Table of Contents
Cloud computing—a broad term that describes the move to the cloud and a mobile workforce—has brought new security and compliance risks. Cloud account takeover, data oversharing and usage of unapproved cloud applications present big challenges to security teams. That’s why gaining visibility into and control over IT-approved applications is critical to cloud security. Many organisations want to secure Microsoft Office 365, Google G Suite, Box, Dropbox, Salesforce, Slack, AWS, ServiceNow, and more.
Cybersecurity Education and Training Begins Here
Here’s how your free trial works:
- Meet with our cybersecurity experts to assess your environment and identify your threat risk exposure
- Within 24 hours and minimal configuration, we’ll deploy our solutions for 30 days
- Experience our technology in action!
- Receive report outlining your security vulnerabilities to help you take immediate action against cybersecurity attacks
Fill out this form to request a meeting with our cybersecurity experts.
Thank you for your submission.
What Is Cloud Security?
Cloud security refers to the set of technologies, applications, controls, and policies used to protect people, data, and infrastructure from cyber-attacks and compliance risks on cloud computing platforms. It relies on a collection of security measures designed to address both external and internal security threats to organisations, including controlling security, compliance, and other usage risks of cloud computing and data storage.
By guarding data and assets, cloud security can provide a critical safety net for organisations that rely on cloud-based solutions. It establishes increased reliability and availability of information, reduces upfront and ongoing costs related to data protection, enables easier scalability, and provides improved protection against sophisticated attacks on people and systems.
A key element of cloud security is a CASB, which stands for Cloud Access Security Broker or Cloud App Security Broker. A CASB can be deployed on-premises or in the cloud, sitting between cloud service users and cloud applications. It monitors cloud activity, blocks attacks, and enforces security policies.
How Does Cloud Security Work?
Cloud security utilises a combination of technical and procedural measures to protect cloud-based infrastructure, applications, and data from persisting cyber threats. At its core, cloud security ensures user and device authentication, access control over data and resources, and data privacy protection.
Cloud security helps organisations protect users from cloud-based threats by:
- Revealing what cloud computing platforms and services their users access.
- Monitoring cloud computing activity to detect attacks and user actions that unintentionally put the organisation at risk.
- Preventing cyber-attackers and other unauthorised users from accessing sensitive data and resources.
- Protecting users’ cloud-based accounts from takeover.
- Enforcing security and compliance policies.
Unlike traditional cybersecurity solutions focusing on perimeter and network security, cloud security leverages a data-centric approach to prevent unauthorised access, such as authorisation processes, data encryption, and multi-factor authentication.
As part of the information security model known as the CIA triad, cloud security works by maintaining the Confidentiality, Integrity, and Availability of data and operates in three primary cloud environments: public, private, and hybrid cloud services. The appropriate environment depends on the type of individual or organisation using cloud security, the nature of their business, and data needs.
Why Is Cloud Security Important?
Organisations use cloud computing and cloud-based collaboration or messaging tools to share files and information with colleagues and partners. At the same time, they can put regulated data and intellectual property (IP), such as trade secrets, engineering designs, and other sensitive corporate data, at risk.
Cloud computing infrastructure requires protection from cyber threats. Cloud security is a branch of cybersecurity devoted to this task. Not only is cloud security important for the protection of data, but it also helps industries and organisations meet compliance requirements, safeguard against reputation damages, establish business continuity in case of disruptive events, and even provides a competitive advantage in a highly cloud-based landscape.
Cloud security is essential in helping organisations address specific vulnerabilities and threats. Employee negligence or lack of training can create cloud security threats, such as oversharing files via public links that anyone can access. Data theft by insiders is also common. For example, salespeople leaving your company can steal data from cloud CRM services.
Shadow IT refers to using cloud apps and services without explicit IT approval. Users typically use unapproved software-as-a-service (SaaS) applications for file sharing, social media, collaboration, and web conferencing. Users who upload corporate data to unapproved apps may violate data privacy and residency regulations.
And there’s another growing challenge: third-party apps and scripts with OAuth permissions. OAuth-connected third-party apps access IT-approved cloud computing services, such as Microsoft Office 365 and Google G Suite. It is common to see a hundred, if not a thousand, apps and scripts in an organisation's cloud environment. Some pose risks because of poor design, giving them broader than necessary data permissions. Some are malicious or easy to exploit. What’s the danger of OAuth? Once an OAuth token is authorised, access to enterprise data and applications continues until revoked.
Cloud Security Risks & Challenges
Even with modern advancements in today’s cloud security, these systems still face several risks, challenges, and limitations. Some of the most common challenges include:
- Misconfiguration: As one of the most common cloud security vulnerabilities, misconfiguration occurs when cloud resources are not properly configured, thereby leaving critical gaps in cloud security systems and allowing malicious attackers to steal passwords, location data, and other sensitive information.
