Cloud Service Providers and Security: IBM Research Findings
Basic security oversight issues such as governance, vulnerabilities, and misconfigurations are the top risk factors organizations must address to secure expanding cloud-based operations, a new IBM survey found.
The 2020 Cloud Security Landscape report, conducted jointly by IBM’s Institute for Business Value (IBV) and the vendor’s X-Force Incident Response and Intelligence Services (IRIS), concluded that the ease and speed at which new cloud tools are deployed can also challenge security teams to control their usage.
On security operations in the cloud. Key findings from IBM’s IRIS unit’s case studies:
- 66% rely on cloud providers for baseline security but security ownership varies by cloud platforms and applications.
- 45% of security incidents compromising cloud environments came from cloud-based applications. Cyber criminals exploited configuration errors and undetected vulnerabilities in the applications.
- Data theft was the top impact of the cloud attacks but hackers also engaged in cryptomining and ransomware.
“When done right, cloud can make security scalable and more adaptable but first, organizations need to let go of legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation wherever possible,” said Abhijit Chakravorty, IBM Security Services cloud security competency leader.
On cloud providers owing security. A separate survey from IBMs’ Institute for Business Value (IBV) found the following:
- Organizations that relied heavily on cloud providers to own security in the cloud were most often to blame for data breaches, accounting for more than 85% of all breached records in 2019.
- 73% believed public cloud providers were mainly responsible for securing software-as-a-service (SaaS).
- 42% believed providers were primarily responsible for securing cloud infrastructure-as-a-service (IaaS).
On top threats in the cloud. IBM’s X-Force incident response team’s analysis found:
- Financially motivated cyber criminals were the most commonly observed threat group targeting cloud environments.
- The most common entry point for attackers was via cloud applications, including tactics such as brute-forcing, exploitation of vulnerabilities and misconfigurations.
- Ransomware was deployed 3x more than any other type of malware in cloud environments, followed by cryptominers and botnet malware.
- Data theft was the most common threat in breached cloud environments in the past year.
- Threat actors used cloud resources to amplify cryptomining and distributed denial of services (DDoS) attacks.
“Our team has observed that malware developers have already begun making malware that disables common cloud security products, and designing malware that takes advantage of the scale and agility offered by the cloud,” said Charles DeBeck, a senior cyber threat intelligence strategic analyst with IBM X-Force IRIS.
On maturing CloudSec. An IBV survey found:
- The most mature organizations identified and contained data breaches twice as fast as the least mature organizations (average threat lifecycle of 125 days vs. 250 days).
IBM Security recommends that organizations focus on the following to improve cloud cybersecurity:
- Adopt a unified strategy that combines cloud and security operations across application developers, IT operations and security.
- Assess the kinds of workload and data you plan to move to the cloud and define appropriate security policies.
- Leverage access management policies and tools for access to cloud resources, including multi-factor authentication, to prevent infiltration using stolen credentials.
- Ensure tools for security monitoring, visibility and response are effective across all cloud and on-premise resources.
- Implement effective security automation in your system to improve detection and response capabilities, rather than relying on manual reaction to events.
- Rehearse for various attack scenarios to help identify blind spots and address potential forensic issues that may arise during attack investigation.