As cloud systems are increasingly the foundation on which digital transformation is built, paying attention to their security is essential in cybersecurity best practice.
In the past, the Irish Computer Society has reported that more than half of Irish companies have suffered a data breach within the past year. For a long time, cybersecurity experts and government agencies have been urging organisations to enhance their cyber-defences due to the increased threat of cyberattacks.
Cloud resources are particularly vulnerable as many can be misconfigured and left without protection. Online databases could be an attractive target for attackers. In fact, researchers have already observed raids on cloud databases, and there are plenty of threat actors out there waiting to take advantage.
Cloud systems provide a relatively low cost, scalable, and flexible way to store and manage data, with a lower management burden for IT, built-in disaster recovery and anywhere, anytime access. As a backend for applications, databases stored in the public cloud could contain:
- business-critical corporate data;
- personally identifiable information belonging to employees and customers;
- highly sensitive IP and trade secrets; and
- IT/admin information such as APIs or encryption keys, which could be leveraged in future attacks.
If any of this data found its way into the wrong hands, it could be hugely damaging for a victim organisation, potentially leading to regulatory fines, legal costs, IT overtime costs, lost productivity and sales, client or customer dissatisfaction and reputational damage.
Once left exposed due to misconfiguration, databases can be relatively easily found with internet scanning tools. So, the challenge facing defenders is they need to get security right every time, whereas attackers need only get lucky once.
Cloud misconfiguration can take many forms, the most common being:
- missing access restrictions;
- security group policies which are too permissive;
- a lack of permissions controls;
- misunderstood internet connectivity paths;
- misconfigured virtualised network functions; and
- cloud systems are already being targeted.
In the event of an escalation of hostilities in the international sphere, exposed cloud systems would be a natural target. Researchers have already observed some activity of this sort, targeting cloud databases located in Russia. Some compromised databases had file names replaced with anti-war messages, but the largest number were completely wiped.
How to secure your cloud databases?
- There are several changes that can be made to help mitigate risks of data held to ransom, destructive attacks, or data leakage. They include:
- Limit permissions: Apply principle of least privilege to users and cloud accounts, thereby minimising risk exposure.
- Encrypt data: Apply strong encryption to business-critical or highly regulated data to mitigate the impact of a leak.
- Check for compliance before provisioning: Prioritise infrastructure-as-code and automate policy configuration checks as early as possible in the development lifecycle.
- Continuously audit: Cloud resources are notoriously ephemeral and changeable, while compliance requirements will also evolve over time. That makes continuous configuration checks against policy essential. Consider a Cloud Security Posture Management (CSPM) tools to automate and simplify this process.
As cloud infrastructure grows, so does the cyberattack surface and these best practices should be applied to mitigate mounting cyber risk.
T: 053 914 66 00