How Organizations Can Minimize Risk in Complex Cloud Environments
Learn how unattended risks in multi-cloud environments leave data exposed.
Gil Geron, CEO of Orca Security, outlines strategic steps for robust cloud security and explores key insights and actionable tips to safeguard cloud assets effectively.
The expanding use of multi-cloud environments has delivered a lot of functional and productive benefits to organizations. Still, it has also created a lot of risk that, in many cases, has gone unattended, exposing critical and sensitive data.
Orca Security recently released the 2024 State of Cloud Security Report, which notes that organizations are making incremental progress in protecting their cloud assets. However, it also reveals glaring weaknesses, including a widespread lack of basic security practices in cloud infrastructures and a slew of sensitive data residing on public-facing and exposed assets. In today’s fast-growing, increasingly complex cloud environments—facing an equally fast-moving and sophisticated threat landscape—incremental progress is not enough.
Organizations must prioritize their risks and take concrete measures toward shoring up their cloud security postures. Among those steps are strategically applying patches, maintaining identity and access management (IAM) controls, and strictly enforcing robust principle of least privilege (PoLP) policies. Organizations also need to identify and locate their crown jewels—their most critical assets in the cloud—closely monitor their environments, and make better use of malware detection tools.
And, especially in today’s cloud environments, they need to use AI and automation. It can seem like a daunting task, especially considering the growing size and increasing complexity of cloud environments, but with a strategic approach and the right tools, enterprises can significantly reduce their risk.
The Expanding Attack Surface
For all the advantages cloud systems bring to businesses and other organizations, they also expand the attack surface and increase risk. Data breaches increased by 20% from 2022 to 2023, with 80% of those breaches involving data stored in the cloud, according to a report by the Harvard Business Review, which listed cloud misconfigurations first among the primary reasons for the breaches.
The State of Cloud Security Report, based on analysis of billions of cloud assets on AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud by the Orca Research Pod, breaks down how complex cloud systems expose data and raise risk levels while highlighting steps organizations can take to protect that data and improve security.
The study found that 84% of organizations have at least one public-facing neglected asset, defined as a cloud asset that either uses an unsupported operating system or has gone unpatched for at least 180 days. And 81% have public-facing, neglected assets with commonly targeted open ports, such as ports 80, 443, 8080, 22, 3389 or 5900. These ports are favored targets for attackers, who routinely scan for open ports and known vulnerabilities.
Meanwhile, old, known vulnerabilities—another favorite target of attackers—persist in many organizations. Ninety-one percent of organizations have at least one vulnerability that dates back more than 10 years, and 46% have a vulnerability older than 20 years. The oldest vulnerability found was of 2001 vintage. Sixty-two percent also have severe vulnerabilities in code repositories.
One in five organizations store sensitive data in public-facing locations—21% in buckets and 20% in databases- a disaster waiting to happen. Data stores with PII, credit card data, healthcare information, and other sensitive information that are publicly accessible leave organizations open to ransomware, data exfiltration, and other consequences, including regulatory penalties and reputational damage.
Other risky behaviors—each of them found in 82% of organizations—include having an Amazon SageMaker cloud-based AI platform with at least one notebook exposed to the internet and having a publicly accessible Kubernetes API server. Another 5% had an Amazon Web Services S3 bucket with Write access.
And lax enforcement of identity and access management (IAM) policies is another source of risk. Nearly a quarter (24%) of organizations had a public-facing workload with a weak or leaked password. Most organizations also have dormant or unused network identities—82% had IAM user credentials that hadn’t been used in more than 90 days, and 72% had unused IAM roles.
On top of that, 61% of organizations don’t apply multi-factor authentication (MFA) on their cloud account’s root user, which is especially concerning since it puts root users (similar to a super admin) at risk of credential-based attacks.
See More: Turning to Security Data Lakes to Solve Security Data Silos
5 Cloud Security Essentials—and Beyond
Let’s look at five critical steps organizations can take to secure their cloud infrastructures.
