IT and Business Insights for SMB Solution Providers

Fortifying Your Cloud: Mitigation Techniques for Cloud Security Flaws

<img src="/%3Ca%20href%3D"https://comptiacdn.azureedge.net/webcontent/images/default-source/blogs/1-22-blog-thumbnail.png?sfvrsn=b8a8df13_2"">https://comptiacdn.azureedge.net/webcontent/images/default-source/blogs/... data-displaymode="Original" alt="1.22 Blog Thumbnail" title="1.22 Blog Thumbnail"><p>The cloud has opened up massive possibilities for businesses. The ability to scale quickly without growing on-premise equipment has been a game changer in recent years. But innovation gives rise to more sophisticated problems. At the same rate that cutting-edge solutions develop, we often see an analogous rise in attacks and flaws. </p> <p>According to <em><a href="/%3Ca%20href%3D"https://www.securitymagazine.com/articles/92533-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months">Security">https://www.securitymagazine.com/articles/92533-nearly-80-of-companies-e... Magazine</a>,</em> 80% of companies experienced a cloud-based data breach in the past 18 months. While there’s no doubt that there are <a href="/%3Ca%20href%3D"https://www.comptia.org/content/infographic/8-advantages-of-cloud-computing">benefits">https://www.comptia.org/content/infographic/8-advantages-of-cloud-comput... to the cloud</a>, if you want to remain secure you have to be able to <a href="/%3Ca%20href%3D"https://www.comptia.org/content/articles/cloud-storage-options">anticipate">https://www.comptia.org/content/articles/cloud-storage-options">anticipate &nbsp;these security flaws &nbsp;and mitigate them</a> before an incident occurs.</p> <h2>Tighten Up Access Controls</h2> <p>The point of access is always a security concern when it comes to the cloud. If an unwanted person gains access to your systems or cloud-based resources, you’re faced with an automatic security concern, which could potentially be as dangerous as a full-blown data breach. </p> <p>When developing access policies think about the following:</p> <ul><li>Who has access to your data?</li><li>Who has admin access, and do they need those permissions?</li><li>How can you limit access to critical systems?</li><li>Are you quickly and efficiently revoking access for past employees?</li><li>Do you have comprehensive access policies in place?</li></ul> <p>Another related problem involves account hijacking. <a href="/%3Ca%20href%3D"https://www.comptia.org/content/articles/what-is-phishing/">Phishing">https://www.comptia.org/content/articles/what-is-phishing/">Phishing attacks</a> remain prominent. Gaining access to a user account provides prime access for anyone seeking to exploit your data. Account hijacking occurs when an attacker has gained enough info to log in as a verified user.</p> <h3>Mitigation Techniques for Access Controls</h3> <ol><li>Enable multi-factor authentication to tighten your security.</li><li>Implement stringent policies for removing access for past employees.</li><li>Educate users about <a href="/%3Ca%20href%3D"https://www.comptia.org/content/articles/what-is-social-engineering">social">https://www.comptia.org/content/articles/what-is-social-engineering">social engineering</a> tactics, <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/security-awareness-training-passwords">strong">https://www.comptia.org/blog/security-awareness-training-passwords">strong passwords</a> and phishing attacks.</li></ol> <h2>Prevent a Data Breach or Data Loss </h2> <p><a href="/%3Ca%20href%3D"https://www.comptia.org/content/guides/data-breach-response-plan">Data">https://www.comptia.org/content/guides/data-breach-response-plan">Data breaches</a> get lots of attention. A close second is data loss. The last thing you want is a headline broadcasting your less-than-desirable approach to data management. With so much data being transmitted from cloud-based systems out to devices, a data breach or data loss is certainly something that should concern your cybersecurity team. </p> <h3>Mitigation Techniques for Data Breaches</h3> <ol><li>Use a firewall.</li><li>Encrypt data at rest.</li><li>Develop a <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/security-awareness-training-incident-response-plans">sound">https://www.comptia.org/blog/security-awareness-training-incident-respon... and efficient incident response plan</a>.</li><li>Perform <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/penetration-testing-more-than-just-checking-a-box"">https://www.comptia.org/blog/penetration-testing-more-than-just-checking... title="" class="" target="">pen testing</a>&nbsp;on your cloud resources.</li></ol> <h3>Mitigation Techniques for Data Loss</h3> <ol><li>Back up consistently. </li><li>Restore your capabilities quickly.</li></ol> <h2>Secure Application Programming Interfaces</h2> <p>Cloud infrastructure use application programming interfaces (APIs) to retrieve information from cloud-based systems and send it to your connected devices. This process involves a significant amount of data transmission and is thus a common security weakness. Often breaches occur with insecure APIs when access is poorly monitored, token or passwords are reused, or anonymous users gain access. </p> <h3>Mitigation Technique for Insecure APIs</h3> <ol><li>Perform <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/penetration-testing-more-than-just-checking-a-box">penetration">https://www.comptia.org/blog/penetration-testing-more-than-just-checking... testing</a> on API endpoints to identify vulnerabilities.</li><li>Use secure sockets layer (SSL) to encrypt data for transmission.</li><li>Implement proper controls to limit access to API protocols.&nbsp;</li></ol><br>

