Insider Threats In Cloud Computing: An Approach of Common Sense
Swapnil Pawar
Driving Personal Growth and Leadership ?? | Innovating as a Cloud Security Engineer | Soon To Be TEDx Speaker | Architecting Multi-Cloud Security ???
Gartner Says Cloud Will Become a Business Necessity by 2028
In the year 2028, cloud computing is expected to transition from a disruptive technology to an essential element for sustaining business competitiveness.
However, the rapid rise of cloud usage means you need to stay alert to potential cloud security insider threats that can compromise your sensitive data and security posture.
Among the foremost security concerns for cloud infrastructure, insider threats stand out prominently. With the increasing adoption of cloud and hybrid environments by businesses, employees sending sensitive data to unsecured or misconfigured clouds risk leaving organizations vulnerable to advanced cyber threats and opportunistic attackers.
Carnegie Mellon Computer Emergency Response Team (CERT) defines an insider threat as, “the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.” Insiders can be current or former employees, contractors, or other trusted business partners. Unlike external threat actors, insiders do not have to penetrate firewalls, virtual private networks (VPNs) and other perimeter security defenses. Insiders operate within a company’s security circle of trust where they have direct access to networks, computer systems and sensitive company data.
The importance of cloud infrastructure to businesses of all sizes along with the privileged access that insiders often have means that mitigating the risk of insider threats is now high on the list of priorities for mature security teams. We will explore best practices that security teams can implement to safeguard cloud infrastructures from insider threats.
In a research on Insider Threats, the findings reveal that both negligent and malicious insider risks as well as credential theft have grown 44% in the last two years alone. Incidents involving compromised users have since racked up costs amounting to over $15 million globally.
In many of these incidents, cloud infrastructures have been the main target indicating that 52% of enterprises name cloud security as one of their greatest risks.
Cloud misconfigurations are also an important factor you should be on the lookout for:
To avoid this, the following mitigation strategies could be incorporated
Other Security Failure & Threats Impacts
Mitigation Strategies
Identifying the indicators Insider threats is a challenging task.
Looking ahead into 2024, it's evident that the landscape of cloud security threats will persist in its evolution, growing in complexity. To navigate these challenges, organizations can stay ahead by embracing a proactive security strategy.
This involves regular compliance audits (such as SOC 2, ISO27001, CCM, etc.), conducting vulnerability assessments and pen testing, and establishing a robust incident response plan (CSOC). By doing so, they can safeguard their cloud environments against the continually evolving realm of cyber threats.
Few Takeaways that will help organizations build strong security programs:
Security employee training and education
Provide training to your security teams to properly install, configure, and monitor your computer systems, networks, mobile devices, and backup devices.
Regular employee training awareness
Provide training to your regular employees to inform them how to handle security risks, such as phishing and protecting corporate data they carry outside the company on laptops and mobile devices. Require usage of strong passwords and frequent password updates. Inform employees of repercussions related to engaging in malicious activity.
Socio-Technical Approach
CERT has long advocated that insider threat prevention requires a combination of non-technical (”socio-”) and technical input, as shown in Figure 1.
A socio-technical strategy for addressing insider threats in the context of cloud computing may not directly align with the concerns of an organization focusing on a rogue administrator within the cloud provider. However, it proves valuable when examining employees who may exploit vulnerabilities in the cloud or misuse it against their employer.
领英推荐
Conversely, organizations may possess insights into crucial non-technical aspects of the cloud provider, such as their hiring processes, including pre-employment screening. Recognizing the role of pre-employment screening in identifying potential threats is pivotal for mitigating insider threats overall, benefiting both cloud service consumers and providers.
Identifying Cloud-Based Indicators of Insider Threats
There are a variety of things that an organization can look for to identify an insider threat. One of the simplest approaches is to look for unusual behavior from an end user. Many indicators suggested for cloud-based insider threats are simply reworded versions of malicious behavior indicators for non-cloud systems (i.e. access outside normal work hours, abnormal search patterns, obtaining back-door access to company data.) While these should not be discounted, identifying indicators unique to cloud environments could significantly improve the likelihood of detecting cloud-based insider attacks.
Policy Integration
How organizations can better manage discrepancies among cloud-based security policies. These may arise due to conflicts between local and cloud-based policies, different policies for each service consumed, or the use of multiple cloud service providers, each with different security policies. Other barriers further exacerbate seamless policy integration, such as differences in operating systems and less control of auditing capabilities in the cloud.
One solution would be to propose automated, easy-to-understand, and easily verifiable policy management techniques for cloud-based systems. Technologies like Security Policy-As-Code or Compliance-As-Code.
The purpose of treating these policies as code is not just to capture policies as software and data, but to automate security for consistent application across the enterprise and apply software engineering practices to them —?for instance, keeping the code under version control, and observing and monitoring policy operation.
Anecdotes and Examples of Insider Threats
In May 2022, Yahoo’s senior research scientist Qian Sang stole confidential information about Yahoo’s AdLearn product. The compromised data included 570,000 files containing source code , backend architecture information, secret algorithms, and other intellectual property.
On April 2023, Chris McGowan, Principal, Information Security Professional Practices, ISACA. A member of the Massachusetts Air National Guard was arrested by the FBI, in connection with the leaking of above top secret and classified documents that have been posted online.
Insider threats remain a top concern for cloud security. In 2023, malicious insiders will likely continue to pose a significant risk to cloud environments.
Conclusion
Within the dynamic landscape of the contemporary work environment, organizations must heighten their awareness of both malicious and unintentional (non-malicious) insider incidents.
A crucial element in securing organizations in this evolving setting is the implementation of comprehensive enterprise risk management, which encompasses an insider risk program.
We'll talk about important elements of insider threat risk management in another article.
Must Read:
I appreciate you reading The Security Chef.
Thanks for reading The Security Chef! Subscribe for free to receive new posts and support my work.