We have all heard several times that the cloud is safe. It is assumed that this is so... but is this really true? it is… If you know that you are facing a paradigm shift. Many companies have migrated their workloads to the cloud and called it quits, forgetting that the security controls applicable to their legacy infrastructure might not be valid in a cloud environment. Anything that is consumed/offered from the cloud needs adequate security controls for this new environment, as well as monitoring tools and continuous analysis of threats in real time.
At least once a year the name of a large company that has been attacked comes to the fore: Yahoo, Alibaba, LinkedIn, Facebook... However, the vast majority of cyber-attacks are not against large companies, cyber-attacks are victims to companies of all sizes (including small ones), which register numerous security incidents and million-dollar losses.
Despite the incidents, the vast majority of companies still do not encrypt more than half of the sensitive data they store in the cloud. In a recent study, Sysdig found that 75% of companies running containers in the cloud have high or critical vulnerabilities that can be patched but not patched.
If you do not want your company to be the next, you should shield it so that this does not happen.
Here are some recommendations that you can start implementing immediately to help reduce your attack surface in the cloud:
Plan safely
Building a secure environment in the cloud goes beyond traditional IT infrastructure paradigms, where there is a corporate network that is accessed from the office. When designing a cloud environment, it is key to involve all departments and have a good understanding of how they will use cloud services and what impact it will have on security. Implement security controls from the beginning, at the same time that you design the architecture and services that you will consume from your cloud provider. IT teams are used to managing and updating their on-premises infrastructure with antivirus software and keeping workloads up to date by installing the latest patches, but security in the cloud presents new challenges and IT departments need to be aware of it. How staff access the network and use your applications is a critical part of the key considerations to ensure that the entire environment is secure.
Use appropriate security controls for the cloud
A typical scenario that we often find ourselves in companies that have migrated their workloads to the cloud is to maintain legacy security solutions in the new environment, trying to integrate them in the best possible way. This offers some protection, but the visibility of the entire environment is significantly reduced because the cloud works in a very different way than on-prem environments. The dynamic nature of the cloud means that tools not specially designed for this type of environment do not work correctly.
Having the right security measures in place to manage and monitor the status of your cloud 24/7 is the only way to help prevent security breaches. There are now software solutions like CDR (Cloud Detection and Response) that continuously monitor cloud activity at the administrative level, as well as workloads like CWPP (Cloud Workload Protection Platform). These solutions go far beyond the scope of antivirus software. You can isolate the workload, do forensics, or respond using playbooks.
Continuously test, monitor and analyze
One of the main causes of data leaks in the cloud comes from human errors when configuring cloud services.
Any company operating in or migrating to the cloud should consider running an audit, taking into account industry best practices to assess potential vulnerabilities. At A3Sec we have a team of consultants specialized in cybersecurity in the cloud who can facilitate migration and protect company assets. It is key to understand and mitigate all possible security risks to successfully carry out this process and help us with solutions that continually check the security posture of cloud environments such as CSPM (Cloud Security Posture Management) if we have professionals specialized in cloud security in our own organization that they know how to operate them.
For example, we could reduce costs by grouping workloads into fewer regions, discover underutilized services, lower storage licenses by lowering the service level without loss of quality, identify VPCs with configurations that are too lax, which in turn cause our websites to be vulnerable, etc.
Once the environment has been assessed and tested for vulnerabilities or misconfigurations and any immediate corrective action has been taken, it comes down to 24/7 monitoring and analysis of activity. As we said, both third-party cloud security platforms and the services offered natively by public cloud providers can be used.
Educate users
Human error remains the leading cause of cloud security breaches. While you might have the best architecture deployed in the cloud and all the right security and monitoring tools available, that's irrelevant if you have poorly educated users. Recently, researchers at Stanford University found that employee errors cause approximately 88% of all data breaches.
It's critical to have the right security policies for remote access, mobile phone and BYOD, password usage, and data transfer and deletion. This too is an ongoing process, you have to continuously educate, educate and re-educate all employees, from the CEO down. Everyone needs to understand and accept the concept that cloud security is a shared responsibility, not just for the IT or HR department, but all departments and all staff.
Have a disaster recovery plan ready
Nothing can guarantee a 100% secure environment. It's just not possible. To ensure that your business can continue to function in the event of a cyberattack, you must have an adequate disaster recovery (DR) and business continuity (BCP) plans in place and test them regularly. A remote data backup system is a must for any business. According to Forbes, 40% of small and medium-sized businesses affected by a major incident never reopen or close within 12 months of the incident, in part because they don't have an effective DR plan in place.
In the UK, according to a study, 41% of companies have not tested their DR solution in the last 6 months or do not know if it has ever been tested. There are stand-alone DR solutions on the market today that include security protection and non-disruptive testing of virtual machines. Being built in the cloud, the cost is significantly reduced compared to on-premises DR solutions, which are often custom-made. If you don't have a good plan in place or if you're not testing it regularly, you should look for a solution.
Conclution
We know it's difficult for small and medium-sized businesses to keep up with the latest regulatory requirements and potential vulnerabilities in their cloud environments; Working with a good cloud and security-managed service provider will give you access to a great experience to improve the management and administration of your cloud infrastructure, optimize its costs and "check" where your security posture is.
Don't leave it for later... maybe your company will be the next to become a statistic.
In A3Sec you find the perfect ally to shield your company
Click here if you want to schedule an appointment with a digital warrior