The cloud has made it easy and affordable for companies to scale their IT resources when they need things like extra apps, storage, or infrastructure. By converting capital expenses (buying servers and other hardware outright) into operational ones (with a pay-as-you-go model), more businesses than ever can access the IT resources they need to succeed.
Despite these benefits, it’s important to remember that the cloud also introduces a unique set of cybersecurity threats and risks to your business.
This article looks at these cloud security threats and the risks that can arise from relying on cloud providers to properly secure your data.
A brief history of the cloud
The cloud enables companies to access apps, servers, data storage, dev tools, and other IT resources remotely via the Internet or a private network connection.
In 1999, Salesforce pioneered the idea of providing its customer relationship management (CRM) tool as an internet-accessible service. Salesforce’s success brought tons of attention to a new market: software-as-a-service (SaaS).
Three years later, Amazon Web Services became the earliest provider of a suite of cloud-based services which included storage and computation.
Originally hesitant to adopt cloud-based services, many companies were concerned about the cloud's reliability and the challenges that come with moving from traditional IT infrastructure to the cloud. Besides, the cloud was new, and it wasn't yet clear how to use or benefit from it.
Then came the 2010s, and the demand for cloud-based services skyrocketed for two core reasons.
- Advancing internet infrastructure. Internet connectivity and speed improved significantly in the 2010s—particularly across the Western world. Companies could now access cloud resources at similar (if only slightly reduced) speeds to on-premise IT resources. Additionally, the beginning of 4G LTE networks made it easier for businesses to access cloud-based data and applications.
- Maturing cloud services. Cloud service providers like Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure evolved and matured their offerings, providing a broader range of services that appealed to more businesses.
When the COVID-19 pandemic hit in early 2020, companies were forced to move more of their workloads and data to the cloud. By simply logging in to cloud services, remote employees could complete their tasks and use cloud-hosted collaboration tools without the need for IT teams to set up remote access to on-premise systems and resources.
The cloud now plays an integral role in IT strategies for companies of all sizes:
- Around 60% of corporate data is stored in the cloud.
- Of the enterprises that use public cloud services like AWS, Google, and Azure, more than 98 percent use the services of multiple cloud service providers.
- Between 2020 and 2022, SMBs increased their cloud computing spending by 38 percent.
What are the main cloud security threats?
Security is not a new concern when it comes to cloud computing, especially when companies use these tools to share, store, or transmit confidential data. The idea of trusting a third-party company to store valuable company data or help run business-critical apps sounds inherently risky.
Well-established cloud providers often emphasize their strong security practices, but some cloud-based threats exist no matter how strong the vendor’s security processes are.
With that in mind, here are a few key cloud security threats to be aware of.
Misconfigurations
Misconfigured cloud services may leave sensitive data exposed or provide hackers with an easy entry point into your environment.
Are you prepared for tomorrow’s threats?
Dive into the past, present, and future of cyber security with The State of Cyber Security eBook.
Download now
This threat exists in other areas of your IT environment but is magnified in the cloud. Securing cloud infrastructure using vendor-provided controls or tools is no easy task on its own. The skills shortage across both cloud computing and cybersecurity, however, exacerbates the problem.
Cloud misconfiguration or security oversights leave you exposed to attackers since those same resources form part of your external attack surface. Misconfigured internal systems are often more forgiving.
Here are some real-world examples of cloud misconfigurations leading to severe and costly data loss incidents:
- A misconfigured web application firewall in AWS resulted in the 2019 breach of American financial institution, Capital One. The result? 100 million US and Canadian credit card applicants had their personal information stolen.
- In 2020, Broadvoice, a VoIP provider, left a cluster of databases stored in the cloud without any password protection. This led to the exposure of 350+ million records, including voicemail transcripts that contained confidential financial details, medical conditions, and more.
Account hijacking
Account hijacking happens when a hacker takes over someone’s account and uses that account for malicious purposes, such as stealing personal information or committing fraud.
Cloud services are particularly vulnerable to the threat of account hijacking, primarily because they often manage a large number of user accounts which makes them an attractive target. As companies use more cloud services, the threat of cloud account hijacking grows because there are more user accounts to try and break into.
Risky password practices, such as reusing the same credentials across different accounts, multiply the threat. Threat actors are also more cunning than ever with their social engineering methods, which often entice unsuspecting users to disclose passwords in emails or over the phone.
To make matters worse, visibility is a big problem in cloud environments. Organizations have far greater visibility and control over user accounts in their internal networks than cloud accounts. The lack of visibility makes it difficult to detect and respond to account hijacking in the cloud.
Here are a couple recent examples of cloud-based account hijacking:
- In December 2022, hackers accessed private source code belonging to identity and access management company Okta by breaking into accounts associated with Okta’s cloud-based Github repository.
- That same year, LastPass customer data was stolen from a cloud storage vault using a developer’s stolen cloud storage access key.
Unsecured APIs
Application Programming Interfaces (APIs) define a protocol that allows software applications to communicate with each other. APIs are a vital part of cloud services as they enable users and apps to interact with the cloud platform, manage resources, and extend the functionality of the cloud.
Generally, cloud vendors provide extensive documentation on using their APIs. That said, API security is sometimes tricky to get right, and human error often results in issues like using weak or default credentials to authenticate requests, or not encrypting data.
Making API documentation available to users also means it’s easily available to hackers, who can scour it for potential ways to compromise the API.
API flaws can lead to major issues:
- An undisclosed Asian airline had flight reservation data stolen when hackers exploited security weaknesses in an API for the cloud-based team collaboration tool Slack.
- T-Mobile’s online services were breached through an API flaw in 2023, resulting in 37 million customers having their information exposed.
Cloud vendors and security
Each cloud vendor has its own approach to securing the infrastructure and software it provides to users. This variation not only complicates the whole configuration process but makes it difficult to know just how much you can rely on each vendor’s security.
The multi-cloud model, when companies mix and match their cloud services and vendors to meet different use cases, complicates things further. You can easily end up in a situation where you have inconsistent security postures across different cloud environments.
Don’t forget that many cloud security threats stem from sources that the cloud vendor has no control over.
Cloud coverage with Covalence
It’s important that businesses prioritize their cloud security just as they would their endpoint and network security, but this can be hard to do with noisy point solutions.
Covalence offers complete, holistic security for your endpoints, cloud-based services, and network. By combining cloud, network, and endpoint data to correlate security events and accurately detect threats—an approach that no other security provider does natively—Covalence protects you from the widest range of cyber attacks.
Mitigate the security risks associated with moving your business to the cloud.
Book your Covalence demo here.
