Variety of vulnerabilities in cloud assets
The SANS Institute , the world’s leading provider of cybersecurity training and certification, presents the results of a study by the WITHOUT Instructors Dave Shackleford to network security in the cloud.
The study, which builds on the SANS 2021 Cloud Security Survey, focuses on how cloud security has transformed enterprise infrastructure in response to the COVID-19 pandemic and an increasingly decentralized workforce. The report provides answers on whether the cloud is now considered part of the enterprise network, how enterprises use network traffic and metadata for discovery and response, whether enterprises now consider the cloud an integral part of their network, and how this has changed their approach to infrastructure security.
Since 2019, there have been a variety of vulnerabilities in cloud assets, as well as incidents involving the disclosure of sensitive data and violations related to the use of public cloud environments. Some notable examples are:
- In December 2019, Microsoft reported that it had accidentally disclosed a large database of customer support records within Azure, blaming” misconfigured security rules ” for the disclosure.
- Multiple Microsoft outages between 2019 and 2020 were significant. The first was an Azure database failure in 2019, caused by DNS configuration changes and some automation script failures. In 2020, numerous failures of Office 365 caused many companies to suffer downtime and not be able to access their cloud applications and data.
- In April 2021, cloud and hosting provider DigitalOcean announced a breach of customer billing data without providing any insight into the vulnerability that allowed this to happen.
In addition, Verizon noted in its 2021 Data Breach Investigations Report (DBIR) that external cloud assets were involved in more incidents and breaches for the first time last year. Despite these types of security issues, more organizations than ever are moving workloads to the cloud, building applications in the cloud, and subscribing to a wide range of SaaS and other cloud services.
Industries most represented in the study include technology companies, banking and finance, cybersecurity, government, education, and healthcare. The survey participants also represented a wide range of employee sizes: just under 29 percent have between 1 and 500 employees, about 36 percent between 500 and 10,000 employees, and the rest are in the order of just over 10,000 to more than 100,000 employees. More than 50 percent of respondents have a job title in information security (e.g. analyst, manager, and architect), while some others work in IT operations, leadership (CIO/CISO), and network engineering. All major geographic regions were represented, with the majority of companies based in the US, Europe, Asia and Canada. Most companies are headquartered in the US (61%) and Europe (19%).
Important results of the report:
- From 2020 to 2021, the greatest cloud growth came from the increased use of workforce and collaboration SaaS services.
- More than 16 percent of respondents experienced a security breach in cloud environments. Key attack vectors observed in these breaches include configuration weaknesses, login and account misuse, and shadow IT.
- Sixty – seven percent of organizations consider SaaS, PaaS, and IaaS cloud deployment platforms as part of their network scope.
- The most important network security controls used in public cloud environments are Web application firewalls (WAFs), network access controls, and network intrusion detection and prevention.