Cloud Computing – 2022 Top Threats – part 2
Insufficient Identity, Credentials,
Access and Key Mgt, Privileged Accounts
Identity, credential, and access management systems are essential for organisations to manage, monitor, and secure their valuable resources. These may include digital files, computer systems, and physical resources such as server rooms and buildings. As such, it is important to maintain and continually monitor these systems. Risk scoring in Identity and Access Management (IAM) can help to strengthen the security posture, by using a clear risk assignment model, diligent monitoring, and proper isolation of its behaviour. To gain an understanding of the risk context, tracking target access and frequency for risk scoring is essential.
In addition, it is important to immediately revoke privileged accounts when personnel leaves the organisation or their role changes, to avoid any data exfiltration or account takeover. It is also important that roles and responsibilities match the ‘need to know’ basis, so as to reduce the risk of data mismanagement or account takeover due to overprivileged personnel.
Negative consequences of Insufficient Identity, Credentials, Access and Key Management, and Privileged Accounts may include:
- Increased Risk of Data Breaches – an attacker may be able to gain access to confidential data or sensitive systems due to weak authentication methods or poor access control measures.
- Increased Risk of Fraud – attackers are able to bypass authentication methods or access control measures to gain access to sensitive data or systems, and then use this access to commit fraud.
- Increased Risk of Data Loss – If an attacker is able to gain access to a sensitive system, they may be able to delete or alter data, leading to significant data loss.
- Increased Risk of Compromised System Performance – an attacker may be able to gain access to a system or network and then use it to launch further
Insecure Interfaces and APIs
The growth of APIs is undeniable and the need for secure interfaces is essential. Poor coding practices, lack of authentication and authorization, and misconfiguration are among the most common causes of data breaches. The Akamai 2021 report documented a 53% year-over-year increase in API requests, indicating the need for secure interfaces is greater than ever. Organizations must ensure their APIs are secure and catalogued, including details such as internal or external facing, what they are used for, and what data are exposed, as well as scaling and automating their security patterns across multiple technologies and Cloud Service Providers. To keep up with the increasing demand, continuous monitoring and testing must be done to protect against malicious activity.
The security of an interface or API is dependent on various factors, such as the usage and data associated with it, as well as the speed in which any vulnerability is identified and addressed. Unfortunately, the most common consequence of an insecure API is the inadvertent exposure of sensitive or confidential data. Therefore, it is essential that companies take the necessary steps to ensure that their API is always secure and up to date in order to prevent any data breaches or other malicious attacks. Regular testing and monitoring of the API is a must in order to ensure the highest levels of security. Additionally, organisations should provide developers with the necessary tools and resources to ensure their API is secure and up to date. By doing this, companies can ensure the safety of their data and the integrity of their applications.
and Inadequate Change Control
Misconfigurations in the cloud is an erroneous or inappropriate setup of computing assets that could expose them to the risk of unintended damage or malicious activity.
The lack of knowledge about systems and security settings, as well as malign intentions, can lead to misconfigurations.
Some of the most common configurations are:
- Unhindered access to inbound and outbound ports
- Poor Secrets management
- Unchanged default credentials and configuration settings
- Unpatched systems
- Inactive monitoring and logging
- Standard security controls disabled
- Overly permissive storage object access
- Lack of configuration validation
- Excessive permission
Due to the distinct nature of cloud computing, inadequate change control can wreak havoc on cloud environments. In contrast to traditional IT, cloud technology necessitates quick modifications, broadened roles, and automation, making change management more difficult. Additionally, when infrastructure is converted to code, it increases the complexity of the cloud environment. Furthermore, when multiple cloud providers are employed, the environment becomes even more complex.
To be successful, businesses should adopt technology that can constantly scan for incorrectly set up resources so they can fix vulnerabilities promptly. Change management processes need to be able to keep up with the frequent and ever–changing business alterations and security risks, and make sure the accepted changes are being accurately implemented using an automated confirmation in real–time.