As discussed in an earlier blog post on cloud computing, looked at how cloud computing enables business, but also found a number of areas of concern around the state of cloud security. The cloud ecosystem has blossomed as cybersecurity aggression and sophistication has increased. Social engineering, for example, has made the digital transformation of our enterprise based on cloud computing a challenge.
Back in late 2018, Forrester predicted that in 2019, cloud computing would ‘come of age’ with Software-as-a-Service (SaaS) connected cloud ecosystems emerging. As predicted, the cloud computing ecosystem and the establishment of cloud infrastructures in the enterprise, has arrived. A mid-year survey on cloud security from Symantec found that the average organization uses 452 cloud apps.
As cloud computing embeds itself in our corporate culture, how has security impacted its use in 2019?
According to Gartner, Inc., “organizations should never assume that using a Cloud service automatically means that whatever they do within this Cloud environment will be secure."
The above statement rings true in 2019 and will, no doubt, continue as a mantra into the 2020s. Securing the cloud in 2019 was held back by legacy tools. A report by Checkpoint found that 66% of organizations said that “traditional security solutions either don’t work at all or provide limited functionality in cloud environments.” The report went on to point out that 25% of respondents do not even know if their organization had been hacked in the cloud.
The ‘leaky cloud’ has been behind massive data breaches seen throughout 2019. Compromised accounts, stolen credentials, and misconfigured cloud services and servers have been exploited by cybercriminals to install malware and ransomware onto our organizations’ extended networks.
The following security issues caused major breaches and security incidents in cloud environments in 2019.
Misconfigured cloud services, cloud apps and web servers have been behind some of 2019’s biggest data breaches. This included the Capital One breach affecting over 106 million customers. In this case, a misconfiguration of a Web Application Firewall allowed the bank’s data to be compromised.
The situation regarding misconfiguration is also associated with security awareness, as a recent McAfee report found that 99% of Infrastructure-as-a-Service (IaaS) misconfigurations go unnoticed.
This is one of OWASP’s top ten cloud security risks. Identity data and access controls can be an entry point into the wider cloud infrastructure unless you utilize standard protocols that have robust security built-in. In addition, principles such as the use of ‘least privilege’ access to control resources on a need to know basis, can improve security and reduce the risk of data exposure. Cloud computing has created great challenges for IAM, and cybercriminals have picked up on this by focusing on credential theft. Credential hacking is “the most common attack method” according to a report on cloud security by The SANS Institute. A report by (ISC)2 concurs, with misuse of employee credentials and improper access controls being the number one cloud security issue.
Not knowing where data resides can be a problem when deciding what to protect and how best to protect it. What data you have and where it is can lead to leaks due to a lack of accountability and audit. A Symantec study found that two thirds of companies believe their data is for sale on the darknet.
At, we offer integrated DDoS attack protection as part of our managed security services. This helps businesses detect, mitigate and report on the most elaborate DDoS attacks and strengthens their cybersecurity posture.
The use of cloud infrastructure can cause confusion over who owns data, which can result in poor security measures. Accountability and Data Ownership is also another OWASP top ten cloud security risk. An Oracle report found that 82% of organizations have experienced a security event because of confusion over who is responsible for data security.
Cloud computing has changed the way we work in amazing ways. It has facilitated remote working, allowed SMBs access to enterprise class cloud apps, and created a more productive and cost-effective IT environment. However, cloud computing has also opened up opportunities for cybercriminals.
2019 saw some of the largest data breaches caused by cloud computing-based security vulnerabilities. Cloud computing has effectively given a second wind to the cybercriminal, opening up the threat matrix by providing more point of failure and ways into the enterprise.
The Capital One breach was a wake-up call for the protection of data in a hybrid cloud. Other data breaches in 2019, including the misconfiguration of Elasticsearch databases exposing 1.2 billion data records, have focused attention on cloud security. Cloud providers are making moves towards securing cloud infrastructures; the acquisition of security vendor Carbon Black by VMWare is an example of merging security and cloud.
However, we must go further and protect the entire extended cloud ecosystem. With the right precautions and measures in place, cloud computing in 2020 can become more secure.
Want to learn more about how your business can leverage the state of cloud security in 2020? A cloud cybersecurity assessment can also be helpful to understand your cloud cybersecurity posture, get strategic Cloud security recommendations and secure your critical assets before, during or after Cloud migration.