1. Prioritize patches and updates
Because attackers frequently target known vulnerabilities, assets with those vulnerabilities—such as the ones listed on MITRE’s Common Vulnerabilities and Exposures (CVE) list—should be fixed as soon as possible. However, with the sheer number of vulnerabilities out there, it’s impossible to fix all vulnerabilities. Also, there can be a big difference in risk level even if the vulnerability on different assets is the same. For instance, if the asset is internet-facing, this greatly increases the risk, or if there’s sensitive data on the asset. Therefore, organizations must patch strategically by understanding which vulnerabilities present the greatest cloud risk so that they can be prioritized and remediated first.
Organizations should ensure that they are using only applications and operating systems that are supported and receiving vendor updates.
It’s also important to maintain an updated cloud asset inventory and prioritize protections for assets with sensitive data. When possible, opt for agentless solutions that offer complete visibility and deep insights into assets.
2. Get control over access
Credential-based attacks are the top risk facing cloud systems, so monitoring user and machine identities on the network and deactivating those not being used is critical. For active users, apply the Principle of Least Privilege (PoLP) to ensure that users have access only to the system and data they need. Also, implement privileged access management which includes providing just-in-time access for users and temporary credentials for third parties.
Strong user authentication is also a must, so organizations need to use MFA wherever possible and make sure users are signing on with strong, unique passwords.
3. Locate the crown jewels
Knowing where your most critical business assets are in the cloud isn’t always simple since it can, for instance, include sensitive shadow data that security teams are unaware of. Organizations must prioritize these assets and apply their strict security rules to them.
4. Be ready for threats
Regular, robust monitoring of domains and subdomains, as well as the auditing of configurations, can prevent mismanagement and misuse. Your choice of malware detection should be capable not only of identifying known threats but also of using heuristic scanning to detect unknown malware and zero-day threats. Making use of Infrastructure as Code’s machine-readable methods, as opposed to manual processing, minimizes human error, and can act as an early checkpoint for risk scanning.
All monitoring and audit procedures should also apply to access logs, with alerts set to flag unusual activities and allow for a swift response.
5. Backup often and offline
Up-to-date backups, stored offline if possible, are a key provision in the event of a ransomware attack because they can allow organizations to restore systems without paying a ransom.
Generative AI Can Help Secure the Future
The spate of vulnerabilities affecting cloud environments results, in large part, from the complexity of multi-cloud environments. But it’s also compounded by the ongoing shortage of cybersecurity professionals.
The rise of generative AI can help organizations address some of the most serious problems affecting their cybersecurity postures. AI tools can help alleviate the workforce shortage by taking over routine tasks while simplifying others, lowering the skill thresholds required of team members for certain jobs, and automatically generating optimal configurations. For example, AI can generate instructions and code for remediating a detected risk on a specific cloud platform, thus providing cloud security engineers with valuable assistance.
AI can also take a burden away from security teams by investigating and remediating the hundreds of security alerts typically received each day, which can help them avoid alert fatigue and burnout.
Importantly, AI may offer the best defense against attackers using AI to launch sophisticated attacks, including zero-day attacks. In the event of a zero-day attack, AI tools can not only help identify the attack but quickly determine which assets are most vulnerable, enabling quick mitigation.
Complex multi-cloud environments, sophisticated tools used by hackers, and strain on understaffed cybersecurity teams all increase the risk of cloud estates being breached. However, organizations can still actively improve the security of their cloud environments by implementing industry best practices and leveraging a cloud security solution that clearly shows which risks in the environment are the most critical and then helps remediate these quickly. This goes a long way to drastically improving cloud security posture, relieving alert fatigue, and reducing cybersecurity burnout.
How can organizations prioritize patching, IAM controls, and AI integration to enhance cloud security? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON CLOUD SECURITY
