The Alert Logic 2017 Cloud Security Report details various cyber threats that organizations might be subjected to. When asked what they perceive to be the biggest threat to cloud security, the top responses were:
- 62% — Misconfiguration of the cloud platform or inappropriate setup
- 55% — Unauthorized access
- 50% — Insecure interfaces or APIs
- 47% — Hijacking of account services or traffic
70% of the vulnerabilities observed in Alert Logic customer environments in 2014 and 2015 still remain active today. Shockingly, 4% of the incidents were traceable to vulnerabilities and exploits as far back as 1999. In addition to these old vulnerabilities — some of which are now old enough to hold a driver’s license, or vote—new ones continue to expose cloud environments to cyberattacks at every layer.
[Related Reading: The Top Cloud Vulnerabilities]
Understand the Shared Responsibility Model
One of the main problems in cloud security is establishing who is responsible for what. The volume and sophistication of cyberattacks have grown and so has the confusion about whose responsibility it is to secure the applications and workloads in the cloud. The thing is, it’s a shared responsibility. Customers, partners, and cloud security providers all play a role in IT security to some extent but ascertaining the specific nature of this can be difficult.
The cloud provider is generally responsible for managing and protecting the backend infrastructure that it is offering as a service. However, the customer is responsible for securing everything they add to or run in that cloud environment — and for properly setting up and configuring the provided by the cloud platform. You can look at the growing list of data leaks resulting from the poor configuration of AWS S3 cloud storage — Dow Jones, the WWE, the US Department of Defense — as evidence that many organizations do not understand the shared responsibility model.
The IT security basics
The biggest piece of advice still centers around the basics. This starts with providing continuous visibility, allowing you to identify vulnerabilities and configuration issues, and prioritize remediation. Secondly, you need to ensure effective compliance and monitoring—providing alerting and remediation for network threats, suspicious activity, and web application vulnerabilities.
While the principles of cybersecurity remain the same across a variety of environments, the approach to security can — and should — change. Traditional approaches to securing workloads and web applications are being challenged when moving to the cloud. Understanding who is responsible for what, inside and outside of an organization is also paramount for cybersecurity success. Address avoidable, self-inflicted cloud security threats so you can focus on more serious priorities — cybercriminals and external cyberattacks.
