Cloud Security Risks to focus on in 2022
We are one month down in 2022 and by now most cyber-security departments are already in full swing of implementing their security roadmaps. Continuing our theme of the earlier posts on the importance of creating a Governance framework and roadmap, I thought it would be a good idea to focus on the top Cloud Security Risks which I think are pertinent for 2022.
I will try not to mention the obvious things like not misconfiguring your S3 buckets or implementing Multi-factor authentication on your identities ( if you haven’t done that then stop reading this article and go do that ! ) . Instead the focus will be on those threats which might get overlooked by cloud security teams.
Managing complex hybrid environments
In an ideal world organizations would either be fully on-prem or fully on-cloud or using one cloud provider only. However that is sadly not true as majority of organizations are using multi-cloud environments which might be scattered all over the globe making them a nightmare to secure. Cloud security teams need to be able to secure all of them and visualize risks in a centralized manner. A Cloud Security Posture Management tool is essential in these cases for governance purposes as a single mis-configuration would be enough to compromise your environment. Additionally, CISOs will have to think about implementing a zero trust security model to make sure that employees can get their work done while remaining secure in a hybrid environment. ( This is a huge topic in itself so will write more about this shortly )
Cloud Supply Chain attacks are going to increase
Supply chain attacks are a blind spot in many organizations and the cloud supply chain is especially vulnerable given the lack of experience most companies have with it. The recent Solarwinds and Colonial Pipeline attacks were sufficient to demonstrate that most companies are unaware of the level of access they have provided their partners into their environments or Github repositories. A recent study by Unit42 demonstrated just how easy it would be for a malicious person to gain access into a CI / CD environment and poison the core code repositories just by taking advantage of a few poor software development practices. The below example shows the flow which the security experts used to stimulate a supply chain attack and gain a foothold into the environment
The study is a fascinating read on how attackers can piggyback on top of a cloud environment due to software dependencies. This is made even more easier by the fact that companies are still hard-coding credentials into their Infrastructure as Code templates in 2022 !
Software Composition Analysis (SCA) tools
Building on the previous risk , the reason that it is becoming easier and easier to poison the software well is due to software dependencies. Modern software is build upon software libraries which are usually not scanned to the same extent as the core source code. This is a recurring trend in most supply chain attacks as attackers go after the supporting software libraries instead of the core source code.Software composition analysis ( SCA ) which detects insecure software libraries should be enabled and integrated into the pipeline. This is easier said than done however as software libraries can have multiple levels of dependencies which means security vulnerabilities can come in and remain undetected for huge periods of time. The recent Log4j hack being a perfect example of a software dependency that was so tightly ingrained into most environments that it simply could not be removed.
The above are the key risks I believe should be the top priority for most organizations in 2022. Let me know if you feel there are some I should have added or elaborated more upon !
Read more on my blog here