Cloud Computing Threats

CYB 405
Lecture - 2
Cloud security

• Cloud security refers to the set of practices, technologies, and policies designed to
protect cloud-based resources, data, and infrastructure from unauthorized access,
data breaches, and other security threats
• It involves implementing measures to ensure the confidentiality, integrity, and
availability of data stored in the cloud, as well as the security of cloud-based
applications and services
Important Factors to consider in Cloud Security

• Data Protection: Ensuring that appropriate data encryption, access controls, and
data backup mechanisms are in place to protect sensitive information stored in the
cloud.
• Identity and Access Management (IAM): Robust IAM controls, including strong
authentication mechanisms, role-based access controls (RBAC), and multi-factor
authentication (MFA), to ensure authorized access to cloud resources
• Compliance and Regulatory Requirements: Ensuring that the cloud provider
adheres to relevant compliance standards and regulations specific to your industry,
such as GDPR, HIPAA, or PCI-DSS
• Security Monitoring and Logging: Implementing monitoring and logging
capabilities to detect and respond to security incidents, as well as meet audit and
compliance requirements
• Incident Response and Recovery: Having well-defined incident response plans and
procedures to quickly address and recover from security breaches or disruptions
• Provider Security Capabilities: Evaluating the security practices, certifications, and
track record of the cloud service provider to ensure they meet your organization's
security requirements.
Threats to Cloud Security
• The high volume of data flowing between organizations and cloud service providers
generates opportunities for accidental and malicious leaks of sensitive data to
untrusted 3rd parties
• Human error, insider threats, malware, weak credentials and criminal activity
contribute to most cloud service data breaches
• Malicious actors, including state-sponsored hackers, seek to exploit cloud service
security vulnerabilities to exfiltrate data from the victim organization’s network for
profit or other illicit purposes
• In general, the features that make cloud services easily accessible to employees and
IT systems also make it difficult for organizations to prevent unauthorized access
• However, the security challenges introduced by cloud services have not slowed the
adoption of cloud computing and the decline in on-premise data centers
• As a result, organizations of all sizes need to rethink their network security protocols
to mitigate the risk of unauthorized data transfers, service disruptions and
reputational damage.
Threats to Cloud Security

• Cloud services expose organizations to new security threats related to

authentication and public APIs
• Sophisticated hackers use their expertise to target cloud systems and gain access
• Hackers employ social engineering, account takeover, lateral movement and
detection evasion tactics to maintain a long-term presence on the victim
organization’s network, often using the built in tools from the cloud services
• Their goal is to transfer sensitive information to systems under their control
Common Cloud Security Threats

• Cloud services have transformed the way businesses store data and host applications while
introducing new security challenges
• Identity, authentication and access management – This includes the failure to use multi-
factor authentication, misconfigured access points, weak passwords, lack of scalable identity
management systems, and a lack of ongoing automated rotation of cryptographic keys,
passwords and certificates
• Vulnerable public APIs – From authentication and access control to encryption and activity
monitoring, application programming interfaces must be designed to protect against both
accidental and malicious attempts to access sensitive data
• Account takeover – Attackers may try to eavesdrop on user activities and transactions,
manipulate data, return falsified information and redirect users to illegitimate sites
• Malicious insiders – A current or former employee or contractor with authorized access to
an organization’s network, systems or data may intentionally misuse the access in a manner
that leads to a data breach or affects the availability of the organization’s information
systems
• Data sharing – Many cloud services are designed to make data sharing easy across
organizations, increasing the attack surface area for hackers who now have more targets
available to access critical data
• Denial-of-service attacks – The disruption of cloud infrastructure can affect multiple
organizations simultaneously and allow hackers to harm businesses without gaining access
to their cloud services accounts or internal network
Two avenues of attack to compromise cloud resources
• Attackers have two avenues of attack to compromise cloud resources
• The first is through traditional means, which involves accessing systems inside the enterprise
network perimeter, followed by reconnaissance and privilege escalation to an administrative
account that has access to cloud resources.
• The second involves bypassing all the above by simply compromising credentials from an
administrator account that has administrative capabilities or has cloud services provider (CSP)
administrative access.
• When a main administrative account is compromised, it is far more detrimental to the security of
the cloud network
• With access to an administrative account, the attacker does not need to escalate privileges or
maintain access to the enterprise network because the main administrative account can do all
that and more.
• How can the organization properly monitor misuse of CSP administrative privileges?
• The Microsoft Cloud Solution Provider Program (CSP) enables partners to directly manage
their entire Microsoft cloud customer lifecycle. Partners in this program utilize dedicated in-
product tools to directly provision, manage, and support their customer subscriptions.
• It is no longer enough to identify a suspicious login attempt to protect your cloud network.
Modern day, sophisticated hackers are able to access an account through social engineering
exploits, such as phishing. It is now essential to monitor the behavior of accounts that are already
logged into and detect any suspicious activity.
Cloud Security Posture Management

• Cloud Security Posture Management (CSPM) refers to the practice of

continuously monitoring and managing the security posture of cloud
environments
• It involves assessing the security configurations, policies, and practices of cloud
resources to identify and remediate potential security vulnerabilities and
misconfigurations
• Cloud Services Provider Management (CSPM) tools automate the process of
evaluating the security posture, providing visibility into cloud infrastructure and
recommending remediation actions.