Given the need to create and develop systems that assist in the processes, infrastructure, and business of organizations, cloud computing and virtualization are now part of the reality of most companies.

The downside of these technologies and advances is data exposure and inappropriate access, resulting from a number of factors that pose a challenge to your management, such as: misconfigurations, credential leaks, and unsecured development.

Attackers take advantage of these issues and hack into the infrastructures of companies around the world, extracting documents and demanding payment for not leaking such information, as in the cases of growing ransomware in which hackers leave companies non-functional or partially inoperable.

Safety and Concerns

Several organizations have adopted cloud computing to varying degrees in their business, especially during the pandemic period, significantly accelerating their use of public Cloud Infrastructure and Platform Service providers in order to scale and become more agile.

These efforts were necessary to support remote working, boost business, and understand the increasing hacker attack surface in the corporate environment.

However, with this adoption comes the need to ensure that the organization's cloud security strategy is capable of protecting against key threats.

This scenario is borne out by the Global Cyber Risk Index (CRI). According to the study, when it comes to IT infrastructure, organizations are most concerned about remote employees and cloud computing, with a score rated "high risk" for hacker attacks. U.S. organizations put their cloud computing risk score at 9.87, out of 10.

This demonstrates the ongoing challenge for companies in securing digital investments. The survey also revealed that 76% of global organizations believe they will be successfully attacked in the next 12 months.

And it doesn't stop there! In a survey conducted by Checkpoint, companies answered what they are most concerned about when using cloud computing:

1. Misconfiguration;
2. Unauthorized Access;
3. Insecure Interfaces;
4. Account Hijacking.

1. Misconfiguration

Lack of visibility into the complete infrastructure and familiarity with security controls in cloud environments are relevant points when it comes to this issue. Many organizations migrate their infrastructure to the cloud and find it challenging to perform the proper security configurations, making them a target for exploitation by threat actors.

2. Unauthorized Access

As an attack vector on the rise in recent attacks, enterprises are at risk when credentials are leaked and used to improperly access systems by threat actors, as well as using default or even incorrect configurations that allow such access. Unlike a local infrastructure, the cloud environment is outside the network perimeter and can be accessed directly over the Internet, thus facilitating the exploitation of this vector.

3. Insecure Interfaces

The interfaces for user access and APIs are also targets for attackers, who act maliciously by analyzing how vulnerable a particular application interface may be and also take advantage of data exposure of certain APIs, as well as weaknesses in their implementations.

4. Account Hijacking

Many people have extremely weak password security and use the same combination on several other systems. This is an extremely serious issue, as an attacker with an employee's credentials can access sensitive application or server data or functionality. Furthermore, in the cloud, organizations often do not have the ability to identify and respond to these threats as effectively as on-premises infrastructure.

Also according to the research, Microsoft Azure and AWS are at the top of cloud services, which is why they are so highly studied by attackers as a way to identify the weakest points susceptible to intrusion. Many companies use more than one cloud service provider, further broadening the spectrum of options for an attacker to exploit according to their skills.

Virtualisation

As a way to have centralized visibility and simplified management of hosts and servers, many organizations also use virtualization. However, virtualization is also a big target for attackers and requires very well enforced security controls, as a successful attack on one virtual machine can infect all virtual machines on a physical server - meaning the extent of the attack can be very large.

Just like applications and software, virtualized environments need to have security patches installed extremely quickly in order to have an infrastructure that is more resistant to possible attacks.

While the facilities of a hybrid or full cloud infrastructure are a great advantage for enterprises, one must keep in mind the need to protect this environment, know it in its entirety and have full visibility so that this expansion of technological services is secure against possible attacks.

Recommendations

Security of cloud systems is a very challenging factor.

Below are some questions that will steer your efforts in the best direction if a cloud environment already exists in your organization:

• Is there a vulnerability management process, especially of your assets published on the Internet?
• Are the cycles of vulnerability scans respected?
• Are there effective actions within the SLA/SLO for the treatment of vulnerabilities?
• Has an assessment been done to discover your "Attack Surface"?
• If this assessment was performed, has an action plan been created to mitigate the issues pointed out?
• Is there a password vault and a process for correct use of administrative accounts and automated change of these passwords?

In case the cloud environment is not yet a reality, but is intended to be in the future, it is interesting to first follow some steps, such as:

Develop a strategy

You first need to assess the objective of the migration. This will help establish the key performance indicators (KPIs) of migrating to the cloud, such as page load times, response times, availability, CPU usage, memory usage, etc.

Identify the right applications

Not all applications are cloud-compatible. Some perform better in private or hybrid clouds than in a public cloud. Some may need minor adjustments, while others need detailed code changes. A complete analysis of architecture, complexity, and implementation is easier to do before migration than after.

Having a good cloud provider

A key aspect of optimization will involve selecting a cloud provider that can help guide the migration process during your transition and beyond.

Maintain data integrity and operational continuity

Managing risk is critical, and sensitive data can be exposed during a migration to the cloud. Post-migration validation of business processes is crucial to ensure that automated controls produce the same results without disrupting normal operations.

Execute Cloud Migration

Migrating to the cloud will depend in part on the complexity and architecture of your applications and the architecture of your data. You can move your entire application, run a test to see if it works, and then switch your traffic. Alternatively, you can take a more piecemeal approach, testing the cloud environment slowly and using it fully when validations are complete.

In addition, CISA has created the Cloud Security Technical Reference Architecture to guide U.S. government agencies as they continue to adopt cloud technology and addresses issues such as:

• Cloud Deployment
• Adaptable Solutions
• Secure Architectures
• Development, Security and Operations (DevSecOps)
• Zero Trust

Additionally, secure development is strongly recommended; password care such as: reuse, leakage and complexity; as well as efficient vulnerability management.

References:

1. Checkpoint
2. Gartner
3. RedHat
4. VmWare
5. CISA
6. IBM