Key Cloud Security Threats To Watch Out For In 2019

A recent Cloud Adoption and Risk Report from McAfee revealed that 21% of all data in the cloud is sensitive. This means such data contain personally identifiable information, email, policy-related data, personal health information, passwords, etc. With an uptake in the adoption of such cloud services, (McAfee puts it at 53%), it becomes important for enterprises and users to identify the key risk factors and take important steps to protect their data from unauthorised access.

Risky Collaborations

Cloud computing makes businesses agile. Being able to access data from anywhere means firms are now flexible enough to create products and manage applications from wherever possible. At the same time, it means business managers can share files and collaborate on many different projects. This degree of freedom, however, comes with a few potential security threats.

48% of files in a cloud are eventually shared by cloud users. Take applications like OneDrive, Office 365, Salesforce, and it is easy to estimate the sheer volume of data being shared. The problem here is that files are also being shared with persons or accounts with weak security credentials. For example, sharing links to data inside Dropbox puts that data into the hands of anybody with access to that link. This leaves sensitive information prone to illegal access and misuse if adequate security precautions are not taken. It is therefore important to understand the security implications of what data is being shared and with whom it is being shared.

Other equally vulnerable locations include online translation or file converting platforms (like word to PDF). Enterprises and users should read and understand the terms of service before proceeding to upload data for conversion. Does the platform own the data uploaded? How long does the data stay on their servers before it is wiped out? These are key considerations that should be factored into any decision to use such services.

Misconfigured Multi-cloud Services

Some 65% of organisations around the world use some form of Infrastructure-as-a-Service (IaaS), while 52% use Platform-as-a-Service (PaaS). Both PaaS and IaaS allow enterprises to leverage the benefits of cloud computing without incurring high capital expenditure in rolling-out same on their own premises. Research also suggests that businesses are using different forms of multi-cloud strategy that involves two or more of Amazon Web Services (AWS), Azure, or the Google Cloud Platform (GCP). This raises questions about the uniformity of cross-platform security. Simply put: are security configurations consistent across the different cloud platforms you use?

According to the McAfee report, enterprises using such multi-cloud strategy have 14 misconfigurations on average. Some of these relate to multi-factor authentication not being enabled on one of the cloud platforms, S3 bucket encryption turned off, unused security groups, and VPC flow logs being disabled. These cloud misconfigurations amount to about 2,269 incidents of attempted illegal access per month for each enterprise.

Worse still is the finding that many organisations have at least one S3 bucket with “open-write” permissions, making the bucket accessible and writable to the world. Organisations are also accessing these S3 buckets via corporate networks. The implications are astounding: anybody at all could inject malicious codes to modify the content of the cloud or steal information.

More Threats Rivaling Benefits

Cybercriminals are turning their attention to cloud services due to the amount of corporate data stored on such servers. The average enterprise now suffers more than 30 cloud-related security threats every month. A lot of these incidents, affecting 80.3% organisations at least once every month, comes from compromised accounts. In all, the McAfee report estimates that 92% of enterprises have their credentials up for sale on the Dark Web.

Aside the efforts of unauthorised third parties, insider threats are growing in cloud-related breaches. Insider threats come from intentional or unintentional actions by employees and affiliates that expose the corporate network to unauthoriszed access. A Research Assistant stealing intellectual property to sell to rivals before leaving a company is an example of malicious insider threats. Insider threats could also result from employees mistakenly sharing employee data with outsiders without taking appropriate steps to encrypt the data. About 94.3% organisations suffer at least one such incident each month.

Aside the potential effects of employee inaction, cloud threats also arise from the actions and inaction of top level executives. These privileged-user threats could occur if, for example, a network administrator performs administrator functions or accesses network resources using a low-level manager’s computer. Because of the potential amount of sensitive data they are naturally exposed to, privileged users have the potential to cause massive damages to a company’s cloud security if clear protocols are not maintained. 58.2% of enterprises face these threats 4.3 times each month.

Cloud Security is The Responsibility of Enterprises

There’s not much choice in deciding to use or not use cloud services. Cloud services have become an important part of business technology in this age. Not using them puts a business at a significant disadvantage. However, cloud security can and should be managed better with conscientious efforts in applying different layers of security solutions from reputable vendors like McAfee and Kaspersky in order to minimize the risks.

In conclusion, suffering more than 30 cloud threats every month is considered significant. With increased adoption of cloud services, enterprises both big and small must be proactive in checking their configurations, especially where they use multi-cloud strategy. Also, multi-factor authentication adds a level of protection against unauthorised third party access and should be incorporated into all cloud platforms. In addition to securing cloud servers, enterprises should not forget the endpoints on the corporate network. A provider of Saas/PaaS might offer its own security updates, but it is up to enterprises to take control of the security of their cloud servers.