The cloud has been a transformative technology for individuals, businesses, and organizations. While the phrase “cloud computing” was first mentioned in a 1996 Compaq document, over the past decade-and-a-half, the concept of the cloud has become a ubiquitous part of the technology landscape. Before the cloud, data storage, management, and processing had to be performed locally with on-premises equipment. By comparison, today, this can all be achieved over the internet — with large data centers able to provide vast computational resources to whoever needs them.
The cloud has opened up new possibilities for real-time collaborative software like Google Docs. Such technology has become important over the past year due to the coronavirus pandemic and the ensuing push toward working from home.
These are the positives of cloud computing. However, there are challenges with cloud security as well. Separating these negatives from the positives isn’t easy. That’s because, in many cases, what makes the cloud so good also gives rise to many challenges.
If you can get in, so can attackers.
Most notably, the cloud allows individuals to log into a network or system from off-site, granting them access to files, data, infrastructure, and whatever else they might require to be able to perform their job.
But while this has certainly been a game-changer for employees and business owners, this same ease of remote access makes it possible for a bad actor to do the same thing. However, it is easy for a business or organization makes it for employees to access its systems from the outside; it also lowers the barrier to entry for possible malicious forces to do the same.
Unsurprisingly, the number of cloud security violations and breaches has ramped up due to the current working environment, with many organizations having to roll out remote access tools rapidly. In August 2020 — although only reported in February 2021 — security expert Jordan Potti revealed that upwards of 600 government agencies, universities, and enterprises may have accidentally exposed their login credentials, many with admin-level privileges on the ServiceNow cloud computing platform.
This resulted from a hitherto undiscovered vulnerability in which endpoints were left open and unencrypted passwords were rendered publicly viewable. That opened the possibility of an attacker gaining access to employee data, customer support tickets, IT and HR tickets, internal documents, and more. While ServiceNow sprang into action to patch the problem, it highlights what a risk cloud computing can present to customers.
Breaches can be serious.
Fortunately, in the case of the ServiceNow vulnerability, the negative impacts of the exposed data weren’t as bad as they could have been. However, there are plenty of examples of cloud computing breaches that have been far more impactful. For instance, in August 2020, the same month the ServiceNow vulnerability was discovered, Capital One Financial settled with federal banking regulators connected to a 2019 hacking incident.
In the cloud security-related breach, the personal data of approximately 100 million Americans and 6 million Canadians who either owned or had applied for a Capital One credit card had their data exposed. This was in addition to 140,000 Social Security and 80,000 bank account numbers. Although Capital One had been the victim of a hacking attack, it was found to have failed to implement the right security controls to protect its customers. Capital One was fined a massive $80 million in connection with the breach.
In this new world of cloud-based computing, companies and organizations must take the appropriate steps to protect their employees, systems, and customers. Identity management, privacy, and access controls are all areas that must be tightened up as part of the shift to cloud computing. Many breaches result from cloud platform configuration errors, followed by unauthorized access, unsecured interfaces, and account theft.
Protect yourself as best you can
Cloud systems are highly interconnected. That means that a single compromised account can be used to elevate privileges and cause significant damage rapidly. Businesses and organizations using cloud-based systems must ensure that security patches are up to date, using vulnerability databases to ensure they do not miss crucial updates. They must also regularly review whatever cloud configurations are in place to ensure no configuration errors that could expose them to attacks. This is crucial to ensure compliance and minimize risk.
Cybersecurity tools like network edge security systems such as Web Application Firewalls (WAF), application security in the form of Runtime Application Self-Protection (RASP), and data security measures like Database Activity Monitoring (DAM) are also essential for keeping you safe. These measures can ensure rapid detection and response against threats to protect data. If they are not already employed, seeking a cybersecurity expert to advise you is necessary.
The cloud landscape is changing fast. It would be an enormous error to write off cloud computing because of the risks that accompany it. By taking the right steps, businesses and organizations can enjoy the undisputed positives of cloud computing while greatly reducing the risks. That’s a win-win for all involved.