<div class="callout green">
<h3 align="center">Get the Skills to Secure Your Cloud Environment</h3>
<p align="center"><a href="/certifications/cloud">CompTIA Cloud+</a> certification validates the skills needed to secure cloud environments. If you’re a <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/your-next-move-system-engineer"">https://www.comptia.org/blog/your-next-move-system-engineer" title="" class="">systems engineer</a>, <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/your-next-move-cloud-engineer"">https://www.comptia.org/blog/your-next-move-cloud-engineer" title="" class="">cloud engineer</a>, <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/your-next-move-network-engineer"">https://www.comptia.org/blog/your-next-move-network-engineer" title="" class="">senior network engineer</a>&nbsp;or other IT pro that manages and secures cloud environments, check out CompTIA Cloud+. CompTIA training solutions, including <a href="/%3Ca%20href%3D"https://www.comptia.org/training/books/cloud-cv0-002-study-guide"">https://www.comptia.org/training/books/cloud-cv0-002-study-guide" title="" class="">study guides</a>&nbsp;and <a href="/%3Ca%20href%3D"https://www.comptia.org/training/certmaster"">https://www.comptia.org/training/certmaster" title="" class="">CertMaster online learning</a>&nbsp;help you learn the skills you’ll use every day working in the cloud.<br><br><strong>Get started today! Learn more about <a href="/certifications/cloud">CompTIA Cloud+</a>&nbsp;and <a href="/training/resources/exam-objectives">download the exam objectives</a>&nbsp;for free.</strong></p></div>

<h2>Build a Strategy</h2> <p>Your cloud environment can quickly become complicated and disparate without a larger strategy. A hodgepodge environment can quickly become difficult to manage when ad hoc services are continually added to meet operational needs. Having a strategy from the word go allows you to more easily monitor and manage activity on your systems, making them significantly easier to secure. Don’t assume that you can just lift and shift with your entire infrastructure, or you may leave yourself open to vulnerabilities.</p> <h3>Mitigation Technique for Lack of Strategy</h3> <ol><li>Develop a cloud strategy that provides a robust security infrastructure and aligns with your business objectives.</li><li>Perform regular penetration testing to check for any vulnerabilities in your framework.</li></ol> <h2>Broaden Your Visibility</h2> <p>One of the wonderful benefits of the cloud is the ability to transfer some of the management load to a vendor. An inherent issue with the shared model is the lack of visibility into those resources. Limited visibility into your data model leaves you vulnerable in places you can’t anticipate. As the saying goes, <a href="/%3Ca%20href%3D"https://www.csoonline.com/article/3256211/you-cant-protect-what-you-cant-see.html">you">https://www.csoonline.com/article/3256211/you-cant-protect-what-you-cant... can’t protect what you can’t see</a>. </p> <h3>Mitigation Technique for Limited Visibility</h3> <ol><li>Use a web application firewall to check for anomalous traffic.</li><li>Implement a cloud access security broker (CASB) to keep an eye on outbound activities.</li><li>Adopt a <a href="/%3Ca%20href%3D"https://www.comptia.org/blog/4-pieces-of-a-zero-trust-approach-to-cybersecurity">zero-trust">https://www.comptia.org/blog/4-pieces-of-a-zero-trust-approach-to-cybers... model</a>.</li></ol> <h2>Identify Misconfiguration</h2> <p>Trend Micro, a cybersecurity firm, <a href="/%3Ca%20href%3D"https://www.trendmicro.com/en_hk/about/newsroom/press-releases/2020/2020-04-09.html">reported">https://www.trendmicro.com/en_hk/about/newsroom/press-releases/2020/2020... that misconfiguration is the number one cause of all cloud security issues</a>. Misconfiguration involves setting up any part of the computing system incorrectly. It’s difficult to anticipate what kind of security vulnerability you’ll be battling if you don’t know where the misconfiguration has occurred. Common examples include excessive permissions, <a href="/%3Ca%20href%3D"https://www.comptia.org/content/infographic/7-steps-for-cloud-technology-patching">security">https://www.comptia.org/content/infographic/7-steps-for-cloud-technology... holes left unpatched</a> or unrestricted port access. </p> <h3>Mitigation Techniques for Misconfiguration</h3> <ol><li>Implement an intrusion detection system (IDS), an automated solution that continually scans for anomalies.</li><li>Review and upgrade your access control policies.</li><li>Beef up your incident response plan.</li></ol> <h2>Protect Shared Technology</h2> <p>The shared computing capabilities of the cloud are precisely what allows you to affordably scale, but it also presents a security challenge. By sharing computing resources, you open yourself up to the possibility that a breach on the cloud infrastructure may also constitute a potential incident on your data residing on those systems.</p> <h3>Mitigation Techniques for Shared Tenancy</h3> <ol><li>Adopt a defense-in-depth strategy to protect cloud resources.</li><li>Encrypt data at rest and in transit.</li><li>Select a cloud vendor with robust security protocols.</li></ol> <p>At the end of the day, you’re more likely to be safe if you have a plan in place. After all — failing to plan, is planning to fail.</p> <p><em><strong>Get more articles like this delivered right to your inbox.&nbsp;<a href="/%3Ca%20href%3D"https://certs.comptia.org/it-career-news-blog-subscription/">Subscribe">https://certs.comptia.org/it-career-news-blog-subscription/">Subscribe to CompTIA’s IT Career News</a>&nbsp;and save 10% on your purchase of CompTIA training or exam vouchers.</strong></em></p>

About the Author

With more than 2,000 members, 3,000 academic and training partners and tens of thousands of registered users spanning the entire information communications and technology (ICT) industry, CompTIA has become a leading voice for the technology ecosystem.

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.