- Unauthorised access: With excessively permissive cloud access, unrestricted ports, and secret data management failures (e.g., poorly protected passwords, encryption keys, API keys, and admin credentials), malicious attackers can breach cloud-based resources.
- Data breaches: This common cloud security risk occurs when sensitive information is extracted from an organisation without its permission or awareness. Misconfigurations and the lack of runtime protection can leave data vulnerable to theft, resulting in financial loss, reputational damage, and legal liabilities.
- Insecure interfaces: Failure to properly secure interfaces and APIs provides a doorway for threat actors to gain access to cloud accounts and steal sensitive data and information, such as financial information, passwords, health records, and more.
- Account hijacking: Cyber-attackers utilise password-cracking techniques to guess or steal login credentials and breach access to cloud resources, often leading to financial losses, compromised information, and reputational damage.
- Unmanaged attack surface: When organisations migrate to the cloud without understanding how to secure their data, sensitive information and resources are left vulnerable to exploitation by attackers, resulting in many issues.
- Human error: From using weak passwords to falling victim to phishing scams, human error is a common issue that puts cloud security systems at risk. Statistics show that 88% of cloud-based data breaches are attributed to human error.
- Inadequate change control: When change management and control protocols are inadequate or neglected, unnoticed misconfigurations can occur, resulting in unauthorised access, data breaches, and data leaks.
Organisations and cybersecurity teams also face challenges in delineating where cloud service provider responsibilities end, and their own responsibilities begin, and those gaps can lead to vulnerabilities.
Types of Cloud Security Solutions
Today, organisations leverage multiple types of cloud security solutions to safeguard their data. These solutions can be used together to establish a holistic and effective cloud security strategy.
Identity and Access Management (IAM)
IAM manages user identities and access to cloud resources. It ensures proper authentication, authorisation, and user management to prevent unauthorised access while providing granular control over who can access specific cloud resources and what actions they can perform.
Network and Device Security
Network and device security reinforces cloud infrastructure and devices against network-level attacks and ensures proper configuration. This cloud security solution – which includes firewalls, IdPs, and VPNs – helps protect against DDoS attacks, malware, and other external threats. Endpoint protection and mobile device management can also help secure devices used to access cloud resources.
Security Monitoring and Alerting
Continuous monitoring, detection, and alerts use tools like IdPs and SIEM systems to provide real-time monitoring of cloud resources and help organisations respond quickly to security threats. Security monitoring solutions also collect and analyse data from various sources to identify potential security incidents and generate alerts.
Cloud Access Security Broker (CASB)
CASBs are a type of cloud security system that acts as a gatekeeper between an organisation's on-premises infrastructure and the cloud. They can effectively monitor and enforce security policies across all cloud applications and services, enabling organisations to gain visibility into cloud usage and enforce compliance with regulatory requirements.
Data Security protects data from unauthorised access, tampering, and loss, using encryption, data masking, and access controls. It includes securing data at rest, in transit, and in use. Data loss prevention (DLP) solutions, access control solutions, and encryption solutions can be used to protect sensitive data in the cloud.
Disaster Recovery and Business Continuity Planning
This vital solution involves planning strategies to restore cloud services during a disaster and minimise downtime. Disaster recovery involves identifying critical data and applications and establishing recovery time objectives (RTOs) and recovery point objectives (RPOs) to ensure that data and applications can be restored within acceptable timeframes.
Legal compliance ensures that cloud services comply with legal and regulatory requirements, including data privacy and protection. Compliance with regulations such as HIPAA, GDPR, and CCPA is critical for organisations that handle sensitive data. Legal compliance involves implementing appropriate controls to protect data privacy and ensuring that cloud services meet regulatory requirements.
Governance establishes policies and procedures to govern cloud service usage and ensure proper risk management and compliance reporting. It ensures that cloud services comply with industry regulations and standards. Governance involves identifying and managing risks associated with cloud services and establishing appropriate controls to mitigate them. It also involves establishing policies and procedures for data classification, access control, and incident response.
- Implement a strong password policy and multi-factor authentication.
- Encrypt data both in transit and at rest.
- Regularly back up data and test the recovery process.
- Implement security monitoring and logging to detect and respond to threats.
- Keep systems and software current with the latest patches and updates.
- Limit access to sensitive data and applications to only authorised personnel.
- Conduct regular security audits and risk assessments.
- Establish a clear security incident response plan.
- Train employees on security best practices and make them aware of potential threats.
- Choose a reliable cloud service provider with a good security track record.
