In the past couple of months, work from home has become a new norm that is here to stay. While there are news abuzz that many companies will continue to have their employees work from home, corporates has rushed towards deploying cloud tools at a never-seen faster pace. However a new search by IBM Security shows that controlling the usage of these cloud tools are one of the top challenges and threats impacting cloud security. According to IBM survey data and case-study analysis, basic security oversight issues, including governance, vulnerabilities and misconfigurations remain the top risk factors organizations should address to help secure increasing cloud-based operations.

Kicked by the need of the hour, businesses are rapidly moving to cloud to accommodate their remote workforce demand, but many of them have put security on the backseat to expatiate the process. Hence there has been a number of reports on the increasing cases of cyber and ransomware attacks. It is important for the organizations to make this transition with security to manage risk and avoid any undue circumstances or ransomware attack.

Prashant Bhatkal, Security Software Leader, IBM India/South Asia, asserts, “While companies have been slowly moving to the cloud for years, the global pandemic has served as a forcing function for businesses to drastically accelerate their cloud adoption. The pandemic has created a premium on agility, which the cloud and associated services can provide. Businesses need the ability to adapt quickly and access tools and systems remotely, making cloud the inevitable solution for the ‘new normal’. While agility is essential, rapid technology shifts lead to new opportunities for cybercriminals. In the case of the cloud, we are moving to a very flexible and dispersed IT landscape that is easy to deploy and scale, but more complex to manage and control. As the rapid move to the cloud has likely exacerbated these challenges, companies must quickly re-evaluate their security policies for the new normal. Customers in India before the pandemic focused around on-prem deployments of critical applications and data. As they started moving to SaaS-based offerings in the last couple of months to allow availability and access to data anywhere, they realized the need to re-imagine their security posture. We are working with clients to help migrate their mission-critical workloads to Cloud by ensuring security is baked in at every level. We are partnering with customers on how they can shift their security approaches to protect increasingly dispersed, hybrid-cloud environments. Cloud today is a key enabler in providing secure environment to applications and data across various platforms”.

The IBM survey says that while the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources can also create complexity for IT and cybersecurity teams.

According to IDC, more than a third of companies purchased 30+ types of cloud services from 16 different vendors in 2019 alone. This distributed landscape can lead to unclear ownership of security in the cloud, policy blind spots and potential for shadow IT to introduce vulnerabilities and misconfiguration. Hence it becomes important for companies to get a better picture of the new security reality when its fast adapting hybrid, multi-cloud environments. IBM Institute for Business Value (IBV) and IBM X-Force Incident Response and Intelligence Services (IRIS) examined the unique challenges impacting security operations in the cloud, as well as top threats targeting cloud environments. The survey found that 66 percent of respondents say they rely on cloud providers for baseline security, yet perception of security ownership by respondents varied greatly across specific cloud platforms and applications.

The cloud holds enormous potential for business efficiency and innovation but also can create a wild west of border and more distributed environments for organizations to manage and secure.

Major Threats in the Cloud
Data Theft, Cyptominig and Ransomware are the three major challenges/threats for the businesses. Financially motivated cybercriminals were the most commonly observed threat group category targeting cloud environments in IBM X-Force incident response cases, though nation state actors are also a persistent risk. The most common entry point for attackers was via cloud applications, including tactics such as brute-forcing, exploitation of vulnerabilities and misconfigurations. The survey states that vulnerabilities often remained undetected due to ‘shadow IT’, when an employee goes outside approved channels and stands up a vulnerable cloud app.

Ransomeware was deployed three-times more than any other type of malware in cloud environments in IBM incident response cases, followed by cryptominers and botnet malware. Outside of malware deployment, data theft was the most common threat activity IBM observed in breached cloud environments over the last year, ranging from personally identifying information to client-related emails.

But how can businesses secure their cloud infrastructure? While the cloud revolution is posing new challenges for security teams, organizations who are able to pivot to a more mature and streamlined governance model for cloud security can help their security agility and response capabilities. The survey says that maturing CloudSec can lead to faster security response. It found that responding organizations who ranked high maturity in both Cloud and Security evolution were able to identify and contain data breaches faster than colleagues who were still in early phases of their cloud adoption journey.

To help improve cybersecurity for hybrid, multi-cloud environments, IBM suggests to establish collaborative governance and culture, take a risk-based view, apply strong access management, have the right tools, automate security processes and use proactive simulations.

45 percent of incidents in IBM X-Force IRIS cloud-related case studies found that the most common path for cybercriminals to compromise cloud environments was via cloud-based applications. In such cases, cybercriminals took advantage of configuration errors as well as vulnerabilities within the applications, which often remained undetected due to employees standing up new cloud apps on their own, outside of approved channels. While data theft remained the top impact of the cloud attacks studied, hackers also targeted the cloud for cryptomining and ransomware using cloud resources to amplify the effect of these attacks.

Abhijit Chakravorty, Cloud Security Competency Leader, IBM Security Services, says, “The cloud holds enormous potential for business efficiency and innovation, but also can create a wild west of border and more distributed environments for organizations to manage and secure. When done right, cloud can make security scalable and more adaptable – but first, organizations need to let go off legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation wherever possible. This starts with a clear picture of regulatory obligations and compliance mandate as well as the unique technical and policy-driven security challenges and external threats targeting the cloud.