The Technology Headlines DEMAND FORCASTING & AI | Page 8

EXPERT ANALYSIS
THE TECHNOLOGY HEADLINES
OUT IN THE OPEN - THREATS TO A CLOUD ENVIRONMENT
By Ranulf Green ,Context Information Security
Ranulf Green
CONTEXT INFORMATION SECURITY
S3 buckets are well known and have been blamed for high
profile breaches with the likes of Facebook, GoDaddy and
Verizon. However, the risks associated with exposed AMIs,
SQS queues, or mis-configured CNDs, load balancers, API
gateways and firewalls that leave cloud resources publicly
exposed are less familiar. But they are all weaknesses that
Context researchers have found with simulated attacks
during penetration testing engagements.
Here is a list of things you need to consider if you are
migrating your applications and sensitive data to the cloud.
The human factor
M
igration to the cloud shows no signs of slowing
down, with the latest figures from a market survey
by RightScale showing that adoption rates have
hit 91% of respondents. Multi- or hybrid-cloud seems to be
the primary enterprise strategy,but public cloud investment
spend has also seen a 24% increase in 2019 vs 2018.
Whatever your cloud strategy is, when deploying into the
cloud you’re putting your processes, intellectual property
and customers’ data outside of the physical and logical
boundaries of your traditional on-premise environments.
Public cloud providers are holding your assets in data
centers that you don’t controlon hardware that is most likely
shared with other companies. The secrets in the name – your
resources are in the ‘public’ cloud and if you let them be
public, they will be.
Some of the security risks of migrating to the cloud are well
documented. For example, the dangers of publicly accessible
AUGUST 2019
One successful spear-phishing attack shouldn’t be able
to bring down your entire cloud environment. How are
accounts configured, what privileges are assigned and how
are actions monitored? These are all key questions to answer
in order to know what the impact of a successful account
compromise could be.
The hybrid / multi-cloud
If you want your in-house services to be able to communicate
with the cloud via a permanent link, you have to add BGP,
overlay networking and/or site-to-site VPNs to your list of
things to think about.
If you want to diversify your estate and be able to deploy to
multiple cloud providers with the flick of a switch, how will
inter-cloud communication work if systems in one cloud
provider need to talk to systems in another cloud provider?
Will this be via the Internet, or internally using your on-
premise network as an intermediate hop? What about an
overlay network, using one subnet to bridge across multiple
8