Application Security in the Cloud: The New Risks Developers and Analysts Face

blog

Application Security in the Cloud: The New Risks Developers and Analysts Face

In the wake of COVID-19, the world had to acknowledge that the cloud was here to stay. Businesses all around the world needed to make snap decisions – what kind of technology is necessary to keep us afloat?

With the number of companies rapidly adopting SaaS tools and cloud computing solutions to keep their businesses going throughout the pandemic, protecting the cloud and cloud applications became a top priority. And while incredibly useful tools such as Zoom and Slack revolutionized the way that we do business, they also brought a swathe of security issues with them. How can we ensure that business in the cloud is as secure as a business on the ground?

Understanding the differences between responsible cloud and non-cloud application security is essential. With the market worth of cloud application services expected to reach over $140 million in the next few years, failing to appropriately plan could be disastrous for businesses that are placing their trust in this cutting-edge technology.

Conventional App Security Tactics

Some of the problems that come with non-cloud application development are still true for cloud-based projects too. Challenges such as misconfiguration and account hijacking are an eternal threat for developers, but these challenges become magnified when they are moved onto the cloud.

Misconfiguration

Poorly configured applications are easy pickings for would-be threat actors. With 42% of outside attacks coming from software flaws and 35% coming from compromised web applications. Weak development processes are prime hunting grounds for hackers to pick apart and dive into the tender underbelly of your organization.

The Insider Threat

A disgruntled employee is not just bad for morale, but potentially dangerous for application security. Even the best application security processes can be unwound by an angry insider threat, determined to attack the business.

Managing insider threats in a closed perimeter security system is not easy, but creating baselines of performance and effective man-management processes are the best way to fight off grumpy individuals.

Hijacked Accounts

The easiest way to gain access to a well-secured system is to hijack a legitimate account. Gaining access to the necessary credentials to access said account is the hard part, but there are numerous ways in which malicious actors could gain them.

Phishing. Phishing attacks are the most common cyber-attack – in 2020, there were almost 250,000 separate phishing incidents across the United States. By tricking non-tech-savvy individuals to send out their log-in details, phishers can gain access to a system and release harmful malware.

Credential stuffing. When a data leak happens, employees who reuse passwords become a serious security risk. Leaked credentials can be stolen by hackers and then used to brute force a variety of websites – potentially including your cloud solution.

Malware. Drive-by malware infections, macro virus attacks, and Trojan horses can all catch even the most security-minded surfer off guard. Innocent surfing can quickly turn into an infection that leaks credentials to the internet (through RDP attacks or keyloggers), leaving the duped party with a hijacked account.

Are Conventional Defenses Suitable In The Cloud?

Because managing a cloud is so different from managing on-premise security, older defenses are now less effective. Trying to fit the broad needs of the cloud into previously successful security models will not work.

As cyber-crime continues to rise to new heights, now is the time to adopt new protocols that both ensure the overall security of an organization as well as a better understanding of how the cloud works.

How Has The Cloud Changed Application Security Techniques?

Shared Links and InfoSec

If you happen to use the most popular cloud-based document sharing platform in the world, you will know that you can share links to your work with pretty much anyone. This includes sending links that allow anyone to access the documents.

While this can be majorly convenient, it makes managing information extremely difficult. Hackers don’t need to hack anymore. They could poison a watering hole or use social engineering tactics to gain access to a link, creating holes in your secure environment.

Defense. A wayward link can be almost impossible to deal with when it is out there, but creating policies around your data at rest can reduce the chances of these unnecessary leaks. Stopping these links from spreading by disallowing them is a top priority.

Solution. Microsoft advises that you understand, classify, and protect sensitive data to stop exposure and leaking. Building automated processes into your security policy and your cloud app to stop “anyone can access” links is the first step.

Insider Man On The Outside

An insider who is working against your company’s goals is a severe problem. But when you move data onto the cloud, there is no such thing as an insider anymore – all data is stored outside the bounds of your security perimeter.

Because all individuals are now possible inside attackers, taking time to identify threats is key. Organization-wide education of end-users is necessary to stop human error as much as possible, as well as creating a baseline for expected behavior from your employees.

Defense. Identify weak points in the business’s security perimeter and secure them as much as possible. Virtual machines and containers in particular need special attention from SecOps and DevSecOps teams.

Solution. Apply the principle of least privilege whenever necessary as well as limit the permissions of outside applications.

Shadow IT

Defined by McAfee as any IT projects that are managed outside of and without the knowledge of the IT department, Shadow IT occurs in organizations with poor application control. Whereas a wayward app might be installed locally in an office situation, the cloud opens up the possibility of sapping a huge amount of resources at very high costs.

