Rounding up the 2019 CSA Report on top Cloud Security Threats

Organizations are increasingly moving to the cloud, and many organizations have adopted multi-cloud infrastructures. As ever-growing amounts of sensitive data and functionality move to the cloud, cloud security becomes more and more vital to an organization’s cybersecurity.

The Cloud Security Alliance has recently released its 2019 list of the top threats to cloud security. This year, the CSA points to eleven “egregious” threats to organizations’ cloud security.

#1. Data Breaches

Unsurprisingly, the top security issue associated with the cloud is the data breach. As organizations move increasing amounts of sensitive and valuable data to the cloud, these cloud deployments become a target for cybercriminals. Since many cloud deployments are poorly secured, breaches of sensitive data stored in the cloud have become common.

#2. Misconfiguration and Inadequate Change Control

Misconfiguration issues are the leading cause of cloud data breaches. Cloud environments differ greatly from on-premises deployments, and organizations moving sensitive data storage to the cloud commonly fail to properly configure the security settings provided by their cloud service provider (CSP). As a result, sensitive data is exposed to anyone who knows where to look.

#3. Lack of Cloud Security Architecture and Strategy

When moving operations to the cloud, many organizations assume that their existing security tools, policies, and procedures will work the same as with on-premises deployments. However, the nature of the cloud means that organizations have reduced visibility into their infrastructure and must configure cloud-specific security controls provided by their CSP. A failure to develop a cloud-specific security strategy increases the probability that crucial controls and configuration settings will be overlooked, opening up the organization to attack.

#4. Insufficient Identity, Credential, Access and Key Management

The cloud is designed to be more accessible than an on-premises deployment. It lies outside of the organization’s network perimeter and is directly accessible from the Internet. As a result, access management on cloud deployments is even more important than for on-premises systems. Stolen or guessed user credentials can be used to gain direct access to cloud resources without passing through the organization’s network. A failure to implement strong access control and multi-factor authentication leaves organizations’ cloud resources wide open for an attacker.

#5. Account Hijacking

On the cloud, cloud service accounts and subscriptions have elevated permissions. An attacker who gains access to the credentials for these accounts may have full control over the applications and data contained within an organization’s cloud deployment.

As a result, these account credentials have become a common target for phishing attacks and attempted credential theft. If these attacks are successful, an account without multi-factor authentication enabled is completely under the attacker’s control.

#6. Insider Threat

58% of cloud security incidents are attributed to insider threats. In most cases, an employee is not acting out of malice but exposes the organization to attack through negligence. A common example of a security incident caused by employee negligence is setting a cloud deployment to “public” to remove the burden of explicitly providing access on an individual basis. This action makes the cloud resource available to anyone with the URL, and tools exist for scanning the Internet for these vulnerable deployments.

#7. Insecure Interfaces and APIs

Like all APIs, cloud APIs are designed to expose the inner functionality of a system to allow users to interact with it with minimal overhead. Failure to properly secure API access can leave a system open to attack as unauthorized users can perform bulk data collection or force the system to perform privileged or expensive operations.

#8. Weak Control Plane

The control plane in the cloud is designed to provide the cloud deployment’s owner with complete control over the operations of the cloud deployment. If an organization deploys cloud resources with a weak or non-existent control plane, then they do not have complete control over its operations.

#9. Metastructure and Applistructure Failures

The cloud metastructure or “waterline” is the place where the CSP’s responsibility for the infrastructure ends and the customer’s role begins. Many CSPs will provide customers with APIs to collect security data at this point to help fulfill their part of securing their cloud deployment.

Failures at this level can be caused by both parties. A CSP who does not properly secure API functions may be leaking sensitive information. A client who does not design their applications and security infrastructure for the cloud may not take advantage of this data and miss important security alerts.

#10. Limited Cloud Usage Visibility

This threat arises when an organization does not have complete visibility into the operations being performed on their cloud deployment. Legitimate users may be using unauthorized applications on an organization’s cloud deployment (aka shadow IT). Alternatively, legitimate applications may be used in malicious ways (i.e. SQL injection on legitimate databases). The inability to identify this misuse of cloud resources opens up an organization to attack.

#11. Abuse and Nefarious Use of Cloud Services

Cybercriminals are increasingly using cloud infrastructure to launch their attacks. Since these attacks come from the CSP’s domain, they may seem legitimate. Organizations need to deploy security solutions capable of looking past domain names and identifying whether traffic is benign or malicious.

Securing the Cloud

Most cloud security threats arise from a failure to use tools and processes designed to secure the cloud. By deploying cloud-specific security solutions, an organization can achieve the visibility and control necessary to secure their cloud investment.