I got an email the other day that said companies shouldn’t let security worries keep them from moving to the cloud. Ironically, the two emails directly below that particular message in my inbox were warnings about the latest security concerns within cloud computing.
Now, I’ve been writing about security and the cloud long enough to know that while overall cloud security has improved, like everything else, it is hardly foolproof. You know the bad guys are going to find ways to penetrate any barrier you put up. So, I thought this would be a good time to think about what’s happening with cloud security right now.
First, I’ll cover the interesting news. According to a new report from CloudLock, 1 percent of users are causing the bulk of your cloud security problems. That 1 percent is also responsible for 62 percent of the apps installed in the cloud. If you want to increase cloud security, you first have to narrow down who that 1 percent includes. According to the report:
Understanding the composition of this one percent of users is crucial for security teams: Often times this subset of users includes super-privileged users, software architects, as well as machine-based identities that grant access privileges and archive data.
When you have to consider that the biggest problem in cloud security is with the users you most trust, the time has come to rethink the way you approach cloud security. CloudLock CEO and co-founder Gil Zimmermann pointed out in a release that your best defense is understanding user behavior to improve cloud security, adding:
Cyberattacks today target your users—not your infrastructure. As technology leaders wake up to this new reality, security programs are being reengineered to focus where true risk lies: with the user.
That’s not to say all cloud security concerns are generated from that 1 percent. The bad guys are still on the loose, and new research from Imperva warns of a man-in-the-middle attack targeting some of our favorite cloud applications. In fact, it is being called a man-in-the-cloud attack. According to V3.co.uk, the bad guys attack “cloud services such as Box, Google Drive, Dropbox and Microsoft OneDrive” and gain entry in this way:
The research team explained that hackers are able to insert an internally developed tool named Switcher into a system through a malicious email attachment or a drive-by download that uses a vulnerability in browser plug-ins.
In an email conversation, Kowsik Guruswamy, CTO of Menlo Security, told me that while this is a novel approach, the primary infection point still follows the classic path of Web infections. And as with so many other security threats, Guruswamy explained, we end up being our own worst enemy:
As an industry, we are laser-focused on the post-breach cleanup drama. This is mainly because the ‘detection’-based products that are in the front-line are failing us.
In this case, the solution may be to consider trying an emerging approach that uses isolation and remote rendering technologies to eliminate the infection vectors. This is done by ensuring that active content from the Web never reaches the endpoint. With isolation, it doesn't matter if the content is good or bad; the endpoint never executes the content and thus is immune to evolving malware strains. And in the case of man-in-the-cloud, by never letting the initial exploit succeed, isolation technologies can simply make the problem go away.
So, I agree with the premise of that first email I received, saying that we shouldn’t let cloud security concerns get in the way of adoption. But it also helps to know which security issues are lurking out there so we can address them.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba