A range of strategies and practices to address security in the cloud were outlined by Stuart Hirst, principal cloud security engineer at Just Eat during a session at the Infosecurity Online event.
Hirst began by outlining the increasing importance of the cloud, stating that all companies are in one of two camps: “you’re either thinking of going to cloud or you’re already there.”
This has become increasingly relevant this year due to the shift to remote working during the COVID-19 pandemic.
Yet, securing the cloud environment is currently proving problematic for many organizations. Hirst said: “If you are already in the cloud, you’ll likely be in one of two camps. They are either: it’s already really hard and there’s a lot to fix, or total chaos – lots of accounts, historic problems to fix, lots of behaviors to change and culture to embed.”
Hirst went on to outline the main threats to the cloud, highlighting that breaches caused by cloud misconfigurations in 2018/19 exposed nearly 33.4 billion records. One is crytojacking/Bitcoin mining, which has become one of the main threats in recent years. Hirst noted that this has largely been driven by bots trauling the internet constantly for IPs and credentials. “Gone are the days where we have days and weeks to respond – these kind of attacks are happening in seconds and they’re automated, so you can’t wait to deal with it. You’ve got to build protection in place,” he said.
Others include data breaches through open buckets and databases and Denial of Service (DDoS) attacks, the latter of which “have got much bigger over the last few years.”
Another major area of concern are insider threats that lead to data breaches, either through malicious intent or due to error.
Despite the vast range of threats, Hirst outlined practical steps to effectively protect against these that have emerged over the years.
First and foremost, it is critical to bring in strong protection for the cloud service’s root account. In particular, multi-factorial authentication (MFA) should be implemented and Hirst advised that the MFA token should be given to someone “non-technical” to store it. This is because, in the hands of someone with malicious intent and technical expertise, access to the root account can cause huge damage to a business.
Security groups, which act as a virtual firewall, are easy to misconfigure, according to Hirst. A few ways to avoid this occurring include restricting traffic to internal IPs for protocols such as SSH and using network access control lists (NACLs) to block ports.
Enhancing incident response strategies is another vital aspect in protecting the cloud environment. One basic step is to create playbooks to detail the stages of a response for staff. Hirst commented: “Even if they’re simple and tell you who to contact when something happens, then at least you have a repeatable process that you can build on.”
Ultimately though, Hirst said that the most important aspect of effective cloud security is getting the recruitment of security staff right. “I work with the most incredible team, they teach me things every day – it has been recruiting those people into the business that has really driven us to the point where we are at now,” he added.