Knowing the top threats to cloud computing, allows an organization to reduce attack surfaces by selecting appropriate countermeasures. Strategies like a Zero Trust architecture and imagining the cyber “kill chain” before an incident occurs can lead to successful protection.
As the commoditization of cloud services increases, so does the attention and capability of criminal enterprises and other malicious activities. It is therefore important to understand what the risks, vulnerabilities, threats, and attacks are related to the cloud environment.
From a SaaS perspective, consider the following:
- Lack of transparency concerning what data is within applications
- Misuse of data by malicious insiders (at the provider and consuming organizations)
- Shadow IT
- Regulatory compliance drift
- Inadequate granularity of controls
- Improperly trained staff to manage prescribed controls
- Lack of due diligence/care concerning ransomware
From an IaaS perspective, consider the following:
- Physically unprotected data at the provider’s location
- Unauthorized workloads initiated
- Multi-cloud security inconsistency
- East-West movement of advanced persistent threats
- Improperly trained staff to manage prescribed controls
- Application built without security-by-design
- Virtualization Risks
The system virtualization components implement controls that isolate tenants. This includes not only confidentiality and integrity, but also availability. Fair, policy-based resource allocation over tenants is also a function of the virtualization system components. For this, capacity monitoring of all relevant physical and virtual resources should be considered. This includes network, disk, memory, and CPU. When controls implemented by the virtualization components are deemed to be not strong enough, trust zones can be used to segregate the physical infrastructure. This control can address confidentiality risks as well as control capacity risks and is often required by certain regulations.
Risks that are related to virtualization are outlined as follows:
- Security flaws in the hypervisor can lead to malicious software targeting individual VMs running on it or other components in the infrastructure.
- A flawed hypervisor could facilitate inter-VM attacks (also known as VM hopping through guest escape and leading to hyperjacking) when isolation between VMs is not perfect; in other words, one tenant’s VM could peek into the data of another tenant’s VM.
- Network traffic between VMs is not necessarily visible to physical network security controls, which means additional security controls may be necessary.
- Individual VMs can be starved of resources. Conversely, some servers are managed on the assumption that there are tasks that can run in idle time, such as virus scanning. In a virtualized environment, one virtual server’s idle time is another server’s production time, so VM resource availability assumptions need to be revisited.
- Virtual machines and their disk images are simply files residing somewhere. This means that, for example, a stopped VM is potentially accessible on a file system by third parties if no controls are applied. Inspection of this file can circumvent any controls that the guest operating system applies.