The Egregious 11: Examining the Top Cloud Computing Threats

July 9, 2020 Justyna Kucharczak

Cloud Security

Each year, the Cloud Security Alliance (CSA) releases its “Top Threats to Cloud Computing” study to raise awareness of key risks and vulnerabilities in the cloud and promote strong security practices.

The latest edition, The Egregious 11, ranks the top eleven cloud threats and provides recommendations for security, compliance, risk and technology practitioners. This installment reflects the widespread surge in cloud use and overall maturation in organizations’ understanding of cloud environments. However, it hints at continued over-reliance on cloud vendors to protect workloads, a troublesome trend we also observed in the CyberArk Global Advanced Threat Landscape 2019 report.

The CSA recorded a drop in rankings of traditional cloud security issues under the responsibility of cloud service providers – such as denial of service, shared technology vulnerabilities and CSP data loss – suggesting these issues are less of a concern for organizations than in years past. The biggest threats now come from issues like misconfigurations and insufficient identity access management where the customer is solely responsible for security.

As organizations utilize the cloud to enable remote work and accelerate digital transformation, there is a need to understand where potential security risks exist and address them head on. Here’s a look at five of the “Egregious 11,” along with steps organizations can take to strengthen their security posture. To explore all 11 cloud security challenges, along with CSA recommendations, check out the full study.

 Data Breach

With the average total cost of a data breach now at $3.92 million, it’s unsurprising this is ranked as the number one cloud threat. Cyber attackers are after data – particularly personal information – and data accessible via the Internet is the most vulnerable asset to misconfiguration or exploitation. As more data shifts to the cloud, effectively protecting it begins with the question, “Who has access to this?”

 Misconfiguration and Inadequate Change Control

Misconfigurations – including granting excessive permissions or unchanged default credentials – occur when computing assets and access are set up incorrectly. Misconfiguration of cloud resources is a leading cause of data breaches and can result in deleted or modified resources and service interruptions. The dynamic nature of the cloud makes traditional change control approaches for proper configuration extremely difficult.

To overcome cloud misconfiguration maladies, the CSA urges organizations to embrace automation tools that can continuously discover issues like unmanaged privileged accounts and instances to prevent misuse.

Insufficient Identity, Credential, Access and Key Management

The cloud introduces a host of changes and challenges related to identity and access management (IAM) and particularly to privileged access management (PAM), since privileged credentials associated with human users as well as applications and machine identities are exceptionally powerful and highly susceptible to compromise in cloud environments.

Once an attacker obtains privileged credentials, they can gain full access to sensitive databases, or even to an organization’s entire cloud environment. Attackers know this. Many recent attacks targeting IaaS and PaaS environments have exploited unsecured credentials, resulting in cryptojacking, data breaches and destruction of intellectual property and other sensitive data.

The CSA stresses the need for strict IAM controls for cloud users and identities including following the principle of least privilege to protect privileged access to high-value data and assets. It also notes that cloud access keys (e.g., AWS access keys, Google Cloud keys and Azure keys) must be rotated and centrally managed, while unused credentials or access privileges are removed.

Account Hijacking

Using phishing methods, vulnerability exploitation or stolen credentials, malicious attackers look for ways to access highly privileged accounts in the cloud, like cloud service accounts or subscriptions. Account and service hijacking means full compromise: control of the account, its services and the data within. The fallout from such compromises can be severe – from significant operational and business disruptions to complete elimination of organization assets, data and capabilities.

To protect against account hijacking, the CSA recommends defense-in-depth and strong IAM and PAM controls, such as credential lifecycle and provisioning management and segregation of duties.

Insider Threats

Malicious insiders can be current or former employees, contractors or other trusted third parties who use their access to act in a way that could negatively affect the organization. Since insiders have legitimate access, pinpointing potential security issues can be extremely difficult and remediating incidents can be costly. According to the Ponemon Institute’s 2020 Cost of Insider Threats Study, the average global cost of insider threats rose by 31% in two years to $11.45 million and the frequency of incidents spiked by 47% in the same time period.

Whether it’s a privileged user abusing their level of access or inadvertently misconfiguring a cloud resource, having a PAM program in place to protect from these insider abuses is paramount.

 Don’t Be An Egregious Offender. Secure Your Cloud with PAM

The cloud has fundamentally changed the notion of privilege. Now, even ordinary user credentials in the cloud and DevOps environments can hold as much power as administrator-level credentials do for other types of systems. Add in a complex and highly dynamic mix of machines and applications and the privilege-related attack surface grows dramatically.

Poor cloud security practices will inevitably lead to a breach or failed audit and force organizations to slow down – something that simply isn’t an option in the always-on, ultra-competitive digital era.

Strong privileged access controls help ensure that humans, applications and machines have only the necessary levels of access to sensitive applications and infrastructure to do their jobs and that activities occurring within the cloud environment aren’t risky (or if they are, privileged access controls enable SecOps teams to take swift action).

 If you’re looking for more in-depth guidance beyond the CSA’s initial recommendations, tap into these actionable steps for protecting privileged access in cloud environments.

Previous Article
Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing
Masking Malicious Memory Artifacts – Part I: Phantom DLL Hollowing

Introduction With fileless malware becoming a ubiquitous feature of most modern Red Teams, knowledge in the...

Next Article
Cyber Attacks in the Pandemic Era: More of the Same  
Cyber Attacks in the Pandemic Era: More of the Same  

Since COVID-19 began to spread rapidly across the globe, we’ve seen near-constant headlines of cyber attack...

Check out our upcoming webinars!

See Webinars