Cloud deployments, whether public, private, hybrid or community, are susceptible to all the traditional cybersecurity threats and more. Let’s look at the most common threats:
- Virtual machine attacks: Active VMs are vulnerable to all traditional attacks that can affect physical servers. Once a VM is compromised, it may be able to attack other VMs running on the same physical host because the VMs share the same hardware and software resources. In addition, the compromised VM may be able to attack other VMs and hosts throughout the LAN.
- Hypervisor attacks: Compromising the hypervisor enables a bad actor to gain control over the VMs as well as the host. One example of a hypervisor attack is hyperjacking, which involves installing a rogue hypervisor that can take complete control of a host. This may be accomplished through the use of a VM-based rootkit that attacks the original hypervisor, inserting a modified rogue hypervisor in its place.
- Switch attacks: The virtual switch is vulnerable to a wide range of layer-2 attacks, just as a physical switch would be. These attacks include virtual switch configuration manipulation as well as the modification of existing VLANs, trust zones, and ARP tables.
- Denial-of-service (DoS) attacks: These attacks can be the direct result of individual VM setting misconfigurations that allow a VM instance to consume and utilize all available resources from the host. Note that hypervisors prevent any VM from gaining 100-percent usage of shared hardware resources. Appropriately configured hypervisors detect instances of resource “hogging” and take actions, such as restarting the VM, in an effort to stabilize or halt any processes that may be causing the abuse.
- VM Lifecycle attacks: Provisioning tools and VM templates are exposed to different attacks that attempt to create new unauthorized VMs or patch the VM templates to infect the other VMs that will be cloned from this template.
- PaaS Backdoor attacks: Traditionally, development and other teams create backdoors to enable administrative tasks to be performed. Once backdoors are created, they provide a constant vector for attackers to target and potentially gain access to the relevant PaaS resources.
When assessing relevant security configurations and connectivity models, VLANs, NATs, bridging, and segregation provide viable (but not absolutely secure) options to ensure the overall security posture remains strong, along with increased flexibility and performance being constant, as opposed to other mitigation controls that may impact the overall performance. Code reviews and other SDLC checks are also essential to ensure that the likelihood of malware, backdoors, Trojans, and other potentially harmful vectors are reduced significantly.
The cloud must adhere to stringent security policies to avoid intrusion or unauthorized users viewing or accessing data. The challenge from a cloud provider perspective is to offer a solution and service that is flexible enough to incorporate the specific organizational policies put forward by the organization, while also being positioned to provide a boundary and segregation among the multiple organizations and customers within a single cloud environment.