The Covid-19 pandemic helped increase the pace of what was already a steady transition to cloud services. The shift to remote work pushed companies to adopt cloud infrastructure. The increased adoption of cloud services comes with a need for increased Cloud Security.
Organisations in Singapore are lagging behind when it comes to cybersecurity, with only 49% able to respond to threats within a day. This is compared to the global average of 70% across 11 markets. In the past year, 65% of organisations in Singapore have experienced at least six cybersecurity incidents and for 45% of organisations, the cloud application or infrastructure is the source of the breach.
The cloud is as secure as any on-premises IT, provided a robust cybersecurity strategy is in place. And therein lies the problem: Many companies have a cybersecurity strategy which caters for on-premises IT, but not yet for cloud services.
Understanding the problem is usually half the solution. Albert Einstein, one of the greatest minds that ever lived, once said, “Given one hour to save the world, I would spend 55 minutes defining the problem and 5 minutes finding the solution.”
So, let’s understand a few common security threats that can be challenges specific to the cloud.
Cloud Security Common Threats and Challenges:
- Misconfigurations: A recent study by the National Security Agency (NSA) has revealed that cloud data misconfiguration is the most common vulnerability in cloud-based systems. It occurs due to a lack of knowledge about good cloud security practices. When cloud systems are not configured correctly, they lead to cyber exposures and security breaches. Unsecure Identity and Access Management (IAM), Insecure Data Storage, and Insecure Authentication practices are the most common culprits.
- Internal threats: Insider threats are particularly dangerous as these threats originate from within your organization. These threats could be due to negligence, credential theft, or someone with criminal intent. In the latter’s case, they could be current or former employees, contractors, or business partners. The Ponemon Institute has categorized Insider threats into 4 categories:
1. The Pawn: These are employees who are unaware that they are manipulated into performing malicious activities.
2. The Goof: These users are ignorant about security policies and actively try to bypass them. They tend to leave critical data and resources unsecured.
3. The Collaborator: These are the insiders who collaborate with external threats, typically for personal or financial gain.
4. The Lone wolf: These are individuals that act alone for personal gain. They can be extremely dangerous if they have elevated levels of IT privilege.
- Account hijacking: Account hijacking occurs when a cybercriminal manages to gain control of an employee’s cloud account. This can be achieved using a variety of techniques, e.g., Phishing attacks, Brute force password attacks, Server-side request forgery (SSRF) attacks, or malware etc. Account hijacking can be particularly dangerous if an employee’s account with privileged access, for example, a system or database administrator, is hacked. More sophisticated cybercriminals can even install backdoors that will allow them to access these accounts anytime.
- Lack of visibility and tracking: As you increasingly continue to use cloud services, the size of your infrastructure grows. In such instances, it’s easy to lose track of or forget about the various services. A major issue is a lack of visibility of cloud infrastructure, which can delay response to threats and result in a data breach. Managers, sysadmins, and DevOps teams must take a proactive approach to security in such instances.
How To Secure Your Data Hosted on the Cloud?
Data can be hosted on the cloud by adopting a comprehensive cybersecurity strategy that addresses the vulnerabilities specific to the cloud. A few good practices to follow are:
- Strengthen Identity and Access Management (IAM): When it comes to IAM, it’s best to adopt the principle of least privilege. This means limiting access privileges to users so that users only have access privileges to cloud resources that are needed for them to do their work. It is also good practice to frequently review access privileges for users.
- Monitor for suspicious activities: A sound cloud cybersecurity strategy should also focus on user activity monitoring. Various factors, such as abnormal changes in database activity, suspicious access patterns, and modifications to files, can all indicate a potential cyberattack or data breach. There may be an attacker who has gained access to legitimate credentials and is actively exploiting the credentials to gain unauthorized access to your cloud infrastructure. You may uncover suspicious behaviour, such as user access at odd hours, multiple failed login attempts, and suspicious administrator activities. Security measures to detect such suspicious user activity early will protect your organisation’s data and prevent major data loss in the cloud.
- Track and maintain Cloud inventory: Cybersecurity professionals should comprehensively review their organization’s cloud infrastructure to identify potential risks, such as shadow IT. Shadow IT is a term used to describe unauthorized applications or devices used within an organization without the knowledge or approval of the IT department. Shadow IT can pose a serious security risk to an organization, as it can allow unauthorized access to sensitive data and systems. Cyber security teams can identify and mitigate these risks by deep diving into their existing cloud infrastructure and performing regular audits.
How To Secure Your Data Hosted on the Cloud?
InsiderSecurity has redefined security with Singapore’s most advanced cloud-native platform that integrates seamlessly with Microsoft 365 to monitor data security. The industry continues to recognize InsiderSecurity as an innovation leader, most recently with the Cyber Security Agency of Singapore (CSA) naming InsiderSecurity a winner at the 2022 Cybersecurity Innovation Day.
Cloud Security Monitor is a simple-to-use SaaS for enterprises to monitor their data security in Microsoft 365. With its award-winning automated cybersecurity analytics and machine-learning, Cloud Security Monitor makes sense of the high volume of Microsoft 365 activity events, so that you do not have to. Finally, an easy way to monitor your Microsoft 365 data security.
When it comes to protecting cloud data, the choice is InsiderSecurity’s Cloud Security Monitor.
Contact us now and try a demo!