Cloud computing services have become an essential tool for most businesses. This trend has accelerated recently, with cloud-based services such as Zoom, Microsoft 365 and Google Workspace and many more becoming the collaboration and productivity tools of choice for remote teams.
While the “cloud” has quickly become an essential tool, its adoption can also pose additional cybersecurity risks.
Previously, most people who connected to the company network did so from their workplace and therefore accessed their accounts, files and company servers within the four walls of the office building, protected by firewalls and other professional-grade security tools. With the increased use of cloud applications, this is suddenly no longer the case: users can access business applications, documents and services from anywhere. This has resulted in the need for new security tools.
While it is positive for remote workers – because it allows them to continue working with a semblance of normalcy – remote working also represents an opportunity for cybercriminals, who have quickly taken advantage of the switch to remote working to try to break into the networks of organizations that have misconfigured their cloud security.
Enterprise VPNs and cloud application suites have become prime targets for hackers. If not properly secured, all of these can provide cybercriminals with an easy way to access corporate networks. Attackers just need to grab a username and password, steal them through phishing email or use brute force attacks to crack simple passwords.
As the intruder uses the legitimate login credentials of someone already working remotely, it is more difficult to detect unauthorized access, especially considering that the switch to remote work has led some people to work remotely. hours that are different from what might be considered normal working hours.
Attacks against cloud applications can be extremely damaging to victims, as cybercriminals can remain on the network for weeks or months. Sometimes they steal large amounts of sensitive company information; sometimes they use cloud services as an initial entry point to lay the groundwork for a ransomware attack that can lead them to steal data and deploy ransomware. This is why it is important that companies that use cloud applications have the appropriate tools and practices to ensure that users can use these services securely while being able to use them effectively.
Use multi-factor authentication checks on user accounts.
An obvious preventive measure is to put in place strong security controls over how users connect to cloud computing services. Whether it’s a virtual private network (VPN, Remote Desktop Protocol (RDP) service, or a suite of office applications, staff must need more than their name. user and password to access these services.
“One of the most important aspects of the cloud is that identity is king. Identity becomes almost your proxy for absolutely everything. All of a sudden, identity, its role and how you attribute it. have all the power, ”says Christian Arndt, cybersecurity director at PwC.
Whether software (the user must press an alert on their smartphone) or hardware (the user must use a secure USB key on their computer), multifactor authentication (MFA) is an effective line of defense against unauthorized access attempts to accounts. According to Microsoft, MFA protects against 99.9% of fraudulent login attempts.
Not only does it prevent unauthorized users from accessing accounts, but the notification sent by the service, which asks the user if they have attempted to log in, can serve as an alert to signal that someone is trying to log in. ” access the account. It can be used to alert the company that it may be the target of malicious hackers.
The ability to easily store or transfer data is one of the main benefits of using cloud applications, but for companies that want to keep their data secure, their processes shouldn’t be limited to downloading data. to the cloud and forget about them. There is one more step that businesses can take to protect data uploaded to cloud services: encryption.
Just like when stored on ordinary PCs and servers, encryption of data makes it unreadable and conceals it from unauthorized or malicious users. Some cloud service providers provide this service automatically, providing end-to-end protection of data to and from the cloud, as well as within it, to prevent manipulation. or stolen.
Apply security fixes as quickly as possible.
Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products perform better. These updates can also contain fixes for security vulnerabilities, because just because an application is hosted by a cloud computing provider does not mean that it is invulnerable to security vulnerabilities and cyber attacks.
Critical security patches for VPN and RDP applications have been released by vendors to address security vulnerabilities that expose businesses to cyber attacks. If these fixes are not applied quickly enough, cybercriminals risk abusing these services to make them an entry point into the network that can be exploited for further cyber attacks.
Use tools to find out what’s on your network.
Businesses are increasingly using cloud services, and keeping track of all the applications and servers that have been put into service is no easy task. But there are very many instances where corporate data is exposed due to misuse of cloud security. A cloud service can be left open and exposed without the knowledge of the business. Public storage resources exposed in the cloud can be discovered by attackers, which can put the entire organization at risk.
In these circumstances, it may be useful to use cloud security posture management (CSPM) tools. These can help organizations identify and respond to potential security issues related to misconfiguration in the cloud, providing a means of reducing the attack surface that hackers can examine, and helping to maintain it. secure cloud infrastructure against potential attacks and data leaks.
“Cloud security posture management is a technology that assesses configuration drift in a changing environment, and will alert you if things are somehow out of sync with what is. your baseline. This may indicate that there is something in the system that can be exploited for compromise, “says Merritt Maxim, vice president and research director at Forrester.
CSPM is an automated process and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast, and having to manually comb through services to find errors and anomalies would be too much of a human burden – especially if there are dozens of different cloud services on the network. . Automating these processes can therefore contribute to the security of the cloud environment.
“You don’t have enough people to manage 100 different tools in an environment that changes every day, so I would say you have to try and consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company.
Make sure that the administrator and user accounts are separated.
Cloud services can be complex and some members of the IT team will have highly privileged access to the service to help administer it. Compromising a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action that administrator privileges allow, which could be extremely damaging to the business that uses it. cloud computing services.
It is therefore imperative that administrator accounts are secured by tools such as multi-factor authentication and that administrator-level privileges are only granted to employees who need them to do their jobs. According to the NCSC, administrator-level devices should not be able to directly browse the web or read email, as this could compromise the account.
It is also important to ensure that regular users who do not need administrator privileges do not have them, because if the account is compromised, an attacker could quickly exploit this access to take control of cloud services.
Use backups as a backup plan.
But while cloud services can provide benefits to organizations around the world, it’s important not to rely entirely on the cloud for security. While tools like two-factor authentication and automatic alerts can help secure networks, no network is impossible to penetrate, especially if additional security measures have not been applied.
This is why a good cloud security strategy should also involve storing data backups and storing them offline, so that in the event of an event causing cloud services to become unavailable, the business has something on which to base their business. to work.
Use easy-to-use cloud apps for your employees.
There’s something else companies can do to keep the cloud secure, and that’s to give their employees the right tools from the start. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, otherwise organizations run the risk that employees won’t want to use them.
A business could put together the most secure suite of cloud applications possible, but if it’s too difficult to use, employees, frustrated at not being able to do their jobs, might turn to public cloud tools instead.
This issue could lead to corporate data being stored in person accounts, creating a greater risk of theft, especially if a user does not have two-factor authentication or other controls in place. to protect his personal account.
The theft of personal account information could potentially lead to a widespread data breach or broader compromise of the organization as a whole. .