How secure is your cloud storage? Mitigating data security risks in the cloud

As cloud systems increasingly form the foundation on which digital transformation is built, keeping a close eye on how they are secured is an essential cybersecurity best practice

For weeks, cybersecurity experts and government agencies have been urging organizations to strengthen their cyber defenses amid the increased threat of cyber-attacks during Russia’s invasion of Ukraine. That means not only improving detection and response to emerging threats, but also building stronger resilience into the infrastructure to make it more resilient to attacks. This can be an important undertaking. After two years of digital transformation during the pandemic, many organizations today have a much larger attack surface than before COVID.

Cloud resources are particularly vulnerable, as many are accidentally misconfigured and left unprotected. As such, online databases and storage buckets could be an attractive target for attackers if fears of cyberattacks escalating beyond the conflict in Ukraine materialize. In fact, researchers have already observed cloud database raids in recent weeks, and there are plenty of threat actors waiting to take advantage.

The value of the public cloud

Cloud systems are increasingly forming the foundation on which digital transformation is built. They provide a relatively inexpensive, scalable, and flexible way to store and manage data—with reduced IT management burden, built-in disaster recovery, and anywhere, anytime access. As a backend for applications, databases stored in the public cloud can contain:

  • Business-critical business data
  • Personally Identifiable Information of Employees and Customers
  • Highly sensitive IP and trade secrets
  • Information about IT/administrators, such as APIs or encryption keys, that can be used in future attacks

It goes without saying that if any of this data falls into the wrong hands, it can wreak havoc on a victim organization, potentially resulting in fines, legal fees, IT overtime, lost productivity and sales, customer churn and reputational damage. injury.

The problem with cloud databases

The challenge is that cloud storage and databases can easily be misconfigured. And once exposed, they can be found relatively easily with out-of-the-box internet scanning tools. This is an example of the challenge defenders have: they have to get the security right every time, while attackers only have to get lucky once.

The challenge is particularly acute given the complexity of modern enterprise cloud environments. Most organizations use a combination of on-premises and public/private clouds and invest with multiple providers to spread their risk. One report suggests that 92% have a multi-cloud strategy, while 82% invest in hybrid cloud. It’s hard for IT teams to keep up with the functionality of one cloud service provider (CSP), let alone two or three. And these CSPs are constantly adding new features in response to customer requests. While this gives organizations a huge array of granular options, it’s also likely to make it harder to get the simple things right.

It’s especially problematic for developer or DevOps teams, who often lack specialized security training. A recent analysis of more than 1.3 million Android and iOS apps found that 14% of those using public cloud services in their backend disclosed user information through misconfigurations.

As mentioned in a previous article, cloud misconfiguration can take many forms, the most common of which are:

  • Missing access restrictions
  • Security group policy that is too permissive
  • A lack of permissions
  • Misunderstood paths for internet connections
  • Misconfigured Virtualized Network Features

Cloud systems are already being targeted

In the event of an escalation of hostilities, exposed cloud systems would be a natural target. Many are relatively easy to discover and compromise: for example, accounts left open without encryption or password protection. In fact, researchers have already observed some activity of this sort – in this case targeting cloud databases in Russia.

From a random sample of 100 misconfigured cloud databases, the investigation found that 92 had been compromised. Some had replaced filenames with anti-war messages, but most of them were completely erased using a simple script.

The risk for Western organizations is therefore:

Files held for ransom demand: Recently published information suggests that pro-Russian cybercrime groups are preparing to attack targets. They can combine hacktivist style targeting with tactics designed to monetize attacks. The contents of cloud databases have been held hostage many times.

Destructive Attacks: As noted, it is relatively easy to completely erase the contents of cloud databases once they are opened. The script detected in recent pro-Ukraine attacks is said to resemble the script used in the infamous ‘Meow’ attacks of 2020.

Data leakage: Before completely wiping data, threat actors can try to analyze it for sensitive information and leak it first to maximize the financial and reputational damage inflicted on victim organizations.

How to secure your cloud databases

Unfortunately, tackling the challenge of cloud misconfiguration isn’t as simple as flipping a switch. However, there are several changes you can make today to mitigate the risks listed above. They contain:

  • Move security to DevOps by building automated security and configuration checks into the development process
  • Continuous management of configuration settings, with cloud security Posture Management (CSPM) tools
  • Use CSPs’ built-in tools to monitor and securely manage cloud infrastructure
  • Use policy as code (PaC) tools to automatically scan and assess compliance attitudes in the cloud
  • By default, it encrypts sensitive data so hackers can’t see what’s inside if access control is configured incorrectly

As cloud infrastructure grows, so does the surface of the cyberattack. War or no war, these best practices must be applied to mitigate the increasing cyber risk.


Leave a Reply

Your email address will not be published.

Back to top