Get best of the week

Cloud Infrastructure Vulnerabilities



You have already heard a lot about how convenient it is to use the clouds and the remote work format in order to maintain or even develop a business. Cloud4Y suggests talking about how to protect the new work format.

So, in order not to become a victim of a cyberattack, protect your IT infrastructure with these simple tips.

For me, as a person working in the financial sector, IT security is an important element in writing every line of code. The number of safety tests and additional costs of the whole process is simply insane compared to my previous places of work. Although I do not think that all this is bad, there are certain difficulties with the automation of these tests to include them in a cloud-based pipeline for continuous assembly and deployment of applications (CI / CD). However, there are a number of general security policies and tests that can help prevent some common mistakes when deploying the cloud.

What additional security risks could potentially arise when hosting an application in the cloud? We describe six of them:

  1. Data privacy violation;
  2. Incorrect configuration and inadequate change control;
  3. Lack of security strategies in the cloud and security architecture;
  4. Lack of identification, separation of rights and access control procedures;
  5. Hacking and theft of accounts;
  6. Internal threats

Threat 1. Data privacy violation




What is the threat?

Sensitive and confidential information may be published, viewed, or stolen by an unauthorized person.

What could be the reason

  • Target attack
  • Human error
  • Application vulnerabilities
  • Lack of security measures

Cloud specifics

  • Large attack surface due to shared and shared resources
  • Cloud service providers often become an attractive target for hackers due to the popularity and huge amount of data stored.
  • There is a distribution of responsibility when the client is responsible for data security, and the cloud provider is only responsible for the availability of infrastructure and tools.

Attack scheme



Recommendations and protective measures

  • Protection in depth - creating protection in the client cloud;
  • Principle of least privilege;
  • Introduction of monitoring and journaling procedures in the cloud;
  • A reliable and proven incident response plan;
  • Encryption can help protect data, but adversely affects system performance.

Threat 2. Incorrect configuration and inadequate control




“Almost all successful attacks on cloud services are the result of incorrect client configuration, mismanagement or errors.” - Neil MacDonald, Gartner Analyst

Cloud specifics

Incorrectly configured cloud servers, including:

  • Public cloud storage
  • Unsecured Cloud Databases
  • Inappropriately protected backups
  • Open NAS connected to the Internet

 Recommendations and protective measures

  • Full description of the infrastructure life cycle
  • Flexible, proactive cloud management
  • Confidential Data Encryption
  • Logging Configuration Changes

Threat 3. Lack of cloud security strategy and security architecture




What is the threat?

The lack of an appropriate cloud security architecture makes organizations vulnerable to attacks.

Factors contributing to the threat:

  • Secure cloud architecture requires new features and new tools.
  • Organizations have to learn new technologies when it comes to cloud adoption.

Cloud specifics

  • New, and therefore sophisticated, technologies are used;
  • A new hybrid cloud security model is needed;
  • The right balance is needed between innovation and control;
  • There is no reference architecture or documentation.

Recommendations and protective measures

  • Ensure that your security architecture is aligned with your business goals and objectives.
  • Design and implement a security architecture framework.
  • Ensure that the threat model is constantly updated.
  • Ensure continuous visibility of the actual security status.

Threat 4. Inadequate identification, separation of rights and access control procedures




What is the threat?

Unauthorized access to sensitive data due to lack of protection through identity and access control (IAM).

Safety incidents are due to:

  • Inadequate credential protection.
  • Lack of regular automatic rotation of cryptographic keys, passwords and certificates.
  • Lack of scalable identity access control systems.
  • Refusal to use multi-factor authentication and strong passwords.

Cloud Specifics

Using stolen keys or credentials, attackers can:

  • Read, filter, modify and delete data
  • Obtain management and control privileges
  • Watch transmitted data
  • Introduce malware by disguising it as acquired from legitimate sources

Recommendations and protective measures

  • Use temporary security credentials (AWS IAM roles) instead of long-term access keys
  • Do not insert access keys directly into the code. Use different keys for different applications.
  • Change keys periodically
  • Remove unused access keys
  • Set up multi-factor authentication for your most important tasks.

Threat 5. Hacking and account theft




What is the threat?

Attackers gain access to accounts with high privileges or sensitive data.

What could be the reason:

  • Inadequate Identity and Access Control (IAM) measures.
  • Lack of logs, monitoring, and alerts at the account level.
  • Lack of protection in the client cloud (deep protection)
  • Lack of protection against phishing and exploitation of stolen credentials.

Cloud specifics

  • It is likely to get cloud service accounts and services.
  • Uncertainty stems from the cloud service delivery model.
  • Data and applications reside in cloud services that are available through a cloud account or subscription.
  • /
  • ,



  • ,
  • IAM : , , , .
  • IP-,

6.




What is the threat?

Potentially, an employee can (maliciously or accidentally) adversely affect an organization. An example is insiders, company representatives with direct access to networks, computer systems and confidential data.



Recommendations and protective measures

  • Limit the radius of possible impact using Identity and Access Policies (IAM) and least privileges.
  • Prevent "unintentional insider behavior."
  • Provide employees with a secure work environment by default
  • Automated configuration management, initialization and protection.
  • Introducing new monitoring and discovery capabilities for cloud environments (SaaS / PaaS / Iaas).
  • Develop a business continuity plan.

What else is useful to read on the Cloud4Y blog

Computer brands of the 90s, part 3, final
What is the geometry of the Universe?
Easter eggs on topographic maps of Switzerland
How the hacker’s mother got into prison and infected the boss’s computer
How the bank “broke”

Subscribe to our Telegram channel so as not to miss another article. We write no more than twice a week and only on business.

More articles:


All Articles