Modern IT architecture is rapidly evolving, with the cloud and a range of connected devices becoming the new anchors for enterprise data. Organisations are recognising that moving to Office 365 enables rapid collaboration, while the likes of Amazon Web Services (AWS) and Microsoft Azure can help their IT infrastructure become more responsive and flexible to drive further innovation. However, theft of data or an attacker gaining entry to corporate cloud infrastructure can stop innovation in its tracks.
Over the past two years, many organisations have shifted to Software-, Infrastructure- and Platform-as-a-Service cloud models. While this has generated a wide variety of business benefits – from improving IT flexibility, cutting costs to boosting productivity – cybercriminals are now turning their attention to the sensitive corporate data residing in the cloud.
Valuable data in the cloud
McAfee’s recent Cloud Adoption and Risk Report found that 21 per cent of data currently stored in the cloud is sensitive, such as intellectual property or customer and personal data. With a 33 per cent increase in users collaborating on this data during the past year, cybercriminals know how to find more targets. Possible scenarios include password reuse from consumer to business cloud services, cloud-native attacks targeting weak APIs, hunting for poor cloud security configurations, and using the cloud as a springboard for cloud-native man-in-the-middle attacks to launch ransomware or cryptojacking malware. And as collaboration among cybercriminals continues to expand through underground alliances – enabling the evolution of today’s bad actors into increasingly organised and agile adversaries – we can expect to see this collective concentration on data in the cloud continue.
With the increased adoption of services like Office 365, McAfee has pinpointed a surge of attacks on the service – especially attempts to compromise email. As just one example, McAfee uncovered the KnockKnock botnet, designed to target system accounts that typically do not have multifactor authentication. McAfee researchers have also identified the emergence of exploits of the trust model in the Open Authorisation standard, such as Russian cyber espionage group Fancy Bear phishing users with a fake Google security app to gain access to user data.
Alongside these threats, we have seen many high-profile data breaches attributed to misconfigured Amazon S3 buckets. This is clearly not the fault of AWS. Based on the shared responsibility model, the onus is on the customer to configure IaaS/PaaS infrastructure properly and protect their enterprise data and user access. However, many of these misconfigured buckets are owned by vendors in their supply chains, not the target enterprises. This complicates matters for them, and makes it simple for bad actors to find easy pickings amongst the thousands of available open buckets.
Happily, the cloud can be managed and controlled, and many policies, in place for years on endpoints and on-premises servers for example, can be migrated to the cloud, so functions such as DLP, user behaviour analytics, access control, integration with global authentication systems can all be put in place. The difficulty for organisations is that this is not delivered by the security systems already installed – a new computing system needs new security tools, such as CASB (Cloud Access Security Brokers). In addition, cloud brings in new functionalities that need managing – the ease of collaborating in the cloud with external 3rd parties and cloud-to-cloud traffic. These can also be addressed but not with old-school network-based security systems we have relied on in the past.
Securing the cloud
Digital transformation is driving the need for a cloud-first approach to security. For organisations to adopt the cloud with peace of mind, they not only need visibility into data and applications, but consistent data and threat protection policies across their data and applications wherever they reside.
Cybercriminals may be focusing more on the cloud than ever before but when managed correctly, the cloud can be the most secure environment for business.
Brookcourt Solutions delivers products and professional services based around the McAfee MVISION cloud-native solutions – designed to protect data, detect threats and correct any new vulnerabilities quickly. With McAfee’s MVISION portfolio, the enterprise can mount a powerful threat and data-centric defence, spanning from device to the cloud. In this way, IT security teams can accelerate the business through digital transformation initiatives while unifying threat defence and data protection as well as eliminating the silos that inhibit their ability to manage and adjust security controls in response to a changing operating environment.
Security concerns should not be a barrier to cloud adoption. Together with the native security delivered by cloud providers such as AWS, Microsoft Azure and Microsoft Office 365, McAfee aims to make cloud as secure or more secure than on-premises alternatives. With McAfee, organisations can securely harness the power of the cloud to accelerate business, drive innovation and gain a competitive edge while keeping data and systems safe.
For more information on McAfee: firstname.lastname@example.org