This can include onboarding trustworthy apps that become compromised and start to become mouthpieces for nefarious activity such as botnets or crypto-jacking.

Defense. Understanding the processes that do and should occur in your organization are key. What level of activity should we expect from our SaaS programs? What risks can we identify when we see activity that deviates from our expectations?

Solution. Use Cloud Discovery technology to identify what apps and processes are actually in your cloud infrastructure. Identifying shadow IT processes (as well as malware that is hampering your applications) and removing them from your organization will then allow you to return to baseline performance.

Container Vulnerabilities

Although containers offer a range of useful features, they come with a range of security issues. Even the biggest names on the market today can be riddled with vulnerabilities that make security analysts nervous.

A development team with a container-heavy approach to work may uncontrollably spin up vulnerable environments that need to be addressed. Having a centralized policy of how containers are used and the appropriate security policies for dealing is necessary.

Defense. Stopping containers from becoming weak points in the organization’s security setup. Minimize the attack surface and educate your team as much as possible.

Solution. Patch and restrict the use of containers, especially in the way they are spun up and closed. Creating safe environments (such as virtual machines to house the containers) can effectively stop container sprawl.

How Do These New Techniques Improve The Situation?

Cutting down on shared links, container vulnerabilities, human error, and identifying shadow IT in your infrastructure will change your cloud infrastructure from a potential hotbed for wasted processes and malware. Instead, it will be an efficient cloud that is scalable, secure, and compliant.

After the initial stage of cloud adoption, there is no reason not to onboard application security processes. Application analysis, shadow IT identification systems, and better end-user education will allow your cloud security processes to mature and for you to make your remote applications just as secure as your local ones.

AppSec Phoenix can seamlessly add your cloud to the assets it defends, meaning that you can scan, orchestrate, analyze, and build reports about your infrastructure. Expanding your non-cloud defenses into the cloud is now easier than ever – one unified piece of software to secure your organization.

AppSec

AppSec

Francesco Cipollone

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

22nd September 2021

appsec threat

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

From our Blog

Zero-Day Alert: Lace Tempest CVE-2023-47246 Vulnerability in SysAid Software Exploited by Ransomware Group

Critical Alert: Discover the implications of the Lace Tempest CVE-2023-47246 vulnerability in SysAid software, exploited by the notorious ransomware group TA505 also known as cl0p. Learn path traversal flaw, Microsoft’s insights, and urgent patching advice. Stay informed on the latest in cybersecurity with Phoenix Security’s insights and solutions for mitigating this high-impact ransomware threat. Focus on your vulnerability management program and application security program

Francesco Cipollone

What you need to know about Apache’s CVE-2023-46604 Exploit and Its Impact on Apache ActiveMQ

Explore the critical insights into Apache’s CVE-2023-46604 vulnerability. Learn how this exploit impacts Apache ActiveMQ and the best practices in vulnerability management to mitigate risks. Stay compliant with CISA KEV guidelines for your application security program

Francesco Cipollone

Unpacking Atlassian’s Confluence Vulnerability CVE-2023-22515 CVE-2023-22518 and Its Global Cybersecurity Implications

Discover the critical Atlassian Confluence vulnerability, CVE-2023-22518 and CVE-2023-22515, actively exploited by Storm-0062 (also recognized as DarkShadow or Oro0lxy) and added in CISA . Learn about the risks and the urgent patches needed to secure your systems for your vulnerability management and application security program

Francesco Cipollone

📣Phoenix Security Now Offers 150+ Integrations! 📣via API visualize your vulnerabilities with Cyber risk graph on enterprise-grade platform

Enhance your security posture with Phoenix Security’s Azure Integration. Featuring Azure Defender for Endpoint, Cloud, and DevOps, prioritize vulnerabilities and link to automated resolution actions. Part of 70+ integrations for end-to-end security.

Alfonso Eusebio

F5’s Big IP CVE-2023-46747 Critical Security Flaw: A Deep Dive into CVE-2023-46747 and Its Exploit Chain

Explore a deep dive into Cisco’s latest critical zero-day vulnerability affecting IOS XE software. Learn about CVE-2023-20198, its impact, and best practices in Cisco vulnerability management. Act now to safeguard your enterprise network with Phoenix Security

Francesco Cipollone

SolarWinds Faces SEC Lawsuit Over 2019 Cyberattack: A Deep Dive into the Charges and Lesson Learned

Explore the implications of the SEC’s lawsuit against SolarWinds for cybersecurity lapses and how Phoenix Security can help organizations align their cybersecurity posture with business goals. Learn about vulnerability management, risk-based decision-making, and setting targeted objectives to drive down risk.

Francesco Cipollone

blog