As a managed service provider (MSP), our security analysts work with customers that have a mix of on-site, public cloud, private cloud or colocation (colo) resources – all of which need to be protected in a consistent, visible and unified fashion. According to the Cloud Security 2017 Spotlight Report (1) by Crowd Research Partners, nearly a third (30%) of organizations plan to partner with a managed service provider while 20% will look at security-as-a-service providers for 24x7 security monitoring. TierPoint provides both these services.
What cloud data security concerns have you worked with your managed services provider to prioritize in 2018? I recommend starting with these 5 threats:
Shared technology vulnerabilities
As a customer of a cloud service provider, you are typically choosing to share infrastructure, platforms or applications with other customers. The provider’s underlying infrastructure should, but may not, provide strong isolation between customers in a multi-tenant infrastructure (IaaS), platform as a service (PaaS) or software as a service (SaaS) solution.
A vulnerability or misconfiguration in a shared platform component such as a hypervisor (2) can allow an attacker to compromise the cloud data security of many or all customers of that provider’s cloud service at once, resulting in a data breach, for example.
Rigid processes around shared infrastructure management are needed for cloud data security. Best practices around client implementation and data management help protect against shared technology vulnerabilities. In addition, routine vulnerability and compliance-focused scanning of internal service delivery and client-facing resources is needed.
Distributed denial of service
A DDoS attack overwhelms a network, website or application with junk traffic, usually provided by a botnet on infected computers or Internet devices. One high profile example occurred in October 2016, when an assault on Internet DNS company Dyn brought down not only Dyn but other major websites throughout the U.S. and Europe.
A DDoS attack can also provide cover for data theft or malware infection, threatening your cloud data security. For example, Carphone Warehouse was hit by a flood of online traffic while hackers simultaneously stole customer financial details.
Unfortunately, a DDoS attack is cheap to launch and can last for hours or days. A week-long attack capable of taking offline a small organization can be purchased on the Dark Net for as little at $150, according to the Digital Attack Map (3), a listing of the top daily DDoS attacks.
Web API hacks
Web services interfaces, aka web APIs or application programming interfaces, provide developers – and hackers – with control over a cloud application. Legitimate uses of web APIs are integration, management, monitoring, provisioning and other cloud services. Illegitimate users imperil cloud data security and may obtain access to sensitive data, disable servers, change application configuration settings, and siphon off cloud resources to launch other attacks.
Data security around cloud APIs is often weak. A 2017 report by RedLock (4), Cloud Infrastructure Security Trends, found that 40% of organizations using cloud storage services had inadvertently exposed one or more such services to the public.
For better cloud data security, cloud services APIs should be accessed via encrypted keys, which are used to authenticate the API user. Both the developer and the cloud provider should store their keys in a secured file store or hardware device.
According to the FBI, there were 4,000 ransomware attacks per day in 2016, a 300% increase over the previous year. In 2017, WannaCry ransomware crippled data at companies and government agencies worldwide, including an attack on pharmaceutical maker Merck that knocked out its manufacturing and formulation operations, and a month later continued to disrupt its ability to fulfill orders.
Ransomware can come from multiple sources: an infected email, video, PDF or website, a connected device or even a password hack. Cisco’s 2017 Midyear Cybersecurity Report (5) finds that cybercriminals are returning to email attachments – seemingly innocent Word and PDF files with malicious macros – to avoid detection by improved security.
Ransomware encrypts anything attached to the infected computer, so backups should be on a cloud or other separate system.
Advanced persistent threats
Stealthy advanced persistent threats (APTs) can gain a foothold in a computing infrastructure and ex-filtrate data and intellectual property for financial gain or cyber-espionage over an extended period of time – possibly for months or years. An APT is typically difficult to detect and may evolve its defenses. The data exfiltration may not stand out from normal network traffic.
APTs get into systems, including cloud services, via techniques such as spear phishing, direct hacking, attack code on USB devices, penetration through partner networks, and the use of unsecured or third-party networks, according to the Cloud Security Alliance’s The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights.
Advanced security controls and rigid process management are key to defending against this threat to cloud data security.
About our managed security services
TierPoint takes a consultative approach to managed security services for our clients. We can help you improve cloud data security in many ways, including security certification services, threat management services, firewall services, DDoS mitigation services and encryption services.
Brian Anderson is Director of Security Product Management at TierPoint where he is responsible for the care and upkeep of the Managed Security services portfolio. Brian brings 20+ years of experience leading product management and engineering teams focused on building and delivering advanced Cybersecurity, Risk, and Threat Intelligence services on a global scale. While he is currently based in suburban Philadelphia, he’s never far from the InfoSec frontlines.
(1) Cloud Security: 2017 Spotlight Report by Crowd Research Partners
(2) The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights by Cloud Security Alliance
(3) Digital Attack Map website
(4) Public Cloud Infrastructure Security Trends by RedLock