Top 5 cloud security risks
By Alex Hawkes|19 June, 2023
Cloud security is a constant concern and tends to revolve around common themes - how do you give intended users access to the data and systems their clearance allows, while maintaining a good user experience; and how do you keep unintended users or malicious bots out?
In the entanglement of systems, services, and applications that make up a modern IT infrastructure, this is a lot harder to balance in practice than it is on paper. The more security measures you deploy, the more overheads you add, potentially impacting your user experience.
Then the more complex your infrastructure, the more management and configuration required by the humans in charge, and the greater the potential for disaster. After all, human error has been the leading security concern since forever and this will probably always be the case.
According to Gartner 99% all cloud security failures will be due to some level of human error and by its very nature, hosting resources on the public cloud magnifies the risk.
The approach you have to take is acceptance that you can never eliminate a risk or threat, you can only manage it.
But that’s not to say there aren’t steps you can take to shore up your cloud security and make life easier for you as an administrator or network manager, and your users and employees.
Let’s look at the top five cloud security risks in 2023:
Misconfiguration: Misconfiguration is one of, if not the most common cloud security risk. As you add more providers, services, and applications, the attack surface becomes harder to manage.
Misconfiguration is mostly down to human error and will include things like not changing default configurations, weak or non-existent passwords, over privileged users, unpatched systems, and auditing or logging disabled.
The ease of access to cloud software and applications also means other users and departments can introduce cloud services to your infrastructure, beyond what was traditionally the domain of the ‘IT department’.
APIs: Application Programming Interfaces, otherwise known as APIs, are there to make life easier. Public cloud applications typically interact with each other and other infrastructure via APIs - this means you don’t have to use a bespoke interface or dashboard for every single service, reducing the time and manual heavy lifting involved in management.
The downside is that using APIs to plug other services and applications into your own infrastructure means putting your faith in that third party’s API and their security processes. The news is full of stories where malicious actors managed to exploit an API for nefarious reasons and in some cases use that as leverage to break into some very big companies.
Ensure you carry our due diligence and review any APIs before integrating them into your infrastructure.
Data breaches: Data breaches remain one of the most common cloud security risks. There are tens of thousands of data breaches reported every year - and these are only the ones actually identified - and the vast majority of them involve cloud-based data.
A data breach or loss is when sensitive or private information leaves your company infrastructure without permission. Often, data is worth something to someone and could include your customers’ personal information such as contact details or credit card info.
The cloud has made collaboration and share-ability very easy, but that comes at a price for the unwary.
Also remember that data breaches aren’t always external threats. Employees removing data, such as sensitive documents or customer lists is also a concern.
Hackers and Advanced Persistent Threats (APT): If you’re big enough or interesting enough, or annoy the wrong people, you may become a target for hackers or criminal organisations. An Advanced Persistent Threat or APT is a more sophisticated and sustained cyberattack in which a malicious actor intends to exploit an undetected presence in a network to steal sensitive data over a long period of time.
Such attacks are difficult to detect as they rely on incremental exploits, with attackers slowly moving from system to system looking for the most valuable data to steal, usually with the intention of ransom or selling that info on to the highest bidder.
Such attacks may make use of ‘zero day’ exploits, or brand new vulnerabilities that have been discovered and have yet to be patched by the software vendor. Even if a patch appears to close this hole it may already be too late and you may be locking the door with the attacker inside.
Auditing and logging are crucial as a form of defence, along with routing penetration testing to identify all your potential attack vectors.
Malware: Malware is as prevalent a threat in the cloud as it is in traditional networking. This automated malicious software will seek to exploit misconfigurations, weak passwords, lack of authentication, and zero day exploits to spread itself and perform nefarious activities.
Once it has infiltrated a system, cloud malware can spread quickly and opens the door to even more serious threats such as installing keyloggers, or sending sensitive data out past the firewall.
Multiple layers of security are necessary to detect and defend against this attack, and enterprises should look at a ‘zero-trust’ model, which always assumes that there’s a data breach, applies multi-factor authentication, and assigns the lowest level of privilege required to users and services.
The role of Software Defined Cloud Interconnects (SDCIs) in cloud security
Although security incidents can only be made improbable and never impossible, your choice of connectivity actually has an impact.
For example, a private or dedicated network connection to your cloud infrastructure provides a more secure way to connect than over a public internet connection. Because a private or dedicated network is not shared with other users, it makes it more difficult for attackers to gain access to your data.
Software Defined CIoud Interconnects (SDCI) and Network-as-a-Service (NaaS) solutions like Console Connect, provide private network connectivity between enterprises and public cloud service providers (CSPs) such as AWS, Azure, and Google Cloud.
They serve as aggregators and intermediaries to quickly provision logical connectivity to cloud service providers and typically offer a management dashboard that provides billing, monitoring, security, and administration from a single interface.
Additionally, SDCIs can facilitate the use of advanced security measures such as encryption and access controls.
But that’s not all, while increased security measures can add additional overheads to your network, a dedicated network connection with guaranteed bandwidth and uptime can still deliver improved reliability and availability, ensuring that critical applications and services remain responsive during peak usage periods or in the event of a network outage or attack.