Stuart Green is a Cloud Security Architect for Check Point Software Technologies Ltd. Green is currently working with customers and channel partners to build security into cloud architectures of all sizes, automating everything, everywhere! With over 15 years of IT security experience across multiple areas including cloud, networking, security testing and software development, he is enthusiastic about all technology and understanding what makes it work (especially if that involves a screwdriver or a soldering iron).
What have you seen in the way of cyber criminals hitting cloud-based apps?
In many ways, cloud applications are as vulnerable to traditional cyber criminal techniques as applications in data centers. Most applications are web-based or have a mobile app that connects to the same infrastructure via an API.
A large number of breaches come from vulnerabilities in the application itself, rather than the underlying infrastructure; so existence in the cloud or a data center makes little difference. The public cloud does introduce additional attack surface however. Some of the common targets are identity systems and poorly configured services.
Identity management can be a complex and time consuming component to get right. When configured well, it helps achieve the principle of least-privilege and limits the blast-radius of any service that might be compromised through other means.
When poorly configured and too permissive, it’s an easy target for attackers. An example of both of these can be seen with Magecart (the group behind the British Airways skimming attack in 2018). They adopted a new technique that involved scanning for websites hosted in poorly configured cloud storage ‘buckets,’ where they could directly upload malicious code.
Why go through all the effort of scanning and enumerating targets when you can quite easily just upload your malicious code straight to the web server with no authentication?
Have you seen recent cases of mobile-focused, cloud-based virtual data exploits?
Many mobile applications share the same infrastructure as their web-based counterparts; either directly embedding the web content in an in-app browser, or leveraging the same APIs. Mobile app developers often feel protected by the perception that their source code isn’t as freely viewable as with a web application. Most mobile apps can be taken apart fairly easily, giving malicious actors insights into the databases and file servers that the app communicates with.
In some cases, it’s this impression of obscurity that results in developers being slack with securing these backend components. Open databases and file storage facilities are frequently found by attackers who can literally browse the entire dataset with no limitations (take a look at https://buckets.grayhatwarfare.com/random/files for example).
How can organizations ensure continuous cloud compliance with established security baselines?
Public cloud platforms are feature-rich environments with multiple moving parts across multiple geographies. Keeping track of what services and features are in use, let alone how they are configured, is a common challenge with cloud. Visibility is a fundamental part of making sure you have control of your cloud presence; if you can’t see it, you can’t control it. Using a Cloud Security Posture Management (CSPM) platform can remove a lot of the heavy-lifting from this problem with pre-defined rules for best practices or more rigid controls like GDPR or PCI-DSS.
Can these measures ever get in the way of cloud-based agility?
Generally, these tools are first implemented in a ‘read-only’ capacity, giving possibly the first broad-reaching view of what assets exist in an organisation’s cloud presence. In this approach, it’s very much acting as an automated trusted advisor highlighting areas of concern rated by severity. More mature cloud users can embed this technology as a guardrail, which allows their development team to deploy as quickly as they like, provided they meet the security requirements of the organisation. Agility doesn’t have to come at the cost of security!
How can something like Check Point’s integrated cloud security services help?
Check Point’s CloudGuard platform has technologies to help address concerns in many areas of cloud. Ranging from Cloud Posture Management to give you visibility and autonomous control of your cloud operations, through to CloudGuard Workload, giving you protection for your container and serverless deployments.