Cloud Security

Cloud security refers to the set of technologies, applications, controls, and policies used to protect people, data, and infrastructure from cyber-attacks and compliance risks on cloud computing platforms. It relies on a collection of security measures designed to address both external and internal security threats to organizations, including controlling security, compliance, and other usage risks of cloud computing and data storage.

By guarding data and assets, cloud security can provide a critical safety net for organizations that rely on cloud-based solutions. It establishes increased reliability and availability of information, reduces upfront and ongoing costs related to data protection, enables easier scalability, and provides improved protection against sophisticated attacks on people and systems.

A key element of cloud security is a CASB, which stands for Cloud Access Security Broker or Cloud App Security Broker. A CASB can be deployed on-premises or in the cloud, sitting between cloud service users and cloud applications. It monitors cloud activity, blocks attacks, and enforces security policies.^[1]

Unlike traditional cybersecurity solutions focusing on perimeter and network security, cloud security leverages a data-centric approach to prevent unauthorized access, such as authorization processes, data encryption, and multi-factor authentication.

As part of the information security model known as the CIA triad, cloud security works by maintaining the Confidentiality, Integrity, and Availability of data and operates in three primary cloud environments: public, private, and hybrid cloud services. The appropriate environment depends on the type of individual or organization using cloud security, the nature of their business, and data needs.

Organizations use cloud computing and cloud-based collaboration or messaging tools to share files and information with colleagues and partners. At the same time, they can put regulated data and intellectual property (IP), such as trade secrets, engineering designs, and other sensitive corporate data, at risk.

Cloud computing infrastructure requires protection from cyber threats. Cloud security is a branch of cybersecurity devoted to this task. Not only is cloud security important for the protection of data, but it also helps industries and organizations meet compliance requirements, safeguard against reputation damages, establish business continuity in case of disruptive events, and even provides a competitive advantage in a highly cloud-based landscape.

Cloud security is essential in helping organizations address specific vulnerabilities and threats. Employee negligence or lack of training can create cloud security threats, such as oversharing files via public links that anyone can access. Data theft by insiders is also common. For example, salespeople leaving your company can steal data from cloud CRM services.

Shadow IT refers to using cloud apps and services without explicit IT approval. Users typically use unapproved software-as-a-service (SaaS) applications for file sharing, social media, collaboration, and web conferencing. Users who upload corporate data to unapproved apps may violate data privacy and residency regulations.

And there’s another growing challenge: third-party apps and scripts with OAuth permissions. OAuth-connected third-party apps access IT-approved cloud computing services, such as Microsoft Office 365 and Google G Suite. It is common to see a hundred, if not a thousand, apps and scripts in an organization’s cloud environment. Some pose risks because of poor design, giving them broader than necessary data permissions. Some are malicious or easy to exploit. What’s the danger of OAuth? Once an OAuth token is authorized, access to enterprise data and applications continues until revoked.

Even with modern advancements in today’s cloud security, these systems still face several risks, challenges, and limitations. Some of the most common challenges include:

• Misconfiguration: As one of the most common cloud security vulnerabilities, misconfiguration occurs when cloud resources are not properly configured, thereby leaving critical gaps in cloud security systems and allowing malicious attackers to steal passwords, location data, and other sensitive information.
• Unauthorized access: With excessively permissive cloud access, unrestricted ports, and secret data management failures (e.g., poorly protected passwords, encryption keys, API keys, and admin credentials), malicious attackers can breach cloud-based resources.
• Data breaches: This common cloud security risk occurs when sensitive information is extracted from an organization without its permission or awareness. Misconfigurations and the lack of runtime protection can leave data vulnerable to theft, resulting in financial loss, reputational damage, and legal liabilities.
• Insecure interfaces: Failure to properly secure interfaces and APIs provides a doorway for threat actors to gain access to cloud accounts and steal sensitive data and information, such as financial information, passwords, health records, and more.
• Account hijacking: Cyber-attackers utilize password-cracking techniques to guess or steal login credentials and breach access to cloud resources, often leading to financial losses, compromised information, and reputational damage.
• Unmanaged attack surface: When organizations migrate to the cloud without understanding how to secure their data, sensitive information and resources are left vulnerable to exploitation by attackers, resulting in many issues.
• Human error: From using weak passwords to falling victim to phishing scams, human error is a common issue that puts cloud security systems at risk. Statistics show that 88% of cloud-based data breaches are attributed to human error.
• Inadequate change control: When change management and control protocols are inadequate or neglected, unnoticed misconfigurations can occur, resulting in unauthorized access, data breaches, and data leaks.

Organizations and cybersecurity teams also face challenges in delineating where cloud service provider responsibilities end, and their own responsibilities begin, and those gaps can lead to vulnerabilities.

Today, organizations leverage multiple types of cloud security solutions to safeguard their data. These solutions can be used together to establish a holistic and effective cloud security strategy.

Identity and Access Management (IAM)

IAM manages user identities and access to cloud resources. It ensures proper authentication, authorization, and user management to prevent unauthorized access while providing granular control over who can access specific cloud resources and what actions they can perform.

