EXCLUSIVE WEBINAR: Microsoft Outlook Chaos Unleashed — Live Technical Analysis of new Vulnerabilities
arrow-white arrow-white Secure your spot

Here’s What's Driving the Rise In Cloud Workload Cyber Threats

Posted by Daniel Petrillo on October 22, 2020

Cloud Misconfigurations

Available anytime and capable of being run from anywhere, cloud computing provides a perfect solution to operational challenges posed by the COVID-19 pandemic. With public and hybrid cloud use rising across every sector, dramatically increased uptake of cloud technology quickly became one of the more benign changes brought about this year.

It’s also showing some longevity. Gartner expects cloud computing uptake to continue to grow even when the pandemic recedes, and overall IT spending declines. By the end of this year, the majority of workloads will be running in the cloud.

However, as cloud computing grows in popularity across all use cases, cloud workloads have never been more attractive to malicious actors. A recent McAfee report points to a 630 percent increase in attacks aimed at cloud services since January of 2020. While it is easy to point to remote working as the culprit for this increased threat level, the real picture is more complicated.

Rushed cloud migrations, misconfigured setups, and an outdated view of how security works in the cloud endanger cloud workloads just as much as remote work does. When or if the majority of employees return to the office in some form, their use of cloud-based tools is likely to persist, too. As cloud computing continues to provide a valuable way of meeting customer and enterprise demands, it’s vital to understand why cloud workloads are vulnerable to cyber threats.

More Haste, Less Cloud Security

Faced with a dramatic change to their operations, organizations as diverse as schools, local governments, manufacturers, and financial institutions have recently become cloud acolytes. However, many have done so without giving security proper consideration.

Indeed, rapid cloud migration is an important driver behind the recent rise in cloud focused threats. With only 8 percent of organizations fully understanding cloud security protocols, over 90 percent of companies are now experiencing a "cloud security readiness gap." Ultimately, this means there is a disconnect between the prevalence of cloud usage and how secure the cloud environment truly is within the organization.

This gap stems from the unmet demands that increasingly dynamic cloud environments create. As organizations use multiple clouds to run individual applications, they open up significant cybersecurity challenges. Assumptions about security controls that hold in one environment are often made redundant when the same workload deploys in another. Complex "cloud stacks," while great for functionality, can create critical cybersecurity weak points.

Another symptom of the recent rush towards cloud computing is misconfiguration. Whether through haste, bootstrapped setups, or misguided tutorials, over 230 million cloud misconfigurations occur every day. This is a substantial amount of completely avoidable errors for organizations as they transition to the cloud.

Ultimately, misconfigurations happen because, when migrating their operations to the cloud, companies often fail to properly configure essential steps like admin permissions on user roles . As such, cloud users are usually allowed far greater permissions than they need, a mistake which enables cybercriminals to more efficiently propagate their attacks throughout a cloud user’s network.

The Understanding Gap in Cloud Security

Another reason why attacks on cloud workloads are on the rise is a lack of understanding about how cloud workloads and cloud security functions. This harkens back to organizations falsely equating cloud workload security architecture with on-site deployment.

Back when organizations ran all of their workloads locally, the responsibility for deployments could be directly traced back to the end-user or the system admin. Security was also application-specific.

In the cloud, the security landscape is a lot different. Rather than focusing on a single application doing a specific piece of work, security controls need to envelop an entire cloud workload and not only an application. This challenge is compounded by many users' uncertainty about where their security responsibility lies in the shared responsibility model that public clouds use.

When assessing their cloud security, organizations can also fail to grasp what a cloud workload is and how it differs from a "traditional" application. Rather than just a discrete collection of code designed to perform a specific function, a cloud workload contains all of the necessary network resources and data for the application itself to function.

Therefore, providing adequate cybersecurity for cloud workloads requires a strategic understanding of the “perimeter-less” nature of cloud environments. As well as making a workload itself secure, users need to ensure that all components and environment configurations are free from vulnerabilities, too. With the increasing complexity of hybrid and multi-cloud environments and attackers' ability to bypass controls like application whitelisting, cloud workloads demand a focused approach to cybersecurity.

Many users also see cloud environments as naturally more secure and, as a result, fail to adhere to basic cybersecurity protocols. According to a study by Orca Security, over 80 percent of companies have at least one neglected, internet-facing workload and nearly 50 percent of cloud users have a server that is at least six months overdue for a patch.

Changing Cloud Security Priorities

With cloud use becoming ubiquitous, cloud security is understandably moving up the list of priorities for cybersecurity professionals. A recent survey of CIOs reported that 86 percent of respondents now view security as a budget priority, with 68 percent placing the cloud as a higher budget priority than they did last year.

However, while many CIOs might give more priority to cloud security, they are not necessarily planning to spend more money to do so. Over the next twelve months, Gartner estimates that global cybersecurity budgets face as much as $6.7 billion in cuts. Even with a growing attack surface, potentially tighter economic conditions are leading companies to consