Cloud security requires operational preparedness
December 13, 2022
With the tsunami-like move to cloud, most cyber defenders have heard the phrase “the cloud is more secure than your legacy data center”. The cloud offers unique opportunities to eliminate legacy technical debt, implement new controls, and apply automated enforcement of security requirements. However, an equally true statement would be “the cloud is only as secure as you configure it."
Each new cloud service has a myriad of options, from connectivity to encryption to net new native-identity paradigms, to help protect the workload and its data from threat actors. Automated secure cloud control enforcement – also known as policy as code – manages many of these considerations, but threats are constantly evolving. Building cyber resilience requires understanding the successful attacks and threat actor objectives and taking an enterprise-wide view of potential kill chains that include cloud assets and cloud-native security services.
With many companies shifting their "crown jewels" to the cloud, threat actors are increasingly targeting workloads and data living in the cloud. However, many successful attacks are not targeted directly at the cloud. Threat actors don’t focus on the distinction between what's hosted in the secure cloud and the legacy environment. They look for the path of least resistance toward their targets, be it business process disruption, data exfiltration, or something else, wherever it is hosted. In many cases, the weak point in the armor around the cloud environment isn’t within the cloud itself but remains in the legacy environment.
A successful cyberattack against workloads or data hosted in the cloud might look like the graphic below, where the initial compromise is targeted at an end-user workstation on-premises. Through privilege escalation within that environment, the attacker obtains cloud administrative rights. From there, the threat actor can execute a variety of actions on objective.
While threat actors are constantly evolving, there are some key actions companies can take to stay ahead of the curve with attacks against their cloud assets:
Embedding security into your cloud journey from day one helps assure that the cloud is more secure than your legacy data center. That said, don’t forget that the cloud is only as secure as you configure it, and that defending the cloud from cyberattacks requires continuous verification and ongoing readiness testing to prepare for a cyber event.