7th May 2021, Kathmandu
Cloud vulnerability (Cloud Security Monitoring – Reduce Hours of Vulnerability)
Many organizations are continuously trying to establish on cloud nowadays, which is one of the most important reasons why security measures need continuous monitoring and update to prevent data leaks. Users end acts more as a significant source for attacks and malware because cloud applications such as Microsoft or Google are well equipped with security.
Cloud computing can also be beneficial, such as faster time to market and potentially lower cost depending upon the nature of the cloud. The public cloud has more capabilities whereas the private cloud with limited capabilities.
Organizations that adopt cloud technologies or Cloud service providers (CSPs) without having full knowledge about the risks or possible threats have high chances of exposing themselves. Complexity is the enemy of security, and we all know Cloud infrastructure can be complex. Yet, cloud security experts claim that companies can benefit from the security solutions built into the cloud. Meanwhile, organizations can also expose critical data and create a grave error in the system.
Like every other security risk cloud also includes unauthorized access and misuse of employee credentials. Unauthorized access through improper access control and insecure APIs is one of the biggest perceived security vulnerabilities in the cloud by 40%.
Similar to traditional data center environments, cloud environments also experience a high-level threat which is cloud computing runs software; software has vulnerabilities and adversaries to exploit those vulnerabilities. These vulnerability handling responsibilities are shared between CSP and cloud consumers. Therefore, the consumer must know the division of responsibility and trust that CSP fulfills their responsibilities.
Some of the computing vulnerabilities are:
Misconfigured cloud storage
Many companies cost more because organizations continue to make the mistake of misconfiguration of cloud storage (a rich source of stolen data for criminals). Various tools are emerging that allow attackers to detect misconfigured cloud storage. It escalates major security breaches for organization and their customers. Some of the misconfigurations are:
- AWS Security group misconfiguration: This group is responsible for providing security at the source, destination, port, and protocol access levels. It can allow an attacker to access cloud-based servers and exfiltrate data.
- Lack of access restrictions: if insecure, organizations can have devastating consequences because attackers can gain access to data stored in the cloud and downloading confidential data.
To prevent misconfigured cloud storage by double-checking the configuration upon setting up a cloud server, using specialized tools to check the state of security configurations and identify vulnerabilities beforehand and control who can create and configure cloud resources.
Insecure APIs
Application user interfaces (APIs) define interactions between multiple software applications or mixed hardware-software intermediaries commonly between offices. APIs are known for their convenience and ability to boost efficiency.
Attackers can easily exploit insecure APIs by accessing enterprise data and launch DDoS attacks. The number of attacks is increasing as companies increase their dependencies on APIs.
To prevent conduct penetration tests, use SSL/TLS encryption on transmitted data, and be selective of sharing APIs keys with.
Poor access management
Web applications, stolen or lost credentials have always been the most widely used tools by attackers for breaching. This management ensures that it can perform only the needed task using authorization.
User password fatigue, Inactive assigned users, multiple administration accounts, users bypassing controls are some of the challenges that organizations face.
To prevent enterprise needs to develop a data governance framework for users account, account should be directly linked to Active Directory or central directory services, use cloud-native or third-party tools, ensure logging and event monitoring mechanisms to detect unusual activities, tightly controlled and managed access keys to avoid data leakage.