As data science becomes an increasingly pervasive part of doing business, the pressure is on for IT administrators to provide security for vital customer and enterprise data. Many of the enterprises operating today, even in industries that aren’t historically tied to the tech world, depend on robust and secure IT infrastructure to operate.
Until recently, this meant hiring a large team of IT administrators to build and manage in-house solutions including network infrastructure and on-site servers. Securing data and ensuring optimal server performance is a constantly moving target. As the technology evolves and new exploits are uncovered, your IT department would spend many of its resources keeping up with the latest challenges instead of innovations that could further your enterprise’s goals.
When it comes to the cloud, one of the largest misconceptions about is that it is inherently less secure than traditional server infrastructure. The reality is very different.
When properly configured and managed, cloud-based solutions hosted by top cloud providers such as AWS, Microsoft Azure, Google Cloud, and Alibaba create a solid security foundation for your data.
That said, there are a number of security concerns that your IT department should be aware of.
Unsecured Cloud Storage
Human error is the single greatest contributor to security issues in the cloud, so much so that Gartner predicts that 99% of cloud security failures through 2020 will be due to failures on the part of the client, not the service. Cloud services from leading providers are backed by years of security research and large, dedicated teams working to create a more secure network.
Security is a shared responsibility, however. The tools to keep storage servers such as Amazon’s S3 service secured are in place, but all too often organizations unknowingly leave their assets unsecured. Simple security features that would lock down a server are frequently overlooked, leaving the data contained within exposed for the world to see.
Recently, FedEx experienced a situation where an Amazon S3 server containing over 100,000 scanned documents including drivers licenses, passports, and security IDs was left open to the public. It wasn’t until a white hat group called Kromtech came forward and made FedEx aware of the situation that the rogue bucket was secured.
In this example, FedEx acquired a company in 2014 and the S3 server was one of its assets. After FedEx closed down Bongo International and marged it into its FedEx Cross Border service, the server was largely overlooked and left in its unsecured state for an unknown length of time.
The root cause of this breach comes down to human error and not knowing how to properly configure an S3 server for adequate security. Due to circumstances surrounding the company’s acquisition and eventual dissolution, the server went unattended.
Cryptojacking is a new trend brought about by the rise of cryptocurrencies such as Bitcoin, Ethereum, and Monero. It involves a hacker, or group of hackers, intruding in a third-party system and utilizing its resources to mine cryptocurrency.
There are two main ways this is being done. The first involves injecting malicious code onto a website which runs the mining algorithm through the browser of anyone that visits the page. This creates a situation where a visitor might not even notice that their idle clock cycles are being utilized for this purpose. The site owner may not even be aware as the code would have been placed without their knowledge or permission.
This was the case for the LA Times which had this type of code injected into an Interactive Map of City Murders. A modified script from a popular crypto site called Coinhive was discovered on the page.
Another type of cryptojacking uses a company’s cloud resources. One popular and easy method for hackers to achieve this is by an unsecured cloud storage server.
Tesla, an American automotive company founded by Elon Musk, experienced this type of intrusion after an unsecured Amazon S3 bucket served as an entrance vector for hackers to move in and plant their malicious scripts in the server. Tesla’s cloud resources were then utilized to mine cryptocurrency.
With this type of attack, it isn’t so much the company’s data the hackers are after, but the compute cycles made available to such a large organization that may not even be noticed amidst the company’s other compute processes.
It’s reminiscent of the plot of Superman III. If you add a little compute to a large company’s massive compute demand, it makes it more difficult to detect than if you’re putting a high demand on individual systems as you would with the browser-based attack.
Ransomware is a problem largely associated with traditional on-premise architecture. A malicious actor plants scripts on a corporate network or individual PC and locks down its data until a ransom is paid. The data is encrypted and rendered inaccessible to anyone except the hacker with the encryption key to unlock it.
Just last year, Britain’s National Health Service and San Francisco’s light-rail network fell victim to ransomware attacks. The attack that struck the National Health Service was part of a large global attack that infected nearly 300,000 computers. The ransomware, called WannaCry, was commonly delivered by way of email. Recipients were tricked into opening attachments that released malware into the system, resulting in the scrambling of their data pending payment of a $300 – 600 ransom by way of Bitcoin.
To date, ransomware largely targets individuals using PCs, but technologies such as artificial intelligence and machine learning have security experts concerned that the cloud will become a more accessible target.
The cloud providers themselves store massive amounts of data for numerous customers. This makes them an appealing target as a compromised cloud provider would be in possession of more valuable assets than a single company, and its existence would depend on its ability to keep its customers’ data safe.
MIT recently released a report listing ransomware as an emerging threat to the cloud. In its statement, it emphasized the increased vulnerabilities that smaller cloud providers pose by not having the advantage of a leading digital security team at their disposal.
This is one of the reasons that choosing the right cloud provider matters. Being able to distinguish the security differences between cloud providers, including their track records and upcoming security measures, is essential.
Artificial Intelligence and Machine Learning
Artificial intelligence and machine learning are frequently boasted as being the future of online security.
Services like AWS’s GuardDuty and Macie utilize machine learning to detect issues as they happen and alert users to any potential security threats. Microsoft Azure utilizes machine learning throughout its service to determine how and when an activity such as failed login attempts becomes a threat.
Services like these help Cloud providers quickly identify and respond to emerging threats as they occur. This is a very good thing for cloud providers and their users, but artificial intelligence and machine learning are not exclusive to the service providers.
The “Weaponization of AI” is a term that we’re undoubtedly going to hear more often over the next few years as governments, corporations, and malicious actors take this powerful new tool and put it to use in new ways.
One example would be the latest controversy surrounding the Cambridge Analytica scandal. A company, with access to data gathered from an online quiz, was able to compile personality portfolios of millions of users very quickly. These virtual files would tell the company who would be the most receptive to certain types of propaganda, thus maximizing its ability to influence people online.
The idea of AI being able to understand a person well enough to craft a meme or targeted messaging to change the way that person votes, or buys, or thinks about certain topics is frightening, but that same power being put towards finding a flaw in a network’s security is equally as disturbing.
For every AI application deployed by a network administrator to lock down their network, there may one day be one or more equally-capable AI devices working on the outside to find ways to get past those efforts.
The cloud is a network like any other. Top cloud providers benefit from large teams of world-class security experts and advanced security solutions that go well beyond what a typical individual enterprise can provide. This makes the cloud a more secure option for the majority of companies and government organizations operating today.
But, like any network, it requires proper configuration and maintenance by an experienced team that understands the cloud to stay that way. Choosing the right cloud provider, plan, and security options are key.
At DoubleHorn, our cloud infrastructure solutions start by getting your foundation security services right across the extended enterprise and cloud ecosystem. Leveraging the cloud with security and performance by monitoring metrics such as response times, billing, and frequency of use to ensure your bottom line is protected. Learn more about DoubleHorn’s Cloud Security Services or schedule a consultation with a Doublehorn expert.