Cloud is like a glass house with multiple access points

Read time 3min 30sec

The number-one concern for organisations in the public cloud is suffering data loss, and 66% of all cloud security incidents are as a result of security misconfigurations, according to IT security firm Sophos.

Sophos’ public cloud senior product marketing manager, Richard Beckett, says this can be alleviated by being involved in the development of cloud infrastructure from the onset or by ensuring an understanding of the shared responsibility model. He was speaking during an ITWeb cloud security webinar held in partnership with Sophos.

“Criminals are ready and waiting to take advantage of security shortcomings, and this is underlined by recent Sophos findings that 70% of companies hosting in the cloud suffered an attack in the last year.” Over 3 500 IT managers were surveyed between January and February this year.

Beckett likes to think of security as buildings: “Traditional security is a structure with just one door to it; all traffic goes in and out at one point; it’s well protected by server agents, firewalls... We’re used to this model. But in the cloud, we blow that whole concept out the water.” 

He compares cloud security to a glass house with multiple access points. “It widens the surface area for attacks and you only need one misconfigured point to make all your information accessible.

“An attacker only needs to run an automated scan against public cloud infrastructure, find a misconfigured resource and once they’ve connected to it, they can take off with what they’ve found.”

He adds that good use cases are important to help organisations understand how to properly secure the public cloud environment. “This is where the shared responsibility model comes in. Organisations might believe there’s no need to secure cloud data or that the chosen service provider will do it for them. You want to spend time understanding what you’re responsible for.” Using this model gives businesses an overview of where the security gaps are by showing the whole estate and how it is managed, especially with multiple providers.

Responding to an audience question on the most common weaknesses of the shared responsibility model, Beckett says it’s the lack of understanding of who's responsible for securing what and that the sudden lockdown from the COVID-19 outbreak forced many businesses to migrate to cloud operations without being prepared for a migration.

Secure your cloud blind spots

“In a world of on-prem, centralised security, you have complete control of the configurations, which makes it easier to track security challenges. But when moving to the public cloud with its decentralised models and where multiple users can access it, it only takes one misconfiguration to compromise the whole network,” says Beckett.

“Cloud Optix (Sophos’ AI-powered cloud infrastructure security platform) also acts as gatekeeper in the devops process, ensuring that only securely configured infrastructure is built. Then we extend the detection response to pick up insecure deployments throughout the cloud life cycle.”

According to Sophos’ The State of Cloud Security 2020 research carried out earlier this year in 26 countries (including South Africa), 33% of organisations are attacked through stolen credentials. Beckett mentions the spate of `spray and pray’ attacks where a group of hackers targeted a large number of sites with an Amazon S3 bucket vulnerability, altering their code in the hope of accessing users’ credit information.

Sophos’ Cloud Optix visualises the security estate to show relationships between IAM roles, IAM users, and services while read-only access is configured by the installation scripts, allowing platform monitoring and analysis by tracking event and flow logs.

Sophos is offering a complimentary assessment and security check. The 30-day trial includes scans for security gaps and comprehensive cloud-inventory management.

See also