Today, businesses are out to transform their organizations to maximize their full digital potential. After all, digital transformation provides a competitive edge, improved innovation, and new technologies that can drive better business. One of the technologies powering digital transformation is the cloud. It provides organizations of varying sizes the ability to process big data as well as provide access to immense storage and processing capabilities, among many others.
Businesses are now turning to hybrid cloud environments to make the most of the cloud’s dependability and dynamicity. The hybrid cloud, after all, gives organizations the speed and scalability of the public cloud, as well as the control and reliability of the private cloud. A 2019 Nutanix survey shows that 85% of its respondents regard the hybrid cloud as the ideal IT operating model. The IDC also predicts that by 2021, over 90% of organizations across the world will be dependent on a combination of cloud computing deployment models that include on-premises, dedicated private clouds, different public clouds, as well as legacy platforms. Hybrid cloud environments provide the flexibility to run applications that necessitate great bandwidth while also supporting workloads that need significantly less on-premise resources, empowering organizations with great elasticity and considerable practicality.
As businesses aim to disrupt their digital capacities and achieve more, an increasing number of organizations are shifting to agile software development to streamline software and application release cycles using DevOps tools and methodologies. Some organizations — those that adhere to the fail-fast philosophy — are prioritizing fast deployments to learn now if a project is a failure or otherwise to minimize business-impacting costs later. For all these to materialize, organizations turn to cloud-enabled and cloud-native applications that are supported by the hybrid cloud architecture.
Despite the great need for speed, it is not the only thing organizations require — organizations need to secure their hybrid cloud environments against cloud migration challenges, evolutionary threats, and an ever-widening attack surface. Despite these complexities, the hybrid cloud has swiftly become a fundamental business platform for keeping businesses aloft — and to properly protect it, organizations must have the right mindset as well as the right security tools.
As companies move to the cloud to modernize their existing infrastructures, they face several security and integration issues that can affect performance as well as costs. When applications are moved to the wrong cloud environment during migration, it could result in decreased app performance if the cloud is underequipped or increased business costs if it is over-equipped. Hybrid cloud environments make the process more challenging, as it deals with varying design principles and security best practices. This is why it’s crucial to ensure that an organization’s move to the cloud is seamless and secure.
In addition, businesses have to abide by regulatory compliances. One of which is the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which outlines standards and rules for healthcare organizations such as hospitals, nursing homes, and private medical practices that deal with sensitive healthcare data. Organizations that run on a hybrid cloud environment need to ensure that all of their connected cloud environments — and the sensitive resources that house such — are protected against failing to meet compulsory requirements that may lead to data breaches that can, in turn, lead to costly fines.
Migrations may also bring about misconfigurations, which occur in file storage buckets as well as user interfaces, that lead to the exposure of stored personally identifiable information (PII). Misconfigurations, which may stem from simple user neglect (such as leaving AWS S3 buckets unsecured and unencrypted) can lead to the unintended exposure of customers and mission-critical assets.
One of the challenges of migration is accidental data loss. In 2019, Capital One suffered from a cloud server data breach that exposed 100 million customers and applicants’ personal information. In the same year, cybercriminals stole an Amazon Web Services (AWS) API key that caused the Imperva data breach that exposed sensitive customer data. The data breach happened after the company migrated its database.
The burgeoning skills shortage — a challenge that affects nearly 50% of organizations with an employee shortage that has reached almost three million in 2018 globally — may not just bring about performance issues, but security risks as well. Because of the cybersecurity skills gap, some organizations do not have security teams with the skills needed to secure a variety of cloud apps and platforms. A Logic Monitor survey found that 58% of organizations consider the lack of cloud experience within their employee roster a big challenge.
How to protect systems while shifting to the cloud
Organizations need to take the time to learn their cloud environments — including its security features and settings — as well as learn how to modify credentials and permissions. Aside from regularly auditing their cloud assets for misconfigurations, organizations should have integrated protection with advanced, consolidated, and adaptive security solutions that provide real-time protection as well as continuous compliance.
Cyberthreats continue to not only rise but also transform into more insidious variants. Organizations face a constant barrage of threats that can affect their bottom lines: the estimated losses that financial institutions can potentially incur yearly is anywhere between US$100 – 300 billion. And as businesses turn to the cloud to improve their infrastructure and processes, cybercriminals are quick to follow suit, crafting threats that compromise cloud platforms and application security.