- Visibility. This is a consolidated view of an organisation's cloud service landscape, including details about users accessing data in cloud services from any device or location.
- Data Security. Some CASBs provide the ability to enforce data security policies to prevent unwanted activity. Policies are applied through data loss prevention (DLP) controls such as audit, alert, block, quarantine, delete and view only.
- Threat Protection. CASBs provide adaptive access controls to prevent unwanted devices, users, and certain versions of apps from accessing cloud services. Cloud app access can be changed based on signals observed during and after login.
- Compliance. CASBs help organisations demonstrate that they are governing the use of cloud services. CASBs assist efforts to conform to data residency and regulatory compliance requirements.
Cloud Security Threats & Vulnerabilities
Cyber criminals often exploit vulnerabilities and weaknesses in cloud security to gain access to valuable data and assets. Once attackers get their hands on cloud account credentials, they impersonate legitimate users. They can trick your people into wiring money to them or releasing corporate data. They can also hijack email accounts to distribute spam and phishing emails.
A study of more than 1,000 cloud service tenants with over 20 million user accounts found over 15 million unauthorised login attempts in the first half of 2019 alone. More than 400,000 of these attempts resulted in successful logins. About 85% of tenants were targeted by cyber-attacks, and 45% had at least one compromised account in their environment.
Cyber criminals tend to target popular SaaS applications like Microsoft Office 365 and Google G Suite. Just about everyone at your company uses these applications, which hold the key to business communication and vital data. Attackers use a variety of techniques and exploit several vulnerabilities to compromise cloud account credentials and take advantage of vulnerable users, including:
- Intelligent Brute-Force Attacks: Brute-force attacks are a trial-and-error technique in which the attacker submits many username and password combinations until something works. What makes such attacks intelligent is using automated tools to expose multiple combinations of usernames with passwords in large credential dumps.
- Advanced Phishing Campaigns: Otherwise known as credential phishing, these targeted and well-crafted campaigns come in various forms and deceive people into revealing their authentication credentials. Attackers usually carry out phishing via socially engineered emails.
- Password Recycling: This common cloud security threat is characterised by the same password used across multiple accounts. If an attacker gets their hands on an account’s credentials from an unrelated data breach, they can leverage password recycling to breach other sensitive accounts and data.
- Data Loss and IP Theft: On any typical business day, people share information with colleagues, partners, and others via cloud-based collaboration or messaging tools. But lack of employee training on cloud security or worker malice could result in sharing sensitive data with those who shouldn’t be able to see it.
- Malicious File Shares: Phishing links, credential stealers, and downloaders are typically used in these types of attacks. Threat actors also distribute malware via cloud services such as Dropbox.
- Data Breaches: One of the most significant risks associated with cloud security is the potential for a data breach. Hackers can gain access to cloud-based systems and steal sensitive information, such as financial data, personal information, or intellectual property.
- Shadow IT: People and departments within an enterprise often deploy new cloud apps and services without the approval, or even awareness, of IT security managers. These services may result in data loss, data oversharing, compliance issues, and more.
- Insider Threats: Employees or contractors with access to cloud-based systems can intentionally or unintentionally cause data breaches, steal data, or leak sensitive information.
- Distributed Denial of Service (DDoS) Attacks: Cloud-based systems can be targeted by DDoS attacks that overload the system and prevent legitimate users from accessing cloud resources.
- Insecure APIs: Application programming interfaces (APIs) used to access cloud-based services can be vulnerable to attacks, such as injection attacks or man-in-the-middle attacks.
- Shared Infrastructure Vulnerabilities: Cloud-based systems often use shared infrastructure, which means a vulnerability in one customer’s system could potentially expose data for all customers on the same infrastructure.
- Compliance Risks: Cloud-based systems must comply with various regulations and standards, such as HIPAA, PCI-DSS, and GDPR. Failure to comply with these regulations can result in legal and financial penalties.
Enterprises face growing cloud compliance risks in the face of ever-changing cybersecurity regulations. Government and industry regulations require you to know where your data is in the cloud and how it is being shared. The European Union General Data Protection Regulation (GDPR) affects millions of organisations. That’s why developing a plan to comply with the new rules is critical for all organisations.
Today’s attacks target people, not technology. This is just as true for the cloud as it is on-premises. As businesses move their messaging and collaboration platforms from the corporate network to the cloud, they become vulnerable to attack.
Tips for Cloud Security Protection
Fortunately, many security strategies are available for organisations and cybersecurity teams to increase cloud security. From limiting access to cloud-based resources to encrypting and backing-up data, here are several tips for cloud security protection:
Protect Against Cloud-Based Security Threats
It’s worth repeating: Cyber criminals tend to target people, not technology, with popular cloud-delivered SaaS applications such as Microsoft Office 365 or Google G Suite. A CASB with a broad complement of cloud security solutions offers the best defence against today’s people-centric threats.
