Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

What a CISO and A 'Hacker' Really Think About Cloud Security

Utilizing the cloud in some capacity for your organization’s infrastructure – whether hybrid or public – has immense benefits. CIOs have essentially come to a consensus that the cost savings, flexibility and seamless collaboration that the cloud provides is hard to live without. And most recently, IDC has projected that cloud computing could help prevent more than one billion metric tons of CO2 emissions in the next three years.

The highly touted benefits seem like they should give all organizations the confidence to move the majority of their data to the cloud.

However, there is still one characteristic of the cloud that is overlooked in some circles – security.

The Market’s General Perception of Cloud Security

If you did some quick research on cloud security, you’d likely find far more content trying to promise you that the cloud is actually much more secure than on-premises infrastructure. And organizations are putting faith in what they’re hearing. A Deloitte survey of more than 500 IT leaders and executives revealed that security and data protection are their top drivers for initiating a cloud migration. Meanwhile, a 2020 Global Encryption Trends Study by the Ponemon Institute reports that more than half of almost 6,500 respondents indicate that their businesses use cloud technology to transfer or store data – regardless of whether it’s encrypted or protected via any security mechanisms.

But when you speak with pure security professionals, their take on cloud security still comes with some caution.

The Cloud Makes Business Easier But Brings Higher Stakes for Security

Trustwave CISO David Bishop and Mark Whitehead, global vice president of Trustwave SpiderLabs Consulting, come from two different sides of security. David is traditionally on ‘defense’ – his goal is to keep top global cybersecurity organizations safe from attackers looking to make a name for themselves or exfiltrate data from high-profile clients. Mark is on ‘offense’ – he leads a team of elite white hat hackers that are commissioned to conduct penetration testing and Red Teaming for enterprises and government agencies across the world. His team is tasked with emulating advanced hackers and their sophisticated techniques to find security holes before the real malicious hackers do.

We asked them to share their opinions on cloud security and take a hard look at the challenges and mindset required to make the cloud a secure place for organizations’ valuable data.

Is the transition to the cloud a dangerous time for organizations? How can organizations do it safely (outside of the basics)?

Mark: During the transition to the cloud, your organization is breaking things; you’re changing connections, permissions, and other built in security functions. There are a lot more alerts being flagged in the security operation center that are ‘mundane’. And all of that is the perfect cover for an attacker.

As ‘attackers’, we know that there will be more eyes-on-glass fatigue during this environment change period. So if we catch wind of this shift, we can bank on IT folks likely by default attributing those additional alerts or issues to be all part of the migration.

David: Complexities exist in every facet when transitioning to the cloud. It’s a massive project. Some have adopted a hybrid environment to transfer data to the cloud and explore its capabilities gradually. This way, you can execute on a big transition chunk, assess if anything is broken, and either move forward or revert quickly. During this time, it’s important to have a dedicated workforce – whether in-house or third-party – who are capable of recognizing configuration requirements and identifying needs for compliance and security at each phase of the transition. Otherwise, attackers that aren’t as ‘friendly’ as Mark’s team could take advantage of where you are in the migration and potentially go undetected until sometime later. Advanced actors will begin assimilating usual and normal traffic patterns and go undetected from anomalous behavior in the environment.

It is imperative to do in-depth security testing and Red Teaming once architecture backbones are in place along the way to ensure you don’t have a false sense of security.

We frequently hear about the mass scale and traffic the cloud produces. Does more scale and traffic mean more opportunities for hackers?

David: From an attacker’s standpoint, the cloud has made it much easier to launch attacks that blend into regular, everyday traffic. A handful of free cloud provider resources can give a hacker a free account with no or obfuscated attribution that becomes a needle in a haystack against otherwise normal traffic.

Mark: In general, the cloud has drastically increased hacker anonymity through the ability to chain these resources David mentioned to make detection and attribution much more challenging. This used to be challenging to implement, but now it is easier than ever and executable at a much lower cost for attackers.

How important is it to understand the changes in identity and access management in the cloud?

Mark: Very. Everybody thought that the cloud was going to fix identity and access management, but it really just introduced a different model of problem sets that we have to worry about. And whether the data is in the cloud, native, or is hybrid located, all three of those scenarios rely on common fundamental components. These fundamental components have the same strengths and weaknesses of the technology we relied on for 20+ years, i.e., Active Directory, permissions, passwords, and known and unknown exploitable vulnerabilities.

In the cloud, organizations are now potentially handing over the keys to their data and networks to third parties, and that’s a big security risk no matter who it is. We’ve seen this play out in the SolarWinds attack.

David: Anyone who is doing cloud security must look at the shared responsibility model as well as configuration models and fully understand their components because security obligations have dramatically shifted in the cloud. Software-defined environments enable limitless options and capability – while they introduce, similarly, security configuration oversights and misgivings.

I always look at it from the standpoint of simplicity to complexity. As the cloud becomes more prevalent, with additional easy-to-spin-up solutions and elastic capability, agility and complexity make security more difficult. To secure the cloud and combat this complexity, you must layer multiple protections and fail-safes, continually monitor for anomalous behavior and patterns that indicate attack techniques, and have robust visibility and policies for identity and access management activities.


16554_cloud-security_cover
DATA SHEET

Trustwave Cloud Security Services

Trustwave helps organizations securely navigate their journey to the cloud. Consulting services help organizations design an effective program and deploy technologies. Managed security services ensure ongoing protection. With our flexible service delivery model, organizations can ask Trustwave to be the provider for all their security needs, or to augment existing resources.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More