By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

With most enterprises leveraging at least one type of cloud deployment today, the question arises: is the cloud more or less secure than on-premise solutions? The reality is that for on prem or even private cloud environments, the approach to security largely relies on a barrier defense. When organizations are compromised within this barrier, it can basically become open season for malicious actors, which we’ve seen in marquee incidents such as the Target data breach, the Home Depot hack in 2014, or the recent Uber breach, which exploited an unpatched security vulnerability. Taking a step back, we see that cloud vulnerabilities fall into three main categories: cloud misconfigurations, application exploits and in security patch management. Cloud configurations that are not aligned to security best practices commonly lead to exploits, as we saw in the case of the 2019 Capital One data breach. In this breach, the bad actor took advantage of an AWS misconfiguration to bypass authentication requirements and enter the network. According to Gartner, misconfigurations and other customer missteps will result in 99 percent of cloud security incidents by 2023. There are some exceptions in how bad actors take advantage of cloud misconfigurations, such as last year’s attack exposing flaws in Microsoft Azure’s Cosmo DB, which left thousands of customers exposed to malicious actors. While significant, these scenarios are rarer to see. Thankfully, when it comes to shared responsibility, we see generally vendors do a good job of holding up their end of the bargain. The shared responsibility model also applies to patch management. We continue to see customers compromised through unpatched vulnerabilities, which often stem from not applying patches quickly enough or at all. Cloud vendors such as AWS provide transparency around their security events and maintain updated records of security bulletins, similar to Microsoft’s Patch Tuesday updates. However, security patches are only useful if they are applied in a timely manner. This was reiterated in the latest revision from the U.S. National Institute of Standards and Technology (NIST), which recently updated its guidance for enterprise patch management to encourage enterprises to implement strategies for streamlining patch management. There are also ways to reduce the element of human error when it comes to patch management. Patch management tools today which leverage Artificial Intelligence (AI) to apply automation to the patch management process, can help establish standardization policies for security teams managing patches. While not the most recent, the 2013 Target data breach remains a hallmark cyber event to warn of the dangers regarding application exploits. In the Target breach, Hackers gained access through a third-party HVAC vendor, which enabled them to access additional systems on the network and amplify their exploits. This brings up the false sense of security some organizations have from the tools used to protect networks, and points to why it is equally important to apply best practices to third-party applications. Some tools, like Intrusion Detection Prevention (IDP) devices, can help identify hackers moving laterally through a compromised network to exploit applications. While some organizations view these types of tools as a last line of defense, they should be considered an important part of cloud security best practices. Follow this thread on OUR FORUM.