vulnerability or poor security configuration to inject malicious code, so it can even infect legitimate websites. This technique differs from an SQL injection in that it targets the user rather than the data in the web application’s database. Cross-site scripting uses the website to load a legitimate site and executes the malicious script. The exploits can include various forms of malicious scripts.
Insufficient identity, credential, access and key management issues
Many attacks on cloud infrastructures are due to problems with identity and access management (IAM) that opens a cloud service to unauthorized access. This is not a new security issue, but has been exacerbated because cloud computing impacts identify, credential and access management. Security incidents and breaches happen because of:
- Inadequate protection of credentials because of misconfiguration of both access rights and the security solution
- Lack of regular automated rotation of cryptographic keys, passwords and certificates
- Lack of scalable identity, credential, and access management systems
- Failure to use multifactor authentication
- Failure to use strong passwords
DoS and DDoS
A denial-of-service (DoS) attack is a system-on-system attack that renders a resource – such as a website or cloud platform – unavailable. The attacker sends packets of large overhead to try and overwhelm the network with traffic. A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to attack a targeted resource.
Distributed denial-of-service attacks target servers, services, networks, and cloud infrastructures to disrupt their traffic, thereby preventing access for legitimate users. DDoS attacks are chiefly intended to cause financial or reputational damage to an organization or government body.
Such attacks usually utilize large networks of malware-infected systems (computers and internet of things (IoT) devices) that the attacker controls. Such individual devices are referred to as “bots” (or zombies), and a collection of them is known as a “botnet.”
Attackers use these botnets against servers or networks by having their bots send requests to the target’s IP address simultaneously, which results in an overloaded server or network – making it unavailable to normal traffic. Remediation is sometimes difficult as the bots are legitimate devices – making it hard to separate attackers from normal traffic.
Acronis Cyber Protect Cloud
Acronis Cyber Protect Cloud is a one-of-a-kind solution that delivers the protection your clients need to handle many of these security challenges. It detects and prevents advanced malware, offers remediation and investigation capabilities and provides total protection of your clients’ data. It unites behavioral, machine intelligence (MI), and signature-based anti-malware, endpoint protection management, backup and disaster recovery in one solution. With a single console and single agent, Acronis Cyber Protect Cloud offers unmatched integration and automation capabilities to reduce complexity, improve your productivity and decrease operating costs. And with Acronis Cyber Protect Cloud, you can expand your service with advanced protection packs, which include:
- Next-generation anti-malware, which uses MI-based technologies to prevent emerging/new malware
- Global threat monitoring and smart alerts from Acronis Cyber Protection Operation Centers (CPOC), so you can stay well-informed about malware, vulnerabilities, natural disasters and other global events that may affect your clients’ data protection – so you can take action to prevent them
- Forensic backup that allows you to collect digital evidence data, include this data in disk-level backups that are stored in a secure place to protect them from cyber threats, and use them for future investigations
- Patch management for Microsoft and third-party software on Windows, allowing you to easily schedule or manually deploy patches to keep your clients’ data safe
- Drive (hard disk) Health using MI technology to predict disk issues and alert you to take precautionary measures to protect your clients’ data and improve uptime
- Software inventory collection with automatic or on-demand scans to provide deep visibility into your clients’ software inventory
- Fail-safe patching by generating an image backup of your clients’ systems to enable easy recovery in case a patch renders these systems unstable
- With Acronis Cyber Protect Cloud, you can provide your clients with multiple layers of protection for their endpoints, ensure that their data, applications and systems are always available and protected, and recover their data and systems in the shortest time possible, no matter what happens.