Exploring Common Threats to Cloud Security

The adoption of cloud services helps drive agility, differentiation, and progress. But like any technological progress, cyber risks are attached. IT leaders need to embrace a more holistic, simpler way to manage security.

May 28, 2020

Untangling the Web of Cloud Security Threats
As organizations migrate to cloud services, it’s critical to know that misconfiguration continues to be one of the major pitfalls of cloud deployment failures. And understanding the most common issues is essential to good cloud health.

One of the biggest challenges facing organizations is a lack of familiarity with how the cloud is operated and how it is different from a purely on-premises system. IT staff need to know the risks of inadequately securing cloud deployments and be familiar with the configuration specifics of their cloud service provider.

The components of cloud systems are interconnected in many ways, making potential attack vectors difficult to map. For IT security personnel who are only starting to get a grip on cloud platforms and services, security presents a daunting endeavor, particularly when there are so many cloud projects happening at once and often unknown by the security team.

Let the experts be of service

The arrival of web services and container services have helped organizations minimize risks that come with cloud adoption, when implemented properly.

Amazon Web Services (AWS) is as a major player in the cloud industry, with Amazon® Simple Storage Service (Amazon S3) the most popular. Some of the issues to be aware of when adopting this technology stem from teams leaving Amazon S3 buckets word-writable and files classified as malicious hosted on Amazon S3 buckets.

A second major service available in the cloud is container and serverless technology. For example, Docker®, Kubernetes®, and AWS Lambda® offer lightweight and efficient cloud deployments to organizations looking to streamline their development operations. However, lapses or mistakes in configuration are common, putting systems at risk of attacks that take advantage of these misconfigurations.

Don’t overlook credential security

Credential usage is one of the most important aspects of cloud computing. Since organizations cannot physically secure a cloud system like they can a data center, the need for strong credential security becomes even more magnified. One challenge when it comes to securing credentials is that many processes often need to access data and other resources that require authentication. This means that users need to secure both data and the credentials from exposure.

Another issue comes from inexperienced programmers whom often follow misleading cloud tutorials, many of which encourage the hardcoding of credentials inside the code itself. This becomes an issue if and when the code is published to a repository, where it is accessible—including the credentials—to anyone.

The importance of a robust security implementation

As the adoption of cloud services grows, organizations need to be fully informed about the threats they face and be properly prepared to secure their cloud systems. The benefits of the cloud cannot be realized without a robust security implementation in place. This makes it especially important for IT leaders to retain security personnel who have an intimate understanding of both the structure of the cloud as well as the strategies needed to secure it.

Read our report, “Untangling the Web of Cloud Security Threats,” and get an in-depth look at some of the most significant threats and risks in the cloud, alongside recommendations on how to defend against these.

Untangling the Web of Cloud Security Threats
Get an in-depth look at some of the most significant threats and risks in the cloud, alongside recommendations on how to defend against these.

Exploring Common Threats to Cloud Security

Strategic Thinking

Ed Cabrera, Trend Micro Cybersecurity Officer (and former CISO of the US Secret Service) is thinking the same way - and he's making notes.

Get cybersecurity news, views, and truths from a CISO's perspective. Sign up and get Ed's newsletter, The CISO Brief, in your inbox. View sample newsletter.