As the world moves to a cloud-centric and hybrid cloud environment, businesses must acknowledge that their cloud-security strategy, policies, and processes must be as robust as in a traditional on-premises environment, especially for remote workforces.
Cloud networking has changed the way everyone thinks about computing more than any other breakthrough in the last 15 years. It has allowed businesses to swiftly establish an online presence, scale as demand fluctuates, and offer the framework for a remote workforce in the post-COVID environment. This convenience, however, hasn’t come without its drawbacks. The rush to “move to the cloud” has frequently presented enterprises and their users with a new set of data-privacy and security concerns.
Pre-built virtual machine (VM) images featuring unpatched vulnerabilities, malware, overly permissive firewall settings, and even coin miners are overflowing in cloud marketplaces. Cloud providers don’t take a proactive approach to breach/compromise monitoring, and in many situations, they won’t even pass on notifications from external researchers to their clients.
Need for a proactive stance towards security
A major issue nowadays is that cloud providers are not adopting a proactive approach to breach/compromise monitoring and, in many cases, do not pass on information from external researchers to their clients.
While cloud providers cannot be held responsible for all security decisions made by their clients, their approach is mostly focused on selling more security tooling, and reports of breached VMs discovered by external security researchers are frequently dismissed as unactionable.
As a result, hundreds, if not thousands, of virtual machines can be hacked in coordinated attack campaigns and stay vulnerable for weeks or longer if the client is unaware. Furthermore, customers are usually unaware that they’ve been exposed to the internet or that a security breach has occurred – and that’s only in the rare occasions where consumer notifications were sent out.
Data security and privacy
Unsecure NoSQL databases have been the source of several data leaks and privacy issues, in addition to the risk of compromise. In late 2019, Microsoft accidently exposed 250 million customer records due to an insufficiently secured Elasticsearch instance, and these issues continue to occur on a regular basis around the world.
Data breaches from enterprises with rigorous data security standards, privileged access, encryption-at-rest, and limited internet accessibility to critical information are frequently caused by third-party data aggregators. According to the latest data from Risk Based Security’s “Data Breach QuickView” study, the number of records exposed increased to a staggering 36 billion in 2020 alone.
Data breach notifications
Cloud providers should also take a considerably more aggressive and proactive approach to customer security, notifying them of breaches and isolating virtual machines within subscriptions when a breach is identified.
There are third-party monitoring services that give real-time detection of automated scanning on the internet, as well as others that enable real-time detection of malware beacons emitted from clouds, both of which providers are reluctant to use.
Also Read: Four Factors to Consider when hiring an MSSP
It’s impossible to say whether the enormous disparity is due to dramatically different client sizes or major changes in security posture, but it does highlight the fact that cloud customers are being hacked in large numbers, and these issues are going unaddressed.
Therefore, it is crucial that cloud providers should give notifications to clients within minutes or hours of a compromise by utilizing external systems against their internal subscriber-to-IP address databases, allowing enterprises much-needed time to respond, discover, and eject intruders before it is too late.