By Christine Schönig, Regional Director Security Engineering CER, Office of the CTO, at Check Point Software Technologies GmbH
With the rise of hybrid work models, we see that companies are increasingly moving workloads (IT service units with a specific task) to the cloud. Although this change offers great advantages in terms of flexibility and scalability, it also poses increased risks for security and compliance. A simple configuration error can lead to your entire company being exposed to threat actors who can access your critical data or carry out ransomware attacks.
Christine Schönig, Regional Director Security Engineering CER, Office of the CTO at Check Point
Gartner predicts that by 2025, 99 percent of security problems in the cloud will be due to human error. At a time when companies are increasingly dependent on third-party providers such as AWS, Microsoft Azure, IBM and Google Cloud Platform for the secure management of their data, concerns about vulnerabilities in the cloud and general misconfigurations are likely to increase rapidly. In addition, there are gaps in knowledge and talent, which only exacerbate fears regarding cloud security.
The cloud provider provides basic cloud security, but it is up to the companies themselves to secure their own data within the cloud. This is not an easy task, especially since many large companies now use three or four cloud platforms as part of a multi-cloud strategy.
Attacks on cloud service providers are increasing
Last year, there was a flood of attacks that exploited vulnerabilities in the services of industry-leading cloud providers – as the results of the Security Report 2022 clearly show. These are usually critical vulnerabilities in the cloud infrastructure itself, which are very difficult to secure. The goal of cybercriminals is to gain complete control over the cloud infrastructure or the entire IT of a company. This can have devastating consequences for the affected companies.
The OMIGOD vulnerability, which opened the door to cyber attacks on cloud services in 2021, serves as a warning example. In September, four critical vulnerabilities were discovered in Microsoft Azure’s software agent, which allows users to manage configurations in remote and on-premises environments. An estimated 65 percent of Azure’s customer base has been made vulnerable by this vulnerability, putting thousands of businesses and millions of endpoints at risk. This OMIGOD vulnerability allowed threat actors to remotely execute arbitrary code on a company’s network and gain root privileges, which allowed them to effectively take over the network. As part of the September 2021 update, Microsoft fixed the vulnerability, but the automatic fix that the company released, however, seemed to be ineffective for several days. During the year, other vulnerabilities in Microsoft Azure cloud services were revealed, including the “ChaosDB” vulnerability, which allowed cybercriminals to gain root privileges by retrieving several internal keys, which eventually allowed them to manage databases and accounts of target companies. Among the companies that were vulnerable by this particular “gateway” were Coca-Cola, Skype and even the security specialist Symantec.
Locking the doors and strengthening internal security
Improving cloud security is about finding the right solutions, services, and fostering a mindset where security comes first. Companies must ensure that the “doors” to their applications and data are tightly closed. For this purpose, identity and access management should be coordinated and the “least privilege” principle should be implemented, so that access to data is only made when strictly necessary.
Cloud security becomes even more complex with multi-cloud environments. Therefore, all cloud security across all providers should be consolidated in one solution that monitors all malicious activity, but at the same time reduces the amount of work through automation. Security should be introduced at the earliest stage of application development.
The service shift to the cloud will accelerate even more, as companies see a lot of advantages from it. So it’s time to take a responsible approach to security and compliance and thus increase IT security. This is a challenging task, but combined with the right solutions to secure cloud networks, supported by artificial intelligence and automation, it reduces the workload for threat prevention.