Use Strong Authentication Mechanisms
Multi-factor authentication (MFA) is a critical and easy-to-implement security control that requires users to provide multiple forms of authentication to access cloud resources. This can include a password, PIN, biometric information, or something the user has, like a token or smart card. MFA significantly reduces the risk of unauthorised access to cloud resources, even if a user’s password is compromised.
Limit Access to Cloud Resources
Another vital strategy hinges on access controls, particularly limiting access to cloud resources to users who require it. This can include implementing role-based access controls, where users are granted permissions based on their role within the organisation, or using network segmentation to restrict access to specific cloud resources.
Back-Up Your Data
Data backups are a cloud security best practice for data recovery in case of a data leak or security breach. Backups should be performed regularly and stored in a secure location separate from your primary data storage. In addition to helping you recover from a data loss, backups also help you comply with regulatory requirements and ensure business continuity.
Keep Systems Up to Date
Keeping software and systems up to date is an essential security control that helps mitigate the risk of known vulnerabilities. This includes applying security patches and updates as soon as they become available, as well as regularly updating antivirus and other security software.
Train Your Employees
Security awareness training is a powerful element of any security programme. By educating employees on cloud security best practices, you can help them understand the importance of security and their role in protecting the organisation’s data and systems. This can include training on password management, phishing awareness, and social engineering detection.
Regularly Monitor Your Cloud Resources
Monitoring is an essential security control that lets you quickly detect and respond to security incidents. This can include monitoring network traffic, system logs, and user activity to identify suspicious behaviour and potential security threats.
Stay in Compliance
As your employees, contractors and partners share more data in the cloud, the risk of a breach increases. You need risk-aware cloud security that connects the dots to detect and prevent such breaches. In addition, compliance with government regulations and industry mandates is essential. These include the following: personally identifiable information (PII) such as Social Security numbers or date of birth; consumer payment card information (PCI); and protected health information (PHI) such as medical records.
Manage Cloud Apps in Your Environment
Given the proliferation of cloud-delivered apps, governance of the use of those apps is essential. The average enterprise has an estimated 1,000 cloud apps, and some have serious cloud security gaps. They can violate data residency regulations, such as GDPR. In addition, attackers often use third-party add-ons and social engineering to trick people into granting broad access to your approved SaaS apps.
Cloud-app governance capabilities provide important critical visibility into cloud security threats. They also provide important controls that alert and coach end users and set up automated responses for cloud access, such as “allow”, “read-only”, or “block”.
In addition to these tips, a CASB with a broad complement of cloud security solutions with robust detection, remediation, and risk-based authentication capabilities offers the best defence against today’s people-centric threats, including brute-force attacks, phishing attacks, and malicious file shares.
What Does a Robust Cloud Security Strategy Include?
A robust cloud security strategy entails several key elements. These include:
- A robust user security system that involves multi-factor authentication (MFA) and role-based access control to prevent unauthorised access.
- Clear policies and procedures on data handling, change management, and internal communications within the cloud service provider’s organisation.
- Highly secure cloud protection solutions that use dedicated encryption keys, computational resources, network links, and storage infrastructure.
- Secure APIs, including the tracking, configuration, and monitoring of the attack surface provided by APIs.
- Disaster recovery and redundancy procedures to ensure business continuity in the event of a security breach or disaster.
- Risk assessment frameworks with recurring vulnerability analysis to improve static and dynamic security policies.
- Cybersecurity solutions integrated into the cloud, including defined principles, solutions, and architectures that prevent security vulnerabilities in their early stages.
These elements, along with maintaining confidentiality, integrity, and availability (CIA), are fundamental to establishing a resilient cloud security architecture that prevents cyber-attacks and employs targeted action when and where needed.
How Proofpoint Can Help
Proofpoint offers various cloud security solutions to protect against advanced threats targeting people through email and cloud apps. Among the tools and platforms that Proofpoint provides include:
- Targeted Attack Protection: designed to detect, analyse, and block known and new threats that use malicious files and unsafe URLs.
- Web Security Services: provides visibility into web-based threats, controls access to risky websites and cloud services, and protects data while users are online.
- Information and Cloud Security Platform: combines multiple products to defend data, investigate insider risk, and block cloud threats.
Proofpoint’s cloud security solutions aim to prevent unauthorised access to sensitive data and resources and protect users’ cloud-based accounts from takeover. To learn more, contact Proofpoint today.
 Gartner Inc. “Magic Quadrant for Cloud Access Security Brokers”
 Proofpoint. “Cloud Attacks Prove Effective Across Industries in the First Half of 2019”