The cloud has been a transformative technology for individuals, businesses, and organizations. While the phrase “cloud computing” was first mentioned in a 1996 Compaq document, it’s really over the past decade-and-a-half that the concept of the cloud has become a ubiquitous part of the technology landscape. Before the cloud – data storage, data management, and data processing all had to be performed locally with on-premises equipment. By comparison, today this can all be performed over the internet — with large data centers able to provide vast computational resources to whoever needs them.
The cloud has additionally opened up new possibilities for real-time collaborative software, such as Google Docs. Such technology has come into its own in importance over the past year, due to the coronavirus pandemic and the ensuing push toward working from home.
These are the positives of cloud computing. But there are challenges with cloud security as well. Separating these negatives from the positives isn’t easy. That’s because, in many cases, what makes the cloud so good is also what gives rise to many of the challenges.
If you can get in, so could attackers
Most notably, the cloud allows individuals to log into a network or system from off-site, granting them access to files, data, infrastructure, and whatever else they might require in order to be able to perform their job.
But while this has certainly been a game-changer for employees and business owners, this same ease of remote access makes it possible for a bad actor to do exactly the same thing. However easy a business or organization makes it for employees to access its systems from the outside, so too does it lower the barrier to entry for possible malicious forces to do the same.
Unsurprisingly, the number of cloud security violations and breaches has ramped up as a result of the current working environment, with many organizations having to rapidly roll out remote access tools. In August 2020 — although only reported in February 2021 — security expert Jordan Potti revealed that upwards of 600 government agencies, universities, and enterprises may have accidentally exposed their login credentials, many with admin-level privileges, on the ServiceNow cloud computing platform.
This was the result of a hitherto undiscovered vulnerability in which endpoints were left open and unencrypted passwords were rendered publicly viewable. That opened up the possibility of an attacker gaining access to employee data, customer support tickets, IT and HR tickets, internal documents, and far more. While ServiceNow sprang into action to patch the problem, it nonetheless highlights what a risk cloud computing can present to customers.
Breaches can be serious
Fortunately, in the case of the ServiceNow vulnerability, the negative impacts of the exposed data weren’t as bad as they could have been. However, there are plenty of examples of cloud computing breaches which have been far more impactful. For instance, in August 2020, the same month the ServiceNow vulnerability was discovered, Capital One Financial reached a settlement with federal banking regulators connected to a 2019 hacking incident.
In the cloud security related breach, the personal data of approximately 100 million Americans and 6 million Canadians who either owned, or had applied for, a Capital One credit card had their data exposed. This was in addition to 140,000 Social Security numbers and 80,000 bank account numbers. Although Capital One had been the victim of a hacking attack, it was found to have failed to implement the right security controls to protect its customers. Capital One was fined a massive $80 million in connection with the breach.
In this new world of cloud-based computing, companies and organizations must ensure that they are taking the appropriate steps to protect their employees, systems, and customers. Identity management, privacy, and access controls are all areas that must be tightened up as part of the shift to cloud computing. Many breaches are the result of cloud platform configuration errors, closely followed by unauthorized cloud access, unsecured interfaces, and account theft.
Protect yourself as best you can
Cloud systems are highly interconnected. That means that a single compromised account can be used to rapidly elevate privileges and cause significant damage. Businesses and organizations using cloud-based systems must ensure that security patches are up to date, using vulnerability databases to make sure that they do not miss crucial updates. They must also carry out regular reviews of whatever cloud configurations are in place to ensure that there are no configuration errors that could expose them to attacks. This is crucial to ensure compliance as well as minimizing risk.
Cybersecurity tools like network edge security systems such as Web Application Firewalls (WAF), application security in the form of Runtime Application Self-Protection (RASP), and data security measures like Database Activity Monitoring (DAM) are also essential for keeping you safe. These measures can ensure rapid detection and response against threats in order to protect data. If they are not already being employed, seeking out a cybersecurity expert who can advise you is a must.
The cloud landscape is changing fast. It would be an enormous error to write off cloud computing because of the risks that accompany it. By taking the right steps, businesses and organizations can enjoy the undisputed positives that come with cloud computing, while being able to greatly reduce the risks. That’s a win-win for all involved.