Network and Device Security

Network and device security reinforces cloud infrastructure and devices against network-level attacks and ensures proper configuration. This cloud security solution – which includes firewalls, IdPs, and VPNs – helps protect against DDoS attacks, malware, and other external threats. Endpoint protection and mobile device management can also help secure devices used to access cloud resources.

Security Monitoring and Alerting

Continuous monitoring, detection, and alerts use tools like IdPs and SIEM systems to provide real-time monitoring of cloud resources and help organizations respond quickly to security threats. Security monitoring solutions also collect and analyze data from various sources to identify potential security incidents and generate alerts.

Cloud Access Security Broker (CASB)

CASBs are a type of cloud security system that acts as a gatekeeper between an organization’s on-premises infrastructure and the cloud. They can effectively monitor and enforce security policies across all cloud applications and services, enabling organizations to gain visibility into cloud usage and enforce compliance with regulatory requirements.

Data Security

Data Security protects data from unauthorized access, tampering, and loss, using encryption, data masking, and access controls. It includes securing data at rest, in transit, and in use. Data loss prevention (DLP) solutions, access control solutions, and encryption solutions can be used to protect sensitive data in the cloud.

Disaster Recovery and Business Continuity Planning

This vital solution involves planning strategies to restore cloud services during a disaster and minimize downtime. Disaster recovery involves identifying critical data and applications and establishing recovery time objectives (RTOs) and recovery point objectives (RPOs) to ensure that data and applications can be restored within acceptable timeframes.

Legal Compliance

Legal compliance ensures that cloud services comply with legal and regulatory requirements, including data privacy and protection. Compliance with regulations such as HIPAA, GDPR, and CCPA is critical for organizations that handle sensitive data. Legal compliance involves implementing appropriate controls to protect data privacy and ensuring that cloud services meet regulatory requirements.

Governance

Governance establishes policies and procedures to govern cloud service usage and ensure proper risk management and compliance reporting. It ensures that cloud services comply with industry regulations and standards. Governance involves identifying and managing risks associated with cloud services and establishing appropriate controls to mitigate them. It also involves establishing policies and procedures for data classification, access control, and incident response.

Cyber criminals often exploit vulnerabilities and weaknesses in cloud security to gain access to valuable data and assets. Once attackers get their hands on cloud account credentials, they impersonate legitimate users. They can trick your people into wiring money to them or releasing corporate data. They can also hijack email accounts to distribute spam and phishing emails.

A study of more than 1,000 cloud service tenants with over 20 million user accounts found over 15 million unauthorized login attempts in the first half of 2019 alone. More than 400,000 of these attempts resulted in successful logins. About 85% of tenants were targeted by cyber-attacks, and 45% had at least one compromised account in their environment.^[3]

Cyber criminals tend to target popular SaaS applications like Microsoft Office 365 and Google G Suite. Just about everyone at your company uses these applications, which hold the key to business communication and vital data. Attackers use a variety of techniques and exploit several vulnerabilities to compromise cloud account credentials and take advantage of vulnerable users, including:

• Intelligent Brute-Force Attacks: Brute-force attacks are a trial-and-error technique in which the attacker submits many username and password combinations until something works. What makes such attacks intelligent is using automated tools to expose multiple combinations of usernames with passwords in large credential dumps.
• Advanced Phishing Campaigns: Otherwise known as credential phishing, these targeted and well-crafted campaigns come in various forms and deceive people into revealing their authentication credentials. Attackers usually carry out phishing via socially engineered emails.
• Password Recycling: This common cloud security threat is characterized by the same password used across multiple accounts. If an attacker gets their hands on an account’s credentials from an unrelated data breach, they can leverage password recycling to breach other sensitive accounts and data.
• Data Loss and IP Theft: On any typical business day, people share information with colleagues, partners, and others via cloud-based collaboration or messaging tools. But lack of employee training on cloud security or worker malice could result in sharing sensitive data with those who shouldn’t be able to see it.
• Malicious File Shares: Phishing links, credential stealers, and downloaders are typically used in these types of attacks. Threat actors also distribute malware via cloud services such as Dropbox.
• Data Breaches: One of the most significant risks associated with cloud security is the potential for a data breach. Hackers can gain access to cloud-based systems and steal sensitive information, such as financial data, personal information, or intellectual property.
• Shadow IT: People and departments within an enterprise often deploy new cloud apps and services without the approval, or even awareness, of IT security managers. These services may result in data loss, data oversharing, compliance issues, and more.
• Insider Threats: Employees or contractors with access to cloud-based systems can intentionally or unintentionally cause data breaches, steal data, or leak sensitive information.
• Distributed Denial of Service (DDoS) Attacks: Cloud-based systems can be targeted by DDoS attacks that overload the system and prevent legitimate users from accessing cloud resources.
• Insecure APIs: Application programming interfaces (APIs) used to access cloud-based services can be vulnerable to attacks, such as injection attacks or man-in-the-middle attacks.
• Shared Infrastructure Vulnerabilities: Cloud-based systems often use shared infrastructure, which means a vulnerability in one customer’s system could potentially expose data for all customers on the same infrastructure.
• Compliance Risks: Cloud-based systems must comply with various regulations and standards, such as HIPAA, PCI-DSS, and GDPR. Failure to comply with these regulations can result in legal and financial penalties.

