The challenge of cloud acceleration

Issue 2 2022 Integrated Solutions

A move to cloud, otherwise referred to as the ‘cloud shift’, that has triggered a change in the way organisations run, is accelerating across the business world.

As a MSSP (managed security services provider), SecurityHQ has experienced this shift across practically every sector and in response, is highlighting the new threats that are emerging out of this shift.

The positives and negatives of cloud adoption

Positive: cost reduction. Now that this model of service is gaining confidence, has been tried and tested, even smaller companies are choosing to make the shift to cost-effective models of cloud operation.

Negative: greater threat surface. While costs may be reduced, a change in cloud configurations and administration means that there are many new opportunities for adversaries to detect vulnerabilities and to exploit misconfigurations in cloud environments.

Businesses must take into consideration the follow key points, to reduce their threat surface when making the shift to cloud.

• A shift to API monitoring. With many additional intercommunications between applications and automations, application programming interfaces (APIs) are more powerful than ever. Almost all admin activities and enumeration activities are possible via API calls.

• Federated accounts. With hybrid cloud models, often during transition phases, we may see attackers ambushing trust relations where the cloud accounts are likely still integrated with traditional identity management systems, such as Windows Active Directory. It is important to monitor behavioural use cases, to watch and catch adversaries moving laterally to cloud resources.

• Misconfigurations. This age-old technique of leveraging misconfigurations is still relevant. Although many cloud computing solutions today allow auto fixing of the overly permissive policies or configurations, business continuity and pressure to get things working will always have a higher priority. Watch out for default security group configurations, which allow unrestricted outbound access. This is an easy channel for adversaries to conduct data exfiltration.

• Firewall controls. With cloud infrastructure, the pricing model greatly depends on storage being used. In many cases, you may notice that logs are one of the biggest consumers of storage than the applications. Traditionally, for on-premises models, the perimeter security firewalls were crucial points to be monitored and further internal activity revolved around application and access logs generated by the systems themselves. With cloud monitoring, virtual private cloud (VPC) traffic is an essential element to monitor, especially traffic between different security groups. This can be optimised by logging your crown jewels as these flow logs tend to be noisy. There are several use cases that can be built around the VPC logs to detect traditional access attempts and excessive failures, which may indicate a broken service or an attack as well.

• Correlation. Correlation is a key element when it comes to cloud-based models. We cannot just check one single data domain.

• An attackers eye view. An attacker will usually follow the below sequence.

1. Check for exposed services.

2. Exploit a vulnerable or misconfigured service.

3. Escalate privilege.

4. Move laterally.

5. Detonate - final objective.

Indicators or trails of attack which are left are different when it comes to cloud-based attacks. Which means it becomes increasingly important to know how the client is set up on the cloud. This is crucial for investigation especially with serverless computing.

Having conducted incident response investigations across a wide range of industries, SecurityHQ is best placed to work with businesses, large and small and across numerous technical environments to reduce the impact of a cybersecurity incident.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The benefits of offsite control rooms
Astrosec Surveillance Integrated Solutions
As the security landscape grows more intricate, control rooms – the crucial hub of security operations – need to adapt. With escalating costs, mounting threats, and a heightened demand for immediate responses, many organisations are reassessing the operations of their control rooms.

Read more...
edgE:Tower video analytics integrated with SEON
Surveillance Integrated Solutions AI & Data Analytics
Sentronics has announced a new integration between its edgE:Tower advanced AI-driven video analytics solution and SEON, a Central Monitoring Software (CMS) platform. This integration enhances real-time situational awareness and automated threat detection for control rooms.

Read more...
Security industry embraces mobile credentials, biometrics and AI
AI & Data Analytics Access Control & Identity Management Integrated Solutions
As organisations navigate an increasingly complex threat landscape, security leaders are making strategic shifts toward unified platforms and emerging technologies, according to the newly released 2025 State of Security and Identity Report from HID.

Read more...
Insurance provider uses Net2 For access management
Paxton Access Control & Identity Management Integrated Solutions Healthcare (Industry)
BestMed selected Paxton Net2 for its access control requirements because of its simplicity of installation and ease of navigation for end users, as well as the 5-year warranty.

Read more...
The power of knowing your client
Ideco Biometrics Access Control & Identity Management Integrated Solutions
One of the most effective ways to combat the threat of fraud, identity theft, and financial crime threats is through a robust Know Your Client (KYC) process, which safeguards both businesses and clients.

Read more...
Managing identities for 20 years
Ideco Biometrics Technews Publishing SMART Security Solutions Access Control & Identity Management Integrated Solutions IoT & Automation
Many companies are now more aware of the risks associated with unauthorised access to locations and sensitive data and are investing in advanced identity authentication technologies to mitigate these threats.

Read more...
Cost-effective and reliable remote connectivity
Agriculture (Industry) Integrated Solutions Infrastructure
Companies that operate in hard-to-connect areas now have access to reliable connectivity due to a collaboration between MTN South Africa, Vox and Tarana technology.

Read more...
Advanced Perimeter Intrusion Detection Systems
XtraVision OPTEX Technews Publishing Modular Communications Perimeter Security, Alarms & Intruder Detection Integrated Solutions Products & Solutions
Making full use of fibre installations around the perimeter by adding Perimeter Intrusion Detection Systems means you can easily add another layer of security to existing surveillance and fencing systems.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
Using advanced surveillance technology as a smart city enabler
Duxbury Networking Integrated Solutions Surveillance
Smart cities are increasingly becoming a focus area for African governments and companies. However, the transition to these environments does not come without challenges, especially when it comes to security and resource management.

Read more...