It’s hard to imagine how businesses could have overcome pandemic-driven operational challenges without the cloud. By some estimates, organizations accelerated their cloud adoption plans by an average of six years in order to ensure remote workers had access to the applications, data and services they needed.
However, the rush to the cloud has also opened up new threat possibilities. Compromised cloud accounts cost U.S. companies an average of $6.2 million last year, according to a Ponemon Institute survey of IT security professionals. Respondents reported that they experienced an average of 64 separate cloud account compromises, with about a third of those exposing sensitive data.
In account takeover attacks, cybercriminals use stolen login credentials to gain unauthorized access to cloud accounts. Typically, attackers either use social engineering campaigns to steal credentials or they use credentials stolen from other online services in past data breaches. Once they’ve gained access to the data and privileges associated with a cloud account, attackers can move laterally across multiple cloud services and hybrid environments to perform reconnaissance and steal data.
Three main factors are likely contributing to the rise of cloud account compromises:
- Rushed migration. In their rush to adopt new cloud services, most organizations didn’t give enough thought to how they would secure these environments. In a recent survey of chief information security officers, 85 percent said they sacrificed cybersecurity to quickly enable remote work — and that's just those who admitted it.
- Shadow IT. The cloud makes it easy for anyone with an Internet connection and a credit card to subscribe to applications and services that might help them do their jobs. Too easy, in fact. Seventy-five percent of respondents to the Ponemon survey said the use of cloud apps and services without the approval of IT is a serious security risk. IT can’t monitor or secure cloud instances it doesn’t know about.
- Security misconceptions. Many organizations still operate under the misconception that cloud providers are responsible for securing customer data. That’s simply not the case. All cloud providers operate under a “shared responsibility” security model in which providers and users are accountable for different aspects of security. In general, providers are responsible for securing the cloud infrastructure while customers must protect their data and user accounts.
Organizations should consider implementing the following controls to minimize the risk of cloud account takeovers:
- Enforce “least-privilege” access controls. Restrict users’ permissions to install and run applications, and only allow them to access the systems and resources they need to do their jobs. In addition to preventing intentional or accidental data exposure, least-privilege restrictions can help contain and prevent malware and other threats from spreading.
- Improve cloud visibility. In one recent study, more than 70 percent of IT professionals said they cannot accurately monitor their cloud environments because users can deploy new software, services and infrastructure on demand at any moment. To improve visibility, consider adopting a cloud asset management (CAM) solution that can accurately discover and inventory all cloud services being used across the organization.
- Use a cloud access security broker. CASBs sit between an organization’s on-premises IT infrastructure and the cloud, enforcing IT policies and access controls. They can also provide additional security features such as firewall capabilities, user and entity behavior analytics, data encryption and tokenization, data loss prevention, and risk and compliance management.
Although the pandemic appears to be waning, cloud adoption won’t be slowing down anytime soon — Gartner analysts expect cloud spending to increase by 23 percent in 2021. While the cloud can deliver significant operational benefits, organizations must remain vigilant about security. Call us to learn more about security practices that can help you protect your cloud users, data and applications.
