The challenge of cloud acceleration

Issue 2 2022 Integrated Solutions

A move to cloud, otherwise referred to as the ‘cloud shift’, that has triggered a change in the way organisations run, is accelerating across the business world.

As a MSSP (managed security services provider), SecurityHQ has experienced this shift across practically every sector and in response, is highlighting the new threats that are emerging out of this shift.

The positives and negatives of cloud adoption

Positive: cost reduction. Now that this model of service is gaining confidence, has been tried and tested, even smaller companies are choosing to make the shift to cost-effective models of cloud operation.

Negative: greater threat surface. While costs may be reduced, a change in cloud configurations and administration means that there are many new opportunities for adversaries to detect vulnerabilities and to exploit misconfigurations in cloud environments.

Businesses must take into consideration the follow key points, to reduce their threat surface when making the shift to cloud.

• A shift to API monitoring. With many additional intercommunications between applications and automations, application programming interfaces (APIs) are more powerful than ever. Almost all admin activities and enumeration activities are possible via API calls.

• Federated accounts. With hybrid cloud models, often during transition phases, we may see attackers ambushing trust relations where the cloud accounts are likely still integrated with traditional identity management systems, such as Windows Active Directory. It is important to monitor behavioural use cases, to watch and catch adversaries moving laterally to cloud resources.

• Misconfigurations. This age-old technique of leveraging misconfigurations is still relevant. Although many cloud computing solutions today allow auto fixing of the overly permissive policies or configurations, business continuity and pressure to get things working will always have a higher priority. Watch out for default security group configurations, which allow unrestricted outbound access. This is an easy channel for adversaries to conduct data exfiltration.

• Firewall controls. With cloud infrastructure, the pricing model greatly depends on storage being used. In many cases, you may notice that logs are one of the biggest consumers of storage than the applications. Traditionally, for on-premises models, the perimeter security firewalls were crucial points to be monitored and further internal activity revolved around application and access logs generated by the systems themselves. With cloud monitoring, virtual private cloud (VPC) traffic is an essential element to monitor, especially traffic between different security groups. This can be optimised by logging your crown jewels as these flow logs tend to be noisy. There are several use cases that can be built around the VPC logs to detect traditional access attempts and excessive failures, which may indicate a broken service or an attack as well.

• Correlation. Correlation is a key element when it comes to cloud-based models. We cannot just check one single data domain.

• An attackers eye view. An attacker will usually follow the below sequence.

1. Check for exposed services.

2. Exploit a vulnerable or misconfigured service.

3. Escalate privilege.

4. Move laterally.

5. Detonate - final objective.

Indicators or trails of attack which are left are different when it comes to cloud-based attacks. Which means it becomes increasingly important to know how the client is set up on the cloud. This is crucial for investigation especially with serverless computing.

Having conducted incident response investigations across a wide range of industries, SecurityHQ is best placed to work with businesses, large and small and across numerous technical environments to reduce the impact of a cybersecurity incident.

For more information contact SecurityHQ Southern Africa, +27 11 702 8555, rob@securityhq.com, www.securityhq.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Innovation and service, 37 years and counting
Technews Publishing Impro Technologies Access Control & Identity Management Integrated Solutions
Innovation, simplicity and trust underpin the nearly 40 years of success of local access control brand, Impro Technologies, which is still run as an independent entity despite being acquired by ASSA ABLOY in 2016.

Read more...
Improving safety and security
Gallagher Education (Industry) Access Control & Identity Management Integrated Solutions
Education facilities have more than enough to deal with when it comes to allocating budget. Security often seems to be the last item on the agenda but is more important than ever.

Read more...
Software is South Africa’s most promising business opportunity
Integrated Solutions IT infrastructure
When we talk about software as a business opportunity, we are not just talking about software or IT as a standalone product; deploying computer and network-related solutions to augment traditional processes represents an evolutionary shift in how the world works.

Read more...
Finding balance in a world of shifting supply chains
Logistics (Industry) Integrated Solutions Products
Retailers and consumer goods manufacturers need precise demand planning now more than ever. With help from the AI-powered SAS Intelligent Planning Cloud, companies can anticipate and address shopper needs and shipping disruptions more effectively.

Read more...
SA banking sector chooses enterprise-grade ID verification
Financial (Industry) Access Control & Identity Management Integrated Solutions
In terms of the secure digital onboarding of customers, South Africa’s major banks have made massive inroads by using remote facial authentication.

Read more...
The state of the biometrics market
neaMetrics Technews Publishing Suprema Hikvision South Africa IDEMIA Access Control & Identity Management Integrated Solutions
Now that the pandemic is over (hopefully), will we see the same confidence in biometrics for access and identification or will the world be reverting to touch-based systems, including cards and fobs (or mobiles).

Read more...
Suprema development tools
Suprema Access Control & Identity Management Integrated Solutions
With integrating systems from different companies a critical part of an effective security solution, Suprema highlights its development tools aimed at making integration with its products simpler.

Read more...
The future of touchless biometrics
Technews Publishing Fulcrum Biometrics Access Control & Identity Management Integrated Solutions
Facial biometrics is the main talking point today, helped along by COVID, but is it the best touchless solution available? Rob Griggs from Fulcrum Biometrics Southern Africa recommends other touchless alternatives.

Read more...
The problem with biometrics
Technews Publishing Editor's Choice Access Control & Identity Management Integrated Solutions
We have come to rely heavily on biometrics for many aspects of access and identity management, especially in identity management where selfie authentication is accepted with confidence. Are we doing it right? Roger Grimes has his own take on the matter.

Read more...
SuperVision biometric access control
Fourier IT Innovation Integrated Solutions
SuperVision is a time & attendance (T&A) biometric access control system Fourier IT has been developing and enhancing for 18 years.

Read more...