Organizations in Singapore are increasing their reliance on the cloud. Nearly nine in ten organizations in the country are using cloud services, with about 70% taking a hybrid cloud approach.
Singaporean companies are adopting the cloud for many reasons. Computing, increased functionality, and data storage can all be achieved at a fraction of the cost on the cloud, where companies can easily scale their usage to optimize their expenditure without the need to invest in expensive hardware or hire maintenance teams to secure and run on-premises servers.
However, the data needs to be secured, regardless of whether it is stored on-premises or in the cloud. Threat actors are increasingly targeting cloud environments, where confusion about security responsibility and accountability between cloud service providers and the customer often leaves security gaps and data exposed. Cloud installations require a shared responsibility model. The service provider is responsible for securing the infrastructure, physical network, and hypervisor. The organization is responsible for securing its OS, account, data, and network. Relying on the developer – rather than a security expert – to secure the data is a bad idea, as they focus on developing new applications and services rather than securing data.
Types of Threats
Threat actors are always after high-value targets and hence tempted by the credit cards being processed on the cloud, the customer data that is stored there, and the health information healthcare companies store about their patients. Customer and healthcare data can easily be encrypted and exfiltrated by threat actors and held for high ransoms, while credit cards can be stolen and sold by threat actors on the dark web to other cybercriminals that use sophisticated schemes to generate fast cash.
There are several common threat vectors that need to be protected by your security team.
“Your cloud environment is as secure as its configuration”
Misconfigurations are settings within the cloud application that control things like access and sharing rules. In a typical cloud setting, there may be hundreds of configurations that need to be constantly monitored to protect against configuration drift.
These configurations are tricky. Each cloud environment uses its own terminology, which makes it impossible to develop a one-size fits all security policy. Furthermore, those using hybrid or multi-cloud environments must have a deep understanding of each of these settings to enable the different clouds to work together.
A misconfiguration relating to access control, for example, can inadvertently expose entire databases full of information to anyone with the right link. There have been several cases in the past where the storage buckets were publicly accessible without any authentication.
Compromised Access Keys and Credentials
Access keys and credentials are used to control which users have access to the cloud, as well as the level of access within the system that they have. If an access key is compromised through a phishing attack or some other way, threat actors can easily access the cloud at will.
Security teams using AI-enabled identity security tools can identify compromised access keys and prevent major attacks like ransomware or data theft. These tools use different techniques to identify stolen access keys. In some instances, they might use IP information to identify a user who gained access from a specific IP address after attempting to access the cloud with multiple user IDs. It could also detect behavioral anomalies, such as a user downloading more data – or different types of data – than usual.
Once the threatening access has been identified, the security team can remove access from the user, and further harden their cloud security posture.
Vulnerabilities in OS and Applications
Just like on-premises services, cloud servers have Operating Systems such as Linux and Windows, and just like any OS, they also have vulnerabilities. When these are exploited, threat actors can gain an initial footprint or assist in larger attacks such as privilege escalation, lateral movement, or others. Similarly, cloud applications provided by cloud service providers are also known to have vulnerabilities (not tracked/recorded very actively) that can be exploited.
Thus, vulnerability management in the cloud environment is equally important to reduce the attack surface and make the cloud environment less lucrative of a target by the threat actors.
Hybrid and Multi-Cloud Risks
As mentioned earlier, hybrid and multi-cloud installations introduce additional risk factors to cloud security. In the case of hybrid installations, the on-prem instance is connected to the cloud instance, while multi-cloud installations use services from multiple cloud providers.
In each of these circumstances, there is a risk of a threat actor breaching either the on-prem or cloud installation. Once there, they can work to expand their access and move laterally into the connected installation.
Securing Your Cloud Environment
CNAPP is a cloud-native application protection platform. It provides a clear line of sight into the cloud throughout the lifecycle of the cloud from development to production, as it simplifies assessment, monitoring, detecting, and acting on any cloud threat or vulnerability. Similar to an XDR security platform, CNAPP should be an open-architecture platform that includes multiple tools from multiple vendors to create a best-in-breed approach.
CNAPPs help organizations reduce risk by identifying cloud misconfigurations, automating security-related tasks, and providing visibility for hybrid and multi-cloud environments.
By Prateek Bhajanka, APJ Field CISO Director at SentinelOne
Prateek Bhajanka is a Cyber Security professional with expertise in various domains, including Security Operations, Vulnerability Management, Penetration Testing, Endpoint Security (EPP/EDR), Digital Forensics, and Incident Response. He provides valuable advice to cybersecurity vendors on Product Messaging and Positioning, Go-to-Market Strategy, Licensing, and Product Strategy.
Prateek holds an MBA in Information Security Management from Symbiosis Centre for Information Technology. Before pursuing his MBA, he worked at Accenture Services Pvt. Ltd. as the Lead of Technology and Workforce Enablement for over two years, a role that served as a stepping stone in his career. Additionally, he earned a B.E. in Electronics and Telecommunication from the University of Pune.
A firm believer in community development and learning, Prateek actively contributes to these initiatives.