In the wake of the COVID-19 pandemic, it’s been well documented that organizations have moved applications into the cloud at an accelerated rate. As that transition has occurred, however, the number of cloud security issues being encountered has increased as well.
A report published by IBM Security highlights the extent of the challenge. An analysis of cloud security incidents finds 45 percent of issues could be traced to configuration errors as well as vulnerabilities within the applications.
Many of these issues go undetected because IT and cybersecurity professionals are simply not involved in the process. Developers frequently configure and deploy cloud applications on their own. When cybersecurity issues are discovered, they typically don’t get prioritized. Accurics, a provider of a platform for assessing the security of cloud computing environments, recently published a report that only 4 percent of security issues reported in cloud production environments ever get addressed.
Cybercriminals are exploiting those applications to distribute ransomware, construct botnets, and run cryptominers that siphon off compute resources to generate digital currencies. The IBM study finds ransomware was deployed three times more than any other type of malware in public cloud environments.
Outside of deploying malware, the IBM report notes data theft was the most common threat activity observed in breached cloud environments over the past year. This involved everything from personally-identifying information (PII) to client-related emails.
With more applications deployed to the cloud than ever, cloud security issues are about to reach a tipping point. At the root of cloud security challenge is the shared security model on which cloud service providers rely. In theory, the cloud service provider is responsible for securing the infrastructure on which cloud applications depend. Developers, in collaboration with their IT and cybersecurity colleagues, are supposed to make sure the applications are secure.
In practice, many developers take advantage of automation tools to configure cloud computing environments with no input from anyone else. Not surprisingly, cloud computing environments wind up being misconfigured in ways that, for example, leave ports wide open. All a cybercriminal needs to do is then scan for any open ports to begin exfiltrating data or deposit malware that may not be activated for months.
The misconfiguration issue appears to be getting worse. Microsoft just revealed that Kubernetes clusters within the Azure service were hijacked to mine cryptocurrencies because a customer misconfigured an application. Many cloud applications are now being deployed using containers running on Kubernetes clusters. In theory, these applications should be more secure because containers are frequently ripped and replaced. Malware might only exist in the cloud for a short period of time. In practice, many organizations have yet to implement container security technologies, so for all intents and purposes, they are blind to what occurs within a containerized application environment.
Put it all together, and it’s clear cloud security issues that have long been ignored are coming to a head. Savvy cybersecurity teams are, of course, doing everything they can to head off an impending crisis. The problem is that despite those efforts it may wind up being yet another case where too little cybersecurity is once again being applied too late.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.