2021 was the year cloud migration accelerated to warp speed, fueled by the COVID-19 work-from-home mandates that swept across the world almost overnight. It is now clear that business will never go back to the way it was conducted before the pandemic. Since the cloud is necessary for working from home, it is no surprise that attackers will “go to where the money is” and double down on targeting cloud infrastructures in 2022.
Here are three cloud-based security predictions for the year ahead.
1. Supply chain attacks
Hackers will focus on new ways to breach the cloud and target weak links in supply chains as an entry point to compromise well-protected downstream assets. A supply chain attack is when hackers use a third-party product to gain a foothold in your environment. The SolarWinds incident was a harbinger of things to come.
SolarWinds is a popular IT management product installed in thousands of companies. In 2020, it was hacked. Hackers infected SolarWinds with malware so that when companies downloaded the latest SolarWinds update to their network, they also downloaded the malware, giving the hackers access to their networks as well.
A way for businesses to protect themselves against such an attack is to reduce the access that third-party products have to their valuable cloud data and resources.
2. Cloud breaches
Every organization will experience at least one cloud breach. Therefore, businesses should focus on reducing their attack surface and containing the size of the blast when an incident occurs. Cloud businesses will be able to reduce such attacks by investing in tools that provide visibility into cloud identities and their activity. This can give a clear picture of the potential damage following a breach so companies can respond quickly to mitigate any harm done and communicate it effectively with stakeholders.
Additionally, companies in the building stage of their cloud migration will suffer more breaches than those in the optimization phase. Since they have not yet had a chance to test their security defences, they are more vulnerable than companies in a more mature phase of cloud migration. So, companies in the building stage should therefore be focused on securing their infrastructure. Young companies that were “born in the cloud” (a.k.a don’t have any legacy IT infrastructure on-premise) have an advantage here since they understand that protecting their applications and data is their responsibility, not that of the cloud provider’s. They, therefore, have no choice but to prioritize it. A way to prevent such attacks is to plan and build security controls for identities, access, and configurations into your cloud migration roadmap. This will allow you to have a strong foundation in place to keep your cloud data safe, instead of constantly retroactively securing your cloud environment.
Moreover, Zero Trust initiatives, which is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by requiring continuous validation at every stage of digital interaction, will accelerate even though the term will begin to lose its lustre due to overuse. Even without a catchy buzzword, enforcing continuous security policies on “who can access your resources and data” is the most important principle for securing cloud infrastructures. To enforce Zero Trust and eliminate unnecessary access privileges in the cloud, you need to manage network policy, identity, access permissions, and resource configurations. So, companies should invest in technologies that provide comprehensive visibility into all three.
3. Beware of machine and service identities
Machine and service identities, which are non-human identities, will emerge as cloud security’s Achilles’ heel. As more and more organizations improve the security of their human identities with multi-factor authentication (MFA) and single sign-on (SSO), attackers will target machine identities. As the cloud is full of service and machine identities (applications and compute resources that need to communicate with each other to run) their identities and permissions are already being exploited in virtually every cloud breach to move laterally or access data.
Since machine and service identities are typically created by developers, they are outside the purview of security teams. This must change if companies want to keep their machine and service identities safe. In light of the current shortage of qualified security experts, companies should consider adopting software that can be a force multiplier for security organizations by identifying, prioritizing, and automating the remediation of risk associated with machine identities and their entitlements.
2022 will see the continued acceleration of cloud migration and as companies complete the first stages of development, they will be able to turn their attention to security. At the moment, there is a security gap - and hackers are taking advantage of it. By focusing first on preventing hackers from accessing data, organizations can improve their cloud security posture significantly– before it's too late!
Written by Shai Morag, CEO of Ermetic