Security Risks in Cloud Infrastructure and How to Mitigate Them

Prakash Bell, Head, Security Engineering, Check Point Software Technologies, India & SAARC, in interaction with Asia Business Outlook, shares his views on newly manifested threats, potential security risks associated with cloud service models and detecting those risks.

Security risks in cloud infrastructure are manifesting in form of new threats such as serverless vulnerabilities, container security, API abuse, and supply chain attacks. How do you see the evolving landscape of cloud infrastructure security?

Cloud adopters soon realize that Cloud is dynamic, ephemeral, and evolving, with everything in the Cloud changing, growing at a hundred times the speed and scale, as compared to traditional, on-prem infrastructures.

Check Point Research’s 2022 Cloud Security Report revealed that 35% of respondents are running more than 50% of their workloads in the cloud globally. It is interesting to note that 72% are extremely concerned about cloud security, and 76% are hindered by the complexity of managing multiple cloud vendors, which often results in misconfigurations, lack of visibility, and exposure to cyberattacks. Moreover, the study revealed that misconfiguration is seen as the number one cause of security related incidents, which can be attributed to the need for around-the-clock security operations and alert fatigue. 

To ensure further security for cloud-user organizations in India, here are some of the key areas cloud users must take into consideration as this space evolves

Visibility : as the popular premise goes “you cannot control what you cannot see” - having a complete view of all assets, their interactions, and current security postures is very important to put in place a strong Cloud security plan.

Monitor all traffic: going beyond North-South traffic that is ingressing and egressing the Cloud. It is vital to have a view on all East-West traffic, or traffic within the Cloud between your applications, data repositories, connectors, instances and even serverless functions. Having this visibility is key to improve your security posture and ensure policies are being applied at the right control points.

Shift Security to the Left : In the Cloud, Development and release of new applications, functions and capabilities is an ongoing activity, taking place twenty-four by seven. This creates an additional challenge of security oversight after the applications are in production. To address this, organizations should move their DevOps to a DevSecOps model, whereby security tools for monitoring and sanitizing code is adopted at the CI/CD stage. These tools would help create more secure applications going into production and provide better peace of mind. This should also help in understanding your SBoM (Software Bill of Material) and being able to control what goes into your code.

Besides the above, there are several other aspects a CISO could look into, such as adoption of ZTNA and SASE frameworks, combined with a strong understanding of current security posture and the use of prevention-first tools, to ensure the focus is on always preventing a cyberattack, rather than detection of an attack.

How can organizations effectively address the potential security risks associated with cloud service models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)?

In India, IDC reported that the overall India public cloud services market is expected to reach $13.0 billion by 2026, growing at a CAGR of 23.1% for 2021-26. The revenue totalled $2.8 billion for the first half of 2022. According to IDC, SaaS continued to be the largest component of the overall public cloud services market, followed by IaaS and PaaS during the first half of 2022.

As such, organizations moving to Cloud need to understand the shared security model followed by CSPs (Cloud Service Provider), where the responsibilities between the CSP and the user- organization is clearly defined. While CSPs would be responsible for Security of the Cloud, Cloud customers would still be responsible for Security in the Cloud. Hence, a good amount of responsibility would rest with the users of Cloud services, based on the services consumed. This also emphasizes that Cloud customers would need to have strong security practices covering all aspects. Cloud users are also strongly encouraged to go beyond the native offerings from their CSPs and evaluate and deploy strong multi-layered security solutions, ideally a true multi-cloud solution that can provide a single-pane-of-glass management with their on-prem infrastructure. This would simplify their cloud security posture, ensuring a consistent application of policies, management and governance.

What are your thoughts on the security challenges associated with multi-tenancy in the cloud, where multiple customers share the same underlying infrastructure?

Securing multitenant cloud environments can be complex because an organization lacks control over the Public cloud infrastructure and are limited to controlling their own instance, and their data.

Cloud Service Providers or CSPs in general take care of creating different degrees of isolation between the various tenants. For organizations adopting cloud, having a detailed understanding of the various tenancy models, their implications and best practices will need to be well understood. Of course, the CSPs would be able provide good amount of guidance around these.

