It’s no surprise that businesses are still identifying the public cloud as a route to more efficient, flexible, and cost-effective IT. These benefits can be unlocked at speed and scale, but as cloud usage grows, so does the opportunity for enterprising cybercriminals seeking to exploit these environments.
There’s an obvious risk with regards to data breaches, but as highlighted in our recent takeaways from Canalys, there are also recent examples of bad actors hacking into public cloud environments with a view to leveraging existing compute power to support their own activities at someone else’s expense.
This emerging risk factor means it’s never been more important for businesses to focus on protecting their cloud. But how to secure, and who’s responsibility is it to secure, a public cloud environment raises some important questions – questions that we’ll clarify below.
One of the many benefits of public cloud is the shift of burden away from your own IT team. By buying resource in the cloud, you no longer need your own on-site infrastructure, and can absolve your team of the need to purchase, maintain and manage physical hardware day-to-day.
It’s easy, then, to assume that the security of your environment will also now sit with your provider. This is true to an extent, but not necessarily in the way you might expect. While the cloud provider takes responsibility for securing the underlying infrastructure as a whole, this may not extend to the access or usage of individual accounts.
To evidence this point, let’s take a look at an example we highlighted earlier. A cybercriminal gains access to your cloud environment, perhaps using legitimate credentials, and once inside, they use the environment’s compute power to mine cryptocurrency while running up your bill.
For the public cloud provider, this kind of activity is almost indistinguishable from legitimate usage – to their eyes, a user has logged in and is utilising dedicated capacity for a given purpose. This activity is only usually revealed when the bill rolls in and you find you’re being charged for compute power you never used – while it’s clear to you it was an illegitimate usage, it can be difficult to evidence this to the provider.
In simple terms, your cloud provider is responsible for the security of the cloud, but you must take responsibility for how your organisation is protected in the cloud. Of course, the tools and procedures put in place by your provider to protect the cloud platform and supporting assets offer a level of defence, but how you manage your own environment can expose additional vulnerabilities.
Poor identify and access management, for example, can leave you at risk of infiltration, allowing criminals access to management consoles via genuine organisation credentials. Equally, an absence of appropriate management tools, and a lack of visibility over typical/anticipated usage can prevent identification of a breach ahead of time.
As with any cybersecurity risk, much of the best remediation comes in the form of preparation. There’s multiple factors that lead to common cloud vulnerabilities going unnoticed. Limited investment in cloud security, a lack of cloud expertise within your organisations, and poor visibility across your environment can all contribute to bad practice. But by getting ahead of potential risks, and proactively identifying vulnerabilities before they are exposed, you can avoid unwanted surprises.
Here’s some of the actions you can take to help secure your cloud:
Follow best practice: Cloud providers typically offer guidance on best practice for using, managing and securing your environment, and have tools that can help you assess your current state against set benchmarks. This is especially beneficial for those with limited cloud expertise who may be unsure where to start.
Focus on access management: While this will undoubtedly feature as part of any best practice guidance, retaining tight controls over the access to your environment will close off a significant avenue for bad actors. Deploying multi-factor authentication (MFA), utilising secure password vaults, and enforcing regular password refreshes are just some of the steps you can take to keep your corporate access credentials secure. Crucially, this will also help support the case for remediation should you fall victim to a breach. Being able to evidence that the right processes and procedures are in place will help you avoid scrutiny.
Deploy dedicated tools: As well as best practice guidance, many cloud providers also offer cloud-native tools to help monitor usage and bolster your defences. You may also want to consider third-party monitoring and security tools that deliver deeper insights across complex or dispersed environments, especially if you are operating across multiple clouds.
Call on expert support: Even if you are following best practice and harnessing the latest tools, an absence of skilled and dedicated security resource can impact the speed and effective of your strategy. Building out your own team is expensive, and adding additional tools can start to overwhelm whatever resource you have. But with managed security services delivered by experts like Arctic Wolf, you can reinforce your defences with a fully-fledged Security Operations Centre, providing 24/7 threat detection and response across your cloud environment. This ensures you get the most out of any tools you have today, and offers valuable insights as to how additional vulnerabilities can be plugged over time. If you’d like to know more about how Arctic Wolf can help you improve your cloud security, this webinar is well worth a watch.
Whatever the extent of your cloud environment, or the make-up of your existing security strategy, our team can help you enforce best practice across your organisation, and take proactive steps to reinforce the security of your cloud environment.
To learn more about the options available, or how you can access 24/7 expert protection with Arctic Wolf, get in touch with the team.