Cryptocurrency-mining malware, which provides threat actors with new, illicit ways to turn a profit, has been found targeting the cloud infrastructure via compromising container management platforms, injecting malicious Docker images, API key theft, and control panel exploitation. Last year, attackers infected more than 2,000 Docker hosts with Monero-mining cryptocurrency malware.
Meanwhile, cloud applications, when left unpatched and unsecured, can lead to data breaches that not only cost millions of dollars in business losses and fines but also compromise the personally identifiable information of customers.
According to our security predictions for 2020, vulnerabilities in container components will be one of the top security concerns for DevOps teams this year. Recently, two vulnerabilities, namely CVE-2019-1372 and CVE-2019-1234, were found in the Microsoft Azure hybrid cloud infrastructure that could allow attackers to run arbitrary code and make internal requests to the Azure Stack resources. Infrastructure-as-code (IaC) tools were recently found with vulnerabilities that were exploited by cybercriminals to run coin miners.
How to combat evolutionary threats that affect the hybrid cloud environment
Because cybercriminals have followed organizations’ move to the cloud, organizations need to have security solutions that provide agile protection for the whole hybrid cloud infrastructure. Businesses can benefit from solutions that proactively defend against network threats and vulnerabilities with intrusion prevention and virtual patching. Applications and software in the cloud environment need to be protected against code vulnerabilities, data exfiltration, and vulnerability exploits. Cybersecurity solutions should be able to automatically lock down systems and provide real-time alerts for unexpected changes in interconnected environments with automated integrity monitoring and log inspection.
With hybrid environments, the attack surface becomes more expansive because organizations that want to be able to build and deploy products as quickly as possible will need to interconnect applications, software, services, platforms, and networks. And all these would require holistic protection — especially as the number of cloud platforms that fall prey to code injection attacks via third-party libraries increases.
Last year, we discovered an attack wherein cybercriminals took advantage of an API misconfiguration in Docker Engine-Community, an open-source DevOps tool. The misconfiguration allowed the threat actors to infect containers with a variant of the AESDDoS botnet.
Containers, also essential to DevOps, are also prone to threats and risks across different zones in the development pipeline — such as in the image development, source code, and registry, to name a few.
Cybercriminals are also targeting other parts of the software supply chain, such as service providers. This is what happened to SmarterASP.net, a service provider for the web application framework ASP.NET, when it was targeted with ransomware. We also predict that serverless platforms will introduce an attack surface for misconfiguration and vulnerable codes.
How to secure a wide attack surface
Despite various applications, software, and platforms being linked to allow businesses to host and run workloads simultaneously and quickly, the visibility between these interwoven technologies is not always as apparent. An organization’s internal and outsourced security teams need visibility to identify security issues and remediate them as quickly as possible.
Trend Micro’s Cloud Security Solutions
Trend Micro’s Hybrid Cloud Security solution provides powerful, streamlined, and automated security within your organization’s DevOps pipeline and delivers multiple XGenTM threat defense techniques for protecting runtime physical, virtual, and cloud workloads.
The Trend Micro Cloud OneTM platform provides organizations a single-pane-of-glass look at their hybrid cloud environments and real-time security with the following automated and flexible services:
- Workload Security can automatically protect legacy systems with virtual patching and cloud workloads like Amazon EC2 from evolving threats through machine learning technology.
- Application Security is an embedded security framework that proactively detects threats and protects applications and APIs on their containers, serverless, as well as other cloud computing platforms.
- Container Security detects threats, vulnerabilities, and exposed sensitive data such as API keys and passwords, within container images.
- File Storage Security protects cloud file/object storage services like Amazon S3 that are on cloud-native application architectures via malware scanning and integrating into custom workflows.
- Network Security defends virtual private clouds by blocking attacks, threats, and detecting infiltrations.
The Cloud One platform also includes Cloud One - Conformity, which strengthens organizations’ cloud security posture by running automated compliance checks to ensure that they adhere to regulations and industry standards — such as PCI, GDPR, HIPAA, and NIST. Cloud One - Conformity also has a Knowledge Base, a continually growing library that contains checks that run against AWS accounts and provides step-by-step remediation rules to rectify any failures. It helps organizations adhere to the AWS Well-Architected Framework.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report