The SophosLabs 2020 Threat Report explores some of the major changes in the threat landscape that emerged over the last year in cloud computing. These will continue to impact cybersecurity in 2020.
The very thing that makes the cloud a great platform also creates some of its greatest security challenges. The past decade has seen the emergence of the cloud as the platform for storing and processing large volumes of data. But along the way, some businesses have found that pouring all their information into a virtualised data store led to inadvertent data breaches. Sometimes in the most public and damaging ways possible.
According to Andy Miller, senior director of global public cloud at Sophos, flexibility is the name of the game in cloud computing. With very little effort, it is possible to toggle on or off resources as needed. This makes it easy for businesses to scale up computing power to suit the needs of their clients or customers. But when it comes to securing the cloud, all that flexibility and ease can come back to bite you later.
Also, if an organisation’s applications residing on the cloud are compromised, the security threats can trickle down to employees’ and other end-user devices like POS machines. Travelex, the foreign exchange service, has asked staff to return their laptops for evaluation and has instructed employees to use their personal mobile phones as it recovers operations after the ‘Sodinokibi’ malware attack. The incident also disrupted employees’ ability to access the company’s HR system.
In 2020, Miller believes, little missteps will lead to big breaches in the cloud.
The greatest vulnerability for cloud computing is simple misconfigurations. This isn’t usually deliberate since the platforms themselves are so complex. It is often difficult to understand the ramifications or consequences of toggling a specific setting.
Large data breaches involving misconfigured cloud computing storage have hit companies like Netflix and Ford. A cloud backup provider used by them inadvertently left a massive storage repository – data lake – open to the world.
Lack of visibility
Lack of visibility further obfuscates situational awareness. Cloud platforms are so complex and change so frequently. The inability to closely monitor exactly what an organization’s machines are doing is hugely problematic.
Criminals know this and have been attacking cloud computing platforms for precisely this reason. They can get away with doing bad things in a cloud instance, for a longer time. Because the owners of those instances can’t immediately see that something is amiss.
It is critical that organisations re-evaluate their cloud and security strategies. Protecting data stored in the cloud requires a very different toolset because the threat model is quite different from those of workstations or servers.