Fight Cloud Jacking by Slashing Complexity
For today’s enterprise, there is a very legitimate argument that cloud security architecture is the single most important part of a CISO’s operation. Enterprises have been consistently shifting more and more of their intellectual property to the cloud for the better part of a decade, and the pandemic and resulting remote work environment forced a sharp acceleration of those efforts. It’s no surprise then, that for today’s cybercriminal, cloud jacking, or cloud hijacking is becoming the single biggest way to infiltrate company infrastructure, applications and data to misuse for financial gain.
“The threat landscape is more complex than just a few years ago and 2022 is expected to be even more problematic,” said Vishwas Manral, the Chief Technologist and Head of Innovation for Skyhigh Security. “The frequency and intensity of attacks has soared, the sophistication and targeting of attacks is more precise, and perhaps most importantly, the number of entities being granted access to that data in the cloud has multiplied.
“Suppliers, distributors, remote employees, contractors, consultants and even large customers today have access privileges to the resources and data in the cloud using credentials,” Manral continued. “That’s a lot of people accessing this sensitive data through cloud credentials, and these are the credentials cybercriminals are after for cloud jacking.”
Once adversaries have the cloud credentials, they have the keys to the kingdom and can wreak havoc in the cloud.
The Multi-cloud Reality
Cloud adoption enables enterprises to onboard new applications faster. It reduces operations overhead in managing the infrastructure and applications, thus enabling enterprise IT teams to move at the speed of business. This has led to the proliferation of cloud usage within enterprises for Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and and Infrastructure-as-a-Service (IaaS) applications.
SaaS applications are consumed and delivered through the cloud by the enterprise as software. The cloud providers take application and infrastructure security responsibility, yet the responsibility of access and data security resides with enterprise security teams.
IaaS and PaaS are business-critical applications that are built and hosted by the enterprise, and the responsibility of the infrastructure, application logic, data and access security is managed by enterprise security teams. These environments are growing and changing quickly for enterprises.
For the CISO, this means that the enterprise’s cloud environment on Tuesday might be very different than what it was on Monday. That’s problematic.
Managing access credentials for these diverse and fast-changing environments is complicated, inconsistent, and hard. It’s worse for the CISO as these are the credentials that the cybercriminals want to cloud jack and use for commercial gains.
Multiple tools exist within the Security Service Edge (SSE) framework that can provide a data-aware and comprehensive, converged approach to security. This helps protect the cloud and cloud credentials from falling into the hands of cybercriminals.
Some “90% of breaches could be prevented if the security tools used are correctly configured and tuned,” Manral said. “Tools are designed with the assumption that security teams know their cloud environments and are well-versed in the tools and technologies. But as cloud environments diversify and evolve, security teams are having a hard time keeping up with all the changes. This leads to security tools not being correctly tuned, and in turn leaving security gaps that cyber adversaries use to their advantage. This holds true for tools managing cloud access permissions as well, leading to the further compromise of cloud assets.”
Introduced as a market category by Gartner, SSE includes the consolidation of security solutions, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Firewall-as-a-Service (FWaaS). These solutions are used to secure access to the web, cloud, and private applications, and enforce data protection and threat protection policies to users and devices located at any corner of the world from a single, cloud-delivered edge.
SSE tools need to be designed for the environment they run in and enable easy onboarding of cloud applications, without needing the security teams to be cloud experts.
“Technologies and methods like machine learning can help, but it’s more about the tools having a deeper and automated understanding of the environment they run in and enabling easy adoption of security features without expecting too much from the users,” Manral said.
Giving security teams early access in the decision-making process of adopting an application can help reduce issues, as they will have more information on the existing environments and risk exposure. Providing users with training on how to secure their credentials, as well as educating them on the expense of a breach, can also drastically reduce the risk of cloud jacking.
Giving CISOs Deeper Visibility Into the Cloud Environment
Another part of this equation is getting the cloud platforms to enable deeper visibility into cloud details for their enterprise tenants (security executives, in particular).
“Large cloud providers are now realizing that CISOs need a lot of visibility for security and compliance purposes and are starting to give CISOs more data about cloud-hosted applications, data and infrastructure,” Manral said.
At the same time, it’s important that CISOs speak the language of both cybersecurity and the key business units. They must convince those line-of-business executives that it is in their own business unit’s interest to have security play an early role.
To learn more about the benefits of a SSE approach.