Working with the CSP in knowing the multi-tenancy architectures on offer, understanding the pros and cons of each, picking the right one based on boundaries offered and individual needs is very vital. Besides, CSPs may also offer tools for testing the isolation between tenants. Once this is understood, preventing downtime risks, change management and data leaks is paramount. Implementing strong privilege control through storing and managing identities centrally can be effective during deployment, reducing the risk of incorrect privilege levels being used in production.

To achieve further isolation and security, all data in rest and transit, as well as communication can be secured with stronger encryption. Other areas to look into would be usage of data leakage prevention solutions and mandatory deployment of CSPM tools. Adopting SASE and ZTNA frameworks is strongly urged to further improve the robustness of Cloud security.

What measures can organizations take to mitigate the risks of unauthorized access and data breaches in cloud infrastructure, considering the increased attack surface and potential vulnerabilities?

As mentioned before, visibility of the Cloud is key and Cloud Security & Posture Management (CSPM) and Cloud Infrastructure Entitlement Management (CIEM) tools would greatly help in understating your current security posture, gaps, compliance to regulatory standards as well as controls to be put in place. All of the above are combined into a new category called the Cloud Native Application Protection Platforms that offer a simpler way to adopt them.

With the organization’s security perimeter being at its most complicated and unclear in recent times, due to workers accessing both corporate infrastructures as well as Cloud SaaS and hosted apps, it is more important than ever to begin adopting ZTNA & SASE frameworks, to help make the transition to Cloud, improving your security for the new world. These would also help reduce the attack surface, provide greater visibility control, and enforcement through automated procedures to keep your security at its prime.

How can organizations ensure the confidentiality and integrity of data in transit and at rest within the cloud, considering the complexity of data movement and storage across multiple cloud service providers?

CNAPP tools help ferret out gaps in your current security infrastructure, provide mechanisms to address and enforce the best security.

This notwithstanding, adopting stringent security practices all the way from the end-points to the apps is key. Encryption of data at rest, while in transit and securing them adequately through combination of EDR, CIEM, DLP tools is essential as is adopting prevention-first tools and security stance .

What are the best practices for implementing strong identity and access management (IAM) controls in the cloud, especially when dealing with multiple user accounts, roles, and permissions across various cloud services?

IAM in the Cloud is equally important for managing and enforcing controls around humans and machines. Often times the complexity of managing machine identities is overlooked as this could be larger and growing faster than other identities. Some of the areas to address would be:

• Choosing a vendor agnostic IAM solution that works across multiple Clouds would be key, giving organizations greater control, agility to move between Cloud providers
• Reducing Identify and key sprawl by looking at intercations between various applications, containers etc. and working on reducing them
• Improving visibility and tightening governance will be another area to review and optimize for better control and management
• Building Automation tools or capabilities to above would greatly improve the efficiency of all controls deployed.

It needs to be understood that deploying IAM is not a one-time project but an ongoing process especially as cyber threats and compliance requirements are continually evolving.

How can organizations handle the challenges of monitoring and detecting security incidents in the cloud, given the distributed and scalable nature of cloud infrastructure and the volume of logs and events generated?

As mentioned before, visibility is key and having CNAPP tools is a good start. Combine this with EDR & capabilities to have an end-to-end view on monitoring and integration of all key products through SIEM & SOAR platforms, proactively taking action and addressing events. Given the volume of data and the correlation required, it would help to leverage automation for detection and auto-remediation.

Also, having an Incident Response (IR) team and playbook is key to be able to review and handle issues as and when they are spotted. Finally having an overall security strategy and stance that is comprehensive with real-time prevention against today’s sophisticated attacks, leveraging a consolidated architecture to enhance security coordination and effectiveness and collaborative using API-based technology with easy integration to 3 rd party solutions to augment security effectiveness is today’s necessary security framework.

Of course, if there is a challenge to handle these with your in-house teams due to resources or skills challenge, several security vendors offer managed services that you can leverage upon. This brings a bouquet of necessary tools, expertise and best-practices to provide a holistic security blanket for your organization, helping you focus on your core business. As organizations transition to complex, multi-cloud deployments, automation and orchestration are essential to maintaining security at scale.