The pace of migrations to the cloud has been remarkable. And, considering the affordability, flexibility and scalability of cloud versus on-premises environments, the trend will continue.
But even as these migrations have progressed, there is still one issue that’s remained consistent between physical and virtual systems – vulnerability to cyber attacks. A virtual machine hosted at Amazon is susceptible to the same exploits as a server in a rack at your headquarters. The cyber security industry is evolving to keep up with this progression. According to Forrester, the cloud security market will grow at an annual rate of 42%.1
It’s wise to pay attention to the security of your systems in your new cloud infrastructures, and not trust that this critical task is being handled by cloud providers.
Security Threats Follow You to the Cloud
To succeed, whether inside the cloud or not, attackers need credentials. Using spear phishing, social engineering and similar tactics, hackers can circumvent perimeter defenses like firewalls. Once the attackers are inside the network they look for privileged credentials.
These privileged credentials allow them to move laterally between systems, accessing sensitive systems and stealing valuable data. Many cyber attacks launched against cloud environments use automated hacking tools and can be executed rapidly. Ironically, they often leverage cloud elasticity to attack you with as much power as they need to get your data.
In large cloud environments there are vast numbers of systems with untold privileged accounts. But there’s no efficient way to find all these accounts manually. And if you don’t know where your privileged accounts reside, you cannot protect them.
Discovering privileged identities, though, is only one element of securing them. It’s also imperative to determine who has administrative access to your privileged accounts and audit what they do with this elevated access. And moving workloads to the cloud leads to more privileged users, further complicating matters.
Making Privileged Access a Moving Target
Given that automated tools are leveraged to launch cyber attacks against systems and applications in the cloud, it’s logical for besieged organizations to fight back with automated security.
To do this, identities used within the cloud must be automatically secured and managed with cloud identity security. But this is often not the case. The strategy for many organizations is to use static credentials that rarely, if ever, change and are shared among IT staff. Even worse, privileged credentials for the cloud are often embedded within applications and never updated. Therefore, if a cloud application is compromised, there is a distinct possibility that these embedded credentials will be stolen. Then the application itself could be a launching point for further attacks.
Making privileged access a moving target helps mitigate these threats in the cloud.
And this is the premise of Lieberman Software’s webinar Securing the Cloud Inside and Out, featuring guest speaker Andras Cser of Forrester.
1Sizing the Cloud Security Market, Andras Cser and Michael Yamnitsky, Forrester, August 25, 2015