Mohammed Al-Moneer, Regional Director, MENA at A10 Networks discusses the importance of cloud security in an era of increasing cloud adoption combined with a volatile cyber space.
As cloud computing has matured, the benefits it delivers to organizations of all sizes are undeniable. Companies are enjoying agility, scale and speed like never before. And cloud adoption shows no signs of slowing. Gartner last month forecasted that worldwide public cloud revenue is set to grow 21.4% in 2018 to total $186.4 billion, up from $153.5 billion in 2017. With this huge growth in cloud adoption and the recent rash of cyberattacks targeting organizations across all industries, effective security in the cloud is paramount.
Exposed APIs
One way the cloud introduces new security risks to organizations is the underlying infrastructure that makes the cloud and cloud applications run, which consists of publicly exposed APIs.
Why is that an important distinction? Because essentially, what makes APIs useful also makes them exploitable. APIs are built with fully exposed controls to support orchestration, management, automation and integration between solutions and applications.
This level of exposure makes them a rich target for exploitation, and can introduce another dimension of security challenges for businesses, as it expands the boundaries that were not part of traditional on-premise perimeters that enterprises are used to.
It’s often noted that attackers will take the path of least resistance, and employees – sometimes even those in IT organizations – will unwittingly help them, often by using lax identity practices.
Identity Weakness is an Open Door
There will always be employees who fall prey to phishing attempts, surf exploited websites, use unsecured free Wi-Fi networks in public and download other sketchy material. All of this behavior opens the door to potential attackers.
At the same time, common infrastructure weaknesses are seen by attackers as the exploit of choice to land a beachhead within an organization, such as using a SQL query to find cached credentials or finding an unpatched, publicly exposed server to exploit.
And, of course, you have bad identity and password practices that are always enticing to threat actors – and there’s no shortage of employees who fall back to first initial-last name or password1234 as their password of choice.
Identity weakness can also open the door to full control of the API.
Identity Hygiene
There’s no 100 percent ironclad way to prevent intrusion through exploiting identity, but you can slow them down. How? Through good identity hygiene. Some ways to implement this in your organization include:
Multi-Factor Authentication
Time was, a password was the only necessary way to authenticate to a network or applications. That worked well for a while. Not anymore. Additional layers of defense are imperative. Threat actors can easily crack passwords, so the use of additional types of authentication, such as biometrics and tokens ensure tighter security.
Passphrases over Passwords
We’ve seen time and time again where weak passwords are cracked. A passphrase, however, makes it more difficult. Where a password is typically up to 10 letters, numbers and symbols, a passphrase, however, has a much longer character length to stymie possible attackers and commonly contains underscores to separate words in the phrase.
Passphrases don’t have to be grammatically correct and they can also use numbers and symbols to make cracking them that much harder. Mamma Mia! Your passphrase can be your favorite Abba lyric, if that’s your thing.
Depreciate Expired Employee Accounts
Leaving accounts open for former employees or for services no longer in use opens a hole that is easily exploited. A good rule of thumb is to shut down expired employee accounts immediately to dramatically reduce the chance of a disgruntled former employee access the network.
Monitor Access Logs
It sounds like a no-brainer, but knowing who accesses what and when can avoid catastrophe. Monitor access logs frequently for anomalies and to ensure end-users have the correct levels of access.
The industry is currently making improvements in identity by implementing multi-context analysis strategies that include time of access, country of origin, host computer in use and other behavioral analyses to add weight to identity.
Analytics to Detect Anomalies
Analytics and the ability to detect security anomalies in the cloud are also imperative. Having a strong understanding of how applications are performing and their security posture can provide insight into levels of access and potentially flag a possible security issue before it wreaks havoc.
Per-app analytics and security data coupled with strong identity hygiene will help ensure your cloud and cloud applications are both high-performing and secure.