Enterprises face growing cloud compliance risks in the face of ever-changing cybersecurity regulations. Government and industry regulations require you to know where your data is in the cloud and how it is being shared. The European Union General Data Protection Regulation (GDPR) affects millions of organizations. That’s why developing a plan to comply with the new rules is critical for all organizations.

Today’s attacks target people, not technology. This is just as true for the cloud as it is on-premises. As businesses move their messaging and collaboration platforms from the corporate network to the cloud, they become vulnerable to attack.

Fortunately, many security strategies are available for organizations and cybersecurity teams to increase cloud security. From limiting access to cloud-based resources to encrypting and backing-up data, here are several tips for cloud security protection:

Protect Against Cloud-Based Security Threats

It’s worth repeating: Cyber criminals tend to target people, not technology, with popular cloud-delivered SaaS applications such as Microsoft Office 365 or Google G Suite. A CASB with a broad complement of cloud security solutions offers the best defense against today’s people-centric threats.

Use Strong Authentication Mechanisms

Multi-factor authentication (MFA) is a critical and easy-to-implement security control that requires users to provide multiple forms of authentication to access cloud resources. This can include a password, PIN, biometric information, or something the user has, like a token or smart card. MFA significantly reduces the risk of unauthorized access to cloud resources, even if a user’s password is compromised.

Limit Access to Cloud Resources

Another vital strategy hinges on access controls, particularly limiting access to cloud resources to users who require it. This can include implementing role-based access controls, where users are granted permissions based on their role within the organization, or using network segmentation to restrict access to specific cloud resources.

Back-Up Your Data

Data backups are a cloud security best practice for data recovery in case of a data leak or security breach. Backups should be performed regularly and stored in a secure location separate from your primary data storage. In addition to helping you recover from a data loss, backups also help you comply with regulatory requirements and ensure business continuity.

Keep Systems Up to Date

Keeping software and systems up to date is an essential security control that helps mitigate the risk of known vulnerabilities. This includes applying security patches and updates as soon as they become available, as well as regularly updating antivirus and other security software.

Train Your Employees

Security awareness training is a powerful element of any security program. By educating employees on cloud security best practices, you can help them understand the importance of security and their role in protecting the organization’s data and systems. This can include training on password management, phishing awareness, and social engineering detection.

Regularly Monitor Your Cloud Resources

Monitoring is an essential security control that lets you quickly detect and respond to security incidents. This can include monitoring network traffic, system logs, and user activity to identify suspicious behavior and potential security threats. 

Stay in Compliance

As your employees, contractors and partners share more data in the cloud, the risk of a breach increases. You need risk-aware cloud security that connects the dots to detect and prevent such breaches. In addition, compliance with government regulations and industry mandates is essential. These include the following: personally identifiable information (PII) such as Social Security numbers or date of birth; consumer payment card information (PCI); and protected health information (PHI) such as medical records.

Manage Cloud Apps in Your Environment

Given the proliferation of cloud-delivered apps, governance of the use of those apps is essential. The average enterprise has an estimated 1,000 cloud apps, and some have serious cloud security gaps. They can violate data residency regulations, such as GDPR. In addition, attackers often use third-party add-ons and social engineering to trick people into granting broad access to your approved SaaS apps.

Cloud-app governance capabilities provide important critical visibility into cloud security threats. They also provide important controls that alert and coach end users and set up automated responses for cloud access, such as “allow,” “read-only,” or “block.”

In addition to these tips, a CASB with a broad complement of cloud security solutions with robust detection, remediation, and risk-based authentication capabilities offers the best defense against today’s people-centric threats, including brute-force attacks, phishing attacks, and malicious file shares.

These elements, along with maintaining confidentiality, integrity, and availability (CIA), are fundamental to establishing a resilient cloud security architecture that prevents cyber-attacks and employs targeted action when and where needed.

Proofpoint offers various cloud security solutions to protect against advanced threats targeting people through email and cloud apps. Among the tools and platforms that Proofpoint provides include:

• Targeted Attack Protection: designed to detect, analyze, and block known and new threats that use malicious files and unsafe URLs.
• Web Security Services: provides visibility into web-based threats, controls access to risky websites and cloud services, and protects data while users are online.
• Information and Cloud Security Platform: combines multiple products to defend data, investigate insider risk, and block cloud threats.

Proofpoint’s cloud security solutions aim to prevent unauthorized access to sensitive data and resources and protect users’ cloud-based accounts from takeover. To learn more, contact Proofpoint today.

[1] Gartner Inc. “Magic Quadrant for Cloud Access Security Brokers”
[2] Ibid.
[3] Proofpoint. “Cloud Attacks Prove Effective Across Industries in the First Half of 2019”