Mohammed Al-Moneer, Regional Director for MENA at A10 Networks, argues that good identity hygiene and analytics are key to cloud security.
As cloud computing has matured, the benefits it delivers to organisations of all sizes are undeniable. Companies are enjoying agility, scale and speed like never before. And cloud adoption shows no signs of slowing.
Gartner last month forecasted that worldwide public cloud revenue is set to grow 21.4% in 2018 to total US$186.4 billion, up from US$153.5 billion in 2017.
With this huge growth in cloud adoption and the recent rash of cyberattacks targeting organisations across all industries, effective security in the cloud is paramount.
One way the cloud introduces new security risks to organisations is the underlying infrastructure that makes the cloud and cloud applications run – it consists of publicly exposed APIs.
Why is that an important distinction? Because essentially, what makes APIs useful also makes them exploitable. APIs are built with fully exposed controls to support orchestration, management, automation and integration between solutions and applications.
This level of exposure makes them a rich target for exploitation and can introduce another dimension of security challenges for businesses as it expands the boundaries that were not part of traditional on-premise perimeters that enterprises are used to.
It’s often noted that attackers will take the path of least resistance and employees – sometimes even those in IT organisations – will unwittingly help them, often by using lax identity practices.
Identity weakness is an open door
There will always be employees who fall prey to phishing attempts, surf exploited websites, use unsecured free Wi-Fi networks in public and download other sketchy material. All of this behaviour opens the door to potential attackers.
At the same time, common infrastructure weaknesses are seen by attackers as the exploit of choice to land a beachhead within an organisation, such as using an SQL query to find cached credentials or finding an unpatched, publicly exposed server to exploit.
And, of course, you have bad identity and password practices that are always enticing to threat actors – and there’s no shortage of employees who fall back to first initial-last name or password1234 as their password of choice.
Identity weakness can also open the door to full control of the API.
There’s no 100% ironclad way to prevent intrusion through exploiting identity, but you can slow them down. How? Through good identity hygiene. Below are some of the ways to implement this in your organisation.
It used to be the case that a password was the only necessary way to authenticate to a network or applications. That worked well for a while. Not anymore. Additional layers of defence are imperative. Threat actors can easily crack passwords, so the use of additional types of authentication, such as biometrics and tokens ensure tighter security.
Passphrases over passwords
We’ve seen time and time again where weak passwords are cracked. A passphrase, however, makes it more difficult. While a password is typically up to 10 letters and includes numbers and symbols, a passphrase has a much longer character length to stymie possible attackers and commonly contains underscores to separate words in the phrase.
Passphrases don’t have to be grammatically correct and they can also use numbers and symbols to make cracking them that much harder. Mamma Mia! Your passphrase can be your favourite Abba lyric, if that’s your thing.
Depreciate expired employee accounts
Leaving accounts open for former employees or for services no longer in use opens a hole that is easily exploited. A good rule of thumb is to shut down expired employee accounts immediately to dramatically reduce the chance of a disgruntled former employee accessing the network.
Monitor access logs
It sounds like a no-brainer but knowing who accesses what and when can avoid catastrophe. Monitor access logs frequently for anomalies and to ensure end-users have the correct levels of access.
The industry is currently making improvements in identity by implementing multi-context analysis strategies that include time of access, country of origin, host computer in use and other behavioural analyses to add weight to identity.
Analytics to detect anomalies
Analytics and the ability to detect security anomalies in the cloud are also imperative. Having a strong understanding of how applications are performing and their security posture can provide insight into levels of access and potentially flag a possible security issue before it wreaks havoc.
Per-app analytics and security data coupled with strong identity hygiene will help ensure your cloud and cloud applications are both high-performing and secure.