-by Eyal Estrin, Cloud Architect, Inter-University Computation Center (IUCC)
Additional fundamental Cloud Security concepts can be found here.

Working with cloud environments may certain security threats to an organization.

In this post, we will review the most common threats and what measures are available to mitigate them.

Data Breach

A data breach is when sensitive data (such as research data, healthcare data, personal or financial data) is exposed to the public.

Possible mitigations:

  • Access control lists – making sure data is accessible only for intended people
  • Encryption – making sure data is readable only by intended people
  • Monitoring and auditing – having the ability to log and alert about possible data breaches
  • Classification – ability to configure access rights by data sensitivity

Misconfiguration

In this type of threat, an attacker takes advantage of the fact that a system was configured incorrectly, such as publicly accessible object storage buckets, default privileged account passwords left unchanged, logging disabled, etc.

Possible mitigations:

  • Configuration management – making sure all configuration changes are documented, reviewed and approved
  • Encryption – making sure sensitive stored data (such as customer data, credentials, etc.) is protected by encryption
  • Governance – enforcing a mechanism for configuring systems according to best practices and vendor recommendations
  • Training – focusing on employee security awareness, when configuring new and existing systems
  • Credential rotation – making sure user and application/system credentials are replaced or updated at pre-defined intervals

Insufficient identity and access management

In this type of threat, an attacker takes advantage of the fact that default credentials were left unchanged, hardcoded passwords inside scripts, access keys left on publicly accessible object storage bucket, etc.

Possible mitigations:

  • Encryption – making sure stored sensitive data (such as credentials, access keys, tokens, secrets, etc.) is encrypted
  • Credential rotation – making sure user and application/system credentials are replaced or renewed at pre-defined intervals
  • Monitoring and auditing – ability to send notifications about possible login related attacks (such as multiple failed login)
  • User lifecycle management – disabling accounts for employees who have left the organization

Account hijacking

In this type of threat, an attacker gains access to the system and privileged accounts (such as administrator or root accounts)

Possible mitigations:

  • Credential rotation – making sure user and application/system credentials are replaced or updated at pre-defined intervals
  • Monitoring and auditing – the ability to send notification about possible login related attacks (such as multiple failed logins)
  • User lifecycle management – disabling accounts for employees who have left the organization
  • Environment separation – splitting systems between production and non-production

Insider threat

An insider threat is when a “trusted” current or former employee, contractor or business partner has access to internal systems, either maliciously or unintentionally, and is able to access internal data or affect the security of internal systems.

Possible mitigations

  • Access control lists – making sure data is accessible only for intended people
  • Monitoring and auditing – ability to send notification about possible login related attacks (such as multiple failed login)
  • User lifecycle management – disabling accounts for employees who have left the organization
  • Credential rotation – making sure user and application/system credentials are replaced or updated at pre-defined intervals

Insecure APIs

In this type of threat, an attacker is able to take advantage of poorly designed API’s (application programmable interfaces) in-order to misuse a system, to gain access, steal data or even manipulate stored data

Possible mitigations

  • Application security – developing APIs according to secure development lifecycle best practices
  • Access control lists – making sure data is accessible only for intended people
  • Encryption – making sure sensitive data (such as PII, healthcare, financial, credentials, access keys, tokens, secrets, etc.) is stored in encrypted form
  • Monitoring and auditing – ability to send notification about possible attacks (such as multiple data queries from the same source, etc.)

Abuse of cloud services

In this type of threat, an attacker is able to take advantage of the cloud scale, in-order to conduct attacks such as distributed denial-of-service, bitcoin mining, brute force of stolen credential databases, email or phishing campaigns, etc.

Possible mitigations

  • Application security – developing code according to secure development lifecycle best practices
  • DDoS protection – using DDoS protection services from the cloud vendors
  • Credential rotation – making sure user and application/system credentials are replaced or updated at pre-defined intervals
  • Access control lists – making sure data is accessible only for intended people
  • Monitoring and auditing – the ability to send notification about possible attacks (such as multiple data queries from the same source, etc.)

Detailed information about cloud threats can be found in resources provided by the Cloud Security Alliance:

https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-deep-dive/