In the wake of COVID-19, the world had to acknowledge that the cloud was here to stay. Businesses all around the world needed to make snap decisions – what kind of technology is necessary to keep us afloat?
With the number of companies rapidly adopting SaaS tools and cloud computing solutions to keep their businesses going throughout the pandemic, protecting the cloud and cloud applications became a top priority. And while incredibly useful tools such as Zoom and Slack revolutionized the way that we do business, they also brought a swathe of security issues with them. How can we ensure that business in the cloud is as secure as a business on the ground?
Understanding the differences between responsible cloud and non-cloud application security is essential. With the market worth of cloud application services expected to reach over $140 million in the next few years, failing to appropriately plan could be disastrous for businesses that are placing their trust in this cutting-edge technology.
Conventional App Security Tactics
Some of the problems that come with non-cloud application development are still true for cloud-based projects too. Challenges such as misconfiguration and account hijacking are an eternal threat for developers, but these challenges become magnified when they are moved onto the cloud.
Misconfiguration
Poorly configured applications are easy pickings for would-be threat actors. With 42% of outside attacks coming from software flaws and 35% coming from compromised web applications. Weak development processes are prime hunting grounds for hackers to pick apart and dive into the tender underbelly of your organization.
The Insider Threat
A disgruntled employee is not just bad for morale, but potentially dangerous for application security. Even the best application security processes can be unwound by an angry insider threat, determined to attack the business.
Managing insider threats in a closed perimeter security system is not easy, but creating baselines of performance and effective man-management processes are the best way to fight off grumpy individuals.
Hijacked Accounts
The easiest way to gain access to a well-secured system is to hijack a legitimate account. Gaining access to the necessary credentials to access said account is the hard part, but there are numerous ways in which malicious actors could gain them.
Phishing. Phishing attacks are the most common cyber-attack – in 2020, there were almost 250,000 separate phishing incidents across the United States. By tricking non-tech-savvy individuals to send out their log-in details, phishers can gain access to a system and release harmful malware.
Credential stuffing. When a data leak happens, employees who reuse passwords become a serious security risk. Leaked credentials can be stolen by hackers and then used to brute force a variety of websites – potentially including your cloud solution.
Malware. Drive-by malware infections, macro virus attacks, and Trojan horses can all catch even the most security-minded surfer off guard. Innocent surfing can quickly turn into an infection that leaks credentials to the internet (through RDP attacks or keyloggers), leaving the duped party with a hijacked account.
Are Conventional Defenses Suitable In The Cloud?
Because managing a cloud is so different from managing on-premise security, older defenses are now less effective. Trying to fit the broad needs of the cloud into previously successful security models will not work.
As cyber-crime continues to rise to new heights, now is the time to adopt new protocols that both ensure the overall security of an organization as well as a better understanding of how the cloud works.
How Has The Cloud Changed Application Security Techniques?
Shared Links and InfoSec
If you happen to use the most popular cloud-based document sharing platform in the world, you will know that you can share links to your work with pretty much anyone. This includes sending links that allow anyone to access the documents.
While this can be majorly convenient, it makes managing information extremely difficult. Hackers don’t need to hack anymore. They could poison a watering hole or use social engineering tactics to gain access to a link, creating holes in your secure environment.
Defense. A wayward link can be almost impossible to deal with when it is out there, but creating policies around your data at rest can reduce the chances of these unnecessary leaks. Stopping these links from spreading by disallowing them is a top priority.
Solution. Microsoft advises that you understand, classify, and protect sensitive data to stop exposure and leaking. Building automated processes into your security policy and your cloud app to stop “anyone can access” links is the first step.
Insider Man On The Outside
An insider who is working against your company’s goals is a severe problem. But when you move data onto the cloud, there is no such thing as an insider anymore – all data is stored outside the bounds of your security perimeter.
Because all individuals are now possible inside attackers, taking time to identify threats is key. Organization-wide education of end-users is necessary to stop human error as much as possible, as well as creating a baseline for expected behavior from your employees.
Defense. Identify weak points in the business’s security perimeter and secure them as much as possible. Virtual machines and containers in particular need special attention from SecOps and DevSecOps teams.
Solution. Apply the principle of least privilege whenever necessary as well as limit the permissions of outside applications.
Shadow IT
Defined by McAfee as any IT projects that are managed outside of and without the knowledge of the IT department, Shadow IT occurs in organizations with poor application control. Whereas a wayward app might be installed locally in an office situation, the cloud opens up the possibility of sapping a huge amount of resources at very high costs.
This can include onboarding trustworthy apps that become compromised and start to become mouthpieces for nefarious activity such as botnets or crypto-jacking.
Defense. Understanding the processes that do and should occur in your organization are key. What level of activity should we expect from our SaaS programs? What risks can we identify when we see activity that deviates from our expectations?
Solution. Use Cloud Discovery technology to identify what apps and processes are actually in your cloud infrastructure. Identifying shadow IT processes (as well as malware that is hampering your applications) and removing them from your organization will then allow you to return to baseline performance.
Container Vulnerabilities
Although containers offer a range of useful features, they come with a range of security issues. Even the biggest names on the market today can be riddled with vulnerabilities that make security analysts nervous.
A development team with a container-heavy approach to work may uncontrollably spin up vulnerable environments that need to be addressed. Having a centralized policy of how containers are used and the appropriate security policies for dealing is necessary.
Defense. Stopping containers from becoming weak points in the organization’s security setup. Minimize the attack surface and educate your team as much as possible.
Solution. Patch and restrict the use of containers, especially in the way they are spun up and closed. Creating safe environments (such as virtual machines to house the containers) can effectively stop container sprawl.
How Do These New Techniques Improve The Situation?
Cutting down on shared links, container vulnerabilities, human error, and identifying shadow IT in your infrastructure will change your cloud infrastructure from a potential hotbed for wasted processes and malware. Instead, it will be an efficient cloud that is scalable, secure, and compliant.
After the initial stage of cloud adoption, there is no reason not to onboard application security processes. Application analysis, shadow IT identification systems, and better end-user education will allow your cloud security processes to mature and for you to make your remote applications just as secure as your local ones.
AppSec Phoenix can seamlessly add your cloud to the assets it defends, meaning that you can scan, orchestrate, analyze, and build reports about your infrastructure. Expanding your non-cloud defenses into the cloud is now easier than ever – one unified piece of software to secure your organization.
