If cloud is part of the conversation for organisational digital change, then cloud security will forever be not far behind. According to new research from Unit 42, compliance needs to be stepped up, yet cryptojacking may be on the decline.
The company – the threat intelligence arm of Palo Alto Networks – put together analysis based on existing threats to cloud security over the second half of 2018, focusing on Amazon Web Services (AWS), Microsoft Azure and Google Cloud environments.
The majority of findings predictably belied the spirit of the festive season. Almost one in three (29%) organisations assessed had potential account compromises, while more than two in five (41%) access keys had not been rotated at all over the past three months.
It only takes a brief glance at recent industry headlines and trends to come to the conclusion that any organisation could be at risk. Indeed, while the concept of shared responsibility for cloud security must again be emphasised – as the very first page of the Unit 42 report illustrates – it must be noted vendors are trying to help ease the burden.
For AWS environments, companies inadvertently setting ‘world-read’ permissions to their data repositories is the classic recipe for disaster. In 2017 the vendor spruced up its dashboard design, giving bright orange warning indicators for buckets which were publicly accessible. Feeling even this wasn’t enough, last month saw the launch of Amazon S3 Block Public Access, which aims to demarcate the process by offering configuration at the account level, on individual buckets, or on future buckets created.
Those who do walk through this open door can therefore get up to any nefarious scheme they choose. In the case of Tesla at the start of this year, for example, hackers got into unsecured S3 buckets to mine cryptocurrencies. Yet while more than one in 10 (11%) organisations experienced cryptojacking activity in their environments, it represented a significant decrease from 25% in May. Unit 42 puts this shift down to a combination of better detection tactics and weakening crypto value.
More good news, albeit unsurprising, came in the shape of container adoption. According to the research, one in three organisations analysed use native or managed Kubernetes orchestration, with a quarter utilising managed services in the cloud. AWS, Google and Microsoft all have products in this space – and for the former, as re:Invent showed last month, breadth of portfolio, from containers tightly integrated with AWS, to managed services, to more ad hoc approaches, is the key differentiator on the vendor side.
Yet the report warns that basic security hygiene is not being observed for container services, making Kubernetes pods vulnerable to attack. 46% of those polled had not applied ‘appropriate network policies’ for their managed Kubernetes services. Organisations should not rely on basic authentication for this, the researchers argue, as brute force attacks can result, instead going for IAM roles.
As far as compliance goes, however, the figures were ‘undeniable’, in the report’s words. One in three (32%) organisations publicly exposed at least one cloud storage services, while half (49%) of databases checked were not encrypted. While Unit 42 notes exposed public cloud storage is slowing trend, data encryption will have the potential to become a much more serious issue with GDPR top of mind. “Clearly, organisations have a long way to go before they can claim compliance in their public cloud environments,” the report warns.
You can read the full analysis here (pdf, email required).
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.