When organizations migrate to the cloud, they don’t just benefit from the agility offered by cloud solutions. Several negative tensions are created, largely due to inexperience working with cloud solutions. This combination of benefits and tensions created several myths about the cloud which are still prevalent today.LEARN MORE >
The cloud itself is not inherently unsafe. When used properly, it is no less safe than a typical data center. Throughout the FireEye Mandiant incident responses conducted on public clouds, we have yet to see a case where the cloud infrastructure itself was exploited. Improper cloud configuration or vulnerable customer code has been discovered, but not flaws in the cloud provider’s code or infrastructure. In fact, 94% of small businesses have reported security benefits after moving to the cloud1.
Granting and administrating permissions to customize a cloud environment creates vulnerabilities which tend to be the cause of security issues for many organizations.
The term “cloud” includes the category of software as a service and virtually every organization uses some form of web service, whether it is for human resources, banking, shipping, content management, web hosting or any of the other activities that take place in a modern business. Even if organizational policy does not explicitly permit cloud services, or no overt evidence of cloud service usage exists, your organization may still rely on the cloud.
Under the shared responsibility model, the cloud tenant is the ultimate custodian of their data and is responsible for safeguarding it. The cloud provider ensures that the facilities are secure, the hardware is not compromised and the underlying software and operating systems of any services offered are secure. It is up to the customer to make sure that virtual machines are patched, applications are not vulnerable and permissions are appropriate.
Safeguarding the cloud consists of three high-level activities:
Protect credentials used to access resources and monitor for compromise
Be vigilant for and guard against misconfiguration
Centralize telemetry data for visibility to support security monitoring to audit trails
Since cloud providers won’t be intimately familiar with every organization’s line of business, it is ultimately the organization’s responsibility to verify that their data is secured.
Securing the cloud is not like securing a computer in someone else’s data center. Microseconds of hundreds or even thousands of computers are used to fulfil a simple request. Your file is not stored on just one server in a set location; it goes on dozens of servers. There are storage services, containers and other non-traditional services to consider in addition to more familiar virtual machines. These services may be comprised of hundreds or thousands of real servers spread across many data centers, all to fulfil a single service request.
The traditional data forensic analysis you used to do on a server still needs to happen—it just happens in a very different way. Additional visibility requirements and more planning are required to provide security controls and instrumentation around distributed and non-discrete computer offerings. These services may have an API to use, but the concepts of IP addresses and operating systems often don’t apply.
Attackers follow data. As data goes into the cloud, so will the attackers. Approximately one quarter of our Mandiant incident response engagements involves assets housed on a public cloud and almost all of them involve the public cloud in some way. The cloud does not hinder threat actors—they easily adapt their tools, tactics and procedures to compromise cloud accounts to get access to confidential data, steal computing resources and spy on targets.
The average organization can move more quickly and lower costs by moving to the cloud, but they should understand that anything of value they put there will be a target and they need to protect resources accordingly. This means they should not only implement basic best practices for cloud security, but also have their security operations ready to actively hunt down advanced attackers that pursue data into the cloud.
To learn more about cloud security, visit: www.fireeye.com/cloudLEARN MORE >