Credential compromises, risky resource configurations, vulnerable hosts and other threats continue to concern security professionals across industries. A recent report from Palo Alto’s Unit 42 threat research team outlines these and other cloud security issues. The report concludes that both cloud service providers and organizations that use cloud services are responsible for keeping security in check, although each has a different role.
According to the report, organizations overall are experiencing more frequent and devastating compromises of account credentials. The report found that 29 percent of organizations have potential account compromises due to failing to enforce multi-factor authentication, rotate access keys or revoke access when it is no longer needed. In addition to cracking down on these issues, the report recommends, organizations should forbid the use of root accounts for day-to-day operations and use machine learning to understand user and access key behavior baselines. Organizations should also monitor for deviations to detect account compromises or malicious insider activity.
The report found that while organizations are experiencing less cryptojacking attacks in the cloud, it is still a troublesome issue for about 11 percent of organizations. In fact, 26 percent of resources don’t restrict outbound traffic at all. For organizations battling cryptojacking, the report recommends strong network configuration hygiene and network monitoring.
And while managed container services in the cloud are becoming more popular, many organizations aren’t practicing basic security hygiene, which can make the Kubernetes pods vulnerable to attack. The report found that nearly half of organizations accept traffic to Kubernetes pods from any source. By applying network policies, security professionals can isolate the pods and enforce access control. Yet the team found that 46 percent of organizations have not applied the right network policies for their managed Kubernetes services, and that 15 percent don’t use Identity and Access Management (IAM) roles to control access to Kubernetes cluster. The report’s authors recommend implementing rigorous network and IAM policies to manage access to Kubernetes environments, and using native security or third-party tools to continuously monitor the environment to ensure compliance and runtime security.
These findings have a common theme, says Fernando Montenegro, senior analyst for information security at 451 Research. In general, they tend to result from not fully understanding that the cloud is a different beast.
“There are a number of potential issues that can be solved by understanding how the cloud is different,” he says. “First, IT professionals must take the time to make sure they understand how cloud architectures are different from traditional architectures and which security controls and best practices apply. Secondly, they should make sure they have good lines of communications with their development or DevOps teams to understand how they using cloud.”
The challenge, he says, is that, often, business is moving at such a fast pace that organizations don’t take the time they need to do that. But it’s critical, he says.
Palo Alto’s Unit 42 threat research group has its own advice. It outlines what it calls the Shared Responsibility Model, which divides up the responsibility and tasks for cloud security between cloud service providers and organizations themselves. Cloud service providers are responsible for updating their infrastructure and services, for example, while organizations are responsible for identifying and patching vulnerable hosts. This requires upgrading vulnerability scanning tools, since legacy tools typically can’t effectively identity and remediate vulnerable hosts in cloud environments. That’s important--the report found that 23 percent of organizations have hosts missing critical patches in the cloud.
It’s also the responsible of IT professionals within organizations to keep up in general, Montenegro says.
Cloud service providers are constantly releasing new security features into their offerings, hoping to help customers avoid these issues,” he says. “As customers better understand cloud models and leverage these features from the providers, things should improve. This is not to say that actual number of incidents will decrease, but that they may grow at a slower rate than how organizations adopt more cloud workloads. That would be a win.”