The cloud services industry has grown tremendously over the past several years, resulting in new vulnerabilities and associated risk. How you protected your cloud environment in the recent past no longer suffices. This was a hot topic at this year’s RSA Conference as several sessions provided strategies for securing the cloud environment.
Using virtualization to make rapid changes has made cloud security exponentially more difficult than traditional environments. In one day you can monitor more changes and updates in a virtual environment than what is possible in a typical IT infrastructure over the span of a year. Organizations have been implementing new tools and processes to manage these rapidly changing and scalable environments.
Two important concepts resonated in presentations and discussions at RSAC: Blast Radius and 3rd party attack vectors.
Blast Radius uses network and account segregation to minimize what an attacker can access or damage. Typical segregation can help keep attackers at bay – but this is made more effective with the realization that duplicate networks can be easily created in virtual environments. If malicious activity is detected, the corrupted network can be eliminated and the duplicate networks scaled immediately. Now imagine the same thing but between two different cloud accounts. This is akin to having a duplicate data center ready to be built and operational on the fly.
In addition to protecting your own environment, you need to be cautious of the 3rd party environments connecting to your cloud as threats can present themselves through your network of service providers. It is not uncommon for a cloud environment to connect to other private networks or authentication services, or even to send information to external services for alerting. Any service that is connected to your cloud environment poses a potential attack vector. To minimize this threat, grant appropriate access rights, eliminate horizontal movement opportunities, and use APIs securely.
As cloud adoption continues to ramp up, understanding how to secure these new virtual environments will be essential. Some tools will be very familiar (you have enabled multi-factor authentication, right?) while other techniques may require additional skill sets like coding or scripting. Online Business Systems was an early adopter of the cloud and understands how to protect cloud environments from attacks and threats. Subscribe to our blog so you can stay up-to-date on cloud security!