The shared responsibility model is one you may be familiar with if you’re working in the cloud. Using the cloud and having your cloud provider take care of all your security needs may lead you to believe that you are safe, but this isn’t always the case. While your cloud provider oversees some aspects of security, you are also in charge of others, which is why the model is shared.
Vulnerability management in the cloud: Why it’s still important
It’s common for the DevOps team to take control of the cloud infrastructure, preventing the security team from seeing what’s happening in real-time. There is no single approval process when something is deployed into production, so even if security is visible, it can be difficult to manage.
In this case, the cloud service providers aren’t to blame. Security of the core infrastructure is the only thing your cloud provider must do on your behalf (the hardware and firmware). Infrastructure such as Amazon EC2 instances and virtual machines are your responsibility. As a result, let’s see how you do it.
Risks and Vulnerabilities in Cloud Migration
Cloud-based services continue to be used to develop new applications or migrate existing ones. A major part of the federal government’s IT modernization strategy is cloud adoption. There are numerous risks associated with cloud technology and cloud service providers (CSPs) and services or applications that aren’t fully understood by an organization that adopts cloud technologies and/or chooses CSPs and services or applications. There are several risks and threats that organizations face when moving applications or data to the cloud, and this blog post outlines 12 of the most common. To help organizations move data and applications to the cloud safely and securely, we’ve written a follow-up post called Best Practices for Cloud Security.
Although the threats and vulnerabilities associated with cloud migration are ever evolving, the ones listed here are not exhaustive. It’s critical to consider the risks and challenges of moving to the cloud that is specific to a company’s specific missions, systems, and data.
Threats, Risks, and Vulnerabilities of Cloud Computing
Traditional data centres and cloud environments face the same threats at a high level, so the threat picture remains consistent. In other words, cloud computing runs software, and software has flawed that malicious actor try to exploit. But in cloud computing, the CSP and cloud consumer share the responsibility for mitigating the risks posed by these software vulnerabilities, unlike in traditional data centres. As a result, customers must be aware of the division of labour and have faith in the CSP to uphold its end of the bargain. According to our research and analysis, the following list of cloud-specific and cloud/on-premises vulnerabilities and threats were discovered. Cloud computing platforms face a wide range of threats, as depicted in the figure below.
A CSP’s implementation of the five cloud computing characteristics has resulted in the following vulnerabilities. IT data centres of the past did not have these flaws.
Unauthorized Use Is Easier with Self-Service
CSPs make it incredibly simple to add new services to your account. Without IT approval, employees of an agency’s CSP can order additional services from the agency’s CSP on an as-needed basis. Shadow IT refers to the use of the software by an organization’s employees that is not supported by the IT department.
Unauthorized cloud services are becoming more common because of the lower costs and ease of using PaaS and SaaS products. However, services provided or used without IT’s knowledge can pose a risk to an organization’s productivity. Malware infections and data exfiltration are more likely to occur when an organization uses cloud services that it does not know about. An organization’s ability to monitor and control its network and data is also reduced using unauthorized cloud services.
Attempts to Separate Tenants Failed
A CSP’s infrastructure, platforms, or applications that support multi-tenancy can be compromised by exploiting system and software vulnerabilities. An attacker could exploit this flaw to gain access to another user’s or organization’s assets or data by exploiting this flaw. If the separation controls fail, there is a greater risk of data leakage due to multi-tenancy.
Vulnerabilities in the CSP’s applications or hypervisor, or even its hardware, can be exploited to carry out this attack. This is the first time an external attacker has gained access to tenants’ data through the CSP’s SaaS platform.
Proof-of-concept exploits have been demonstrated, but no reports of an attack based on a logical separation failure have been found.
Deletion of data is not complete
The consumer has less control over where their data is physically stored in the cloud, which makes it more difficult to verify that their data has been securely deleted. Concerningly, the CSP’s infrastructure is multi-tenant, which means that the data is spread across multiple storage devices. Additional procedures may vary from provider to provider, as well. Organizations may not be able to verify that their data has been securely deleted and that any remaining traces of the data have been eliminated. As a company utilizes more CSP services, the danger grows.
Theft of Personal Identification Documents
A hacker who gains access to a user’s cloud credentials can target the organization’s assets and provide additional resources using the CSP’s services (if the credentials allowed this). Cloud computing resources could be used by the attacker to target administrators of the organization, other organizations using the same CSP, or administrators of the CSP itself. CSP administrators’ cloud credentials may be used by an attacker to break into the systems and data of the agency.
A CSP’s and an organization’s administrator roles are distinct from one another. CSP administrators can access the entire CSP infrastructure, while the administrators of CSP customers can only access the cloud implementations of their own companies. An administrator of a cloud service provider (CSP) has administrative authority over many customers and services.
Authorized access is being abused by those with access
Those working for an organization or a CSP, as well as their administrators, are in a unique position to harm the networks, systems, and data of their respective organizations or CSPs.
Due to the ability of an insider to provision resources or perform nefarious activities that require forensics for detection, the impact is most likely worse with IaaS. Cloud resources may not have these forensic capabilities.