While it is still important to protect cloud resources from external malicious actors, research suggests the majority of security threats in cloud computing come from within. Typically the threats fall into three categories—misconfigurations, malicious insiders, and poor access controls.
Although it is possible to read too much into small-scale surveys designed to justify a vendor’s service or product, there seems to be plenty of data supporting the argument that the majority of security threats in cloud computing come from within. In recent months, reports have claimed 53 percent of businesses have suffered some form of data exposure due to a misconfiguration, another 53 percent have experienced attacks due to malicious insiders, and a further 74 percent have been breached due to unauthorized access to a privileged account. In McAfee’s recent “IaaS Adoption and Risk Report” it was claimed only 1 percent of misconfigurations are identified. Most of these security threats in cloud computing are easily avoidable.
Why are there so many misconfigurations?
Among the data and reports, various reasons are suggested for there being so many misconfigurations. McAfee attributes the automation of CI/CD practices as a major cause of IaaS misconfigurations and suggests that, although automation accelerates the speed of cloud deployments, it can also accelerate the rate at which misconfigured code is deployed in the cloud. McAfee lists the ten most common IaaS security threats in cloud computing attributable to automated misconfigurations as follows:
- A lack of EBS data encryption
- Unrestricted outbound access
- EC2 Security Group port configurations
- Provisioning access to resources using IAM roles
- Unrestricted access to non-http/https ports
- Unrestricted inbound access on uncommon ports
- Unused Security Groups
- Unrestricted ICMP access
- EC2 Security Group inbound access configuration
- EC2 instance belongs to a VPC
While human error plays a significant role in carrying forward misconfigurations in automated CI/CD processes, it can also be responsible for publicly-accessible cloud storage, unsecured cloud databases, and improperly secured backups.
Are there really that many malicious insiders?
The high percentage of security threats in cloud computing attributable to malicious insiders isn’t as alarming as it first appears if you take into account the Cloud Security Alliances definition of an “insider threat”. The organization states that data breaches attributable to insiders may not necessarily be malicious—it might just be the case that they were “trying to get the job done” and inadvertently uploaded a customer database to a public repository or copied sensitive data between jurisdictions or countries.This implies that a lack of cloud security awareness is one of the biggest security threats in cloud computing rather than malicious insiders.
Businesses are giving users too many privileges in the cloud
During the introduction to this blog, a report was mentioned that claimed 74 percent of businesses have been breached due to unauthorized access to a privileged account, it was estimated that 66 percent of them had been breached more than five times for the same reason. The authors of the report claimed businesses were “still extremely immature” with regards to Identity and Access Management (IAM), and supported their claims of IAM immaturity with the results of a survey that showed:
- 52 percent of respondents did not use a secure password vault
- 65 percent shared root or privileged access to data and systems
- 21 percent did not use multi-factor authentication to secure privileged accounts
- 63 percent took more than a day to remove privileged access from departing employees
How to protect your business from security threats in cloud computing
It was also mentioned during the introduction to this blog that most security threats in cloud computing are easily avoidable, and the way to protect your business from the security threats mentioned above is to implement a cloud management platform such as CloudHealth that uses policy-driven automation capabilities to control user activity in the cloud. With policy-driven automation you can:
- Prevent deployments being launched that do not conform to a secure configuration
- Automatically encrypt data stored in the cloud by volume or tag
- Restrict access to publicly-accessible storage volumes
- Block inadvertent uploads or cross-region copies
- Enforce policies relating to root account access
- Identify users with too many privileges
- Prevent access to privileged accounts when MFA is disabled
- Ensure encryption keys are rotated and stored safely
- Enforce data security governance policies
We also recommend VMware Secure State (VSS) for all of your cloud security and policy automation needs. You can learn more about VSS here or read our ebook “Top 10 Best Practices for Cloud Security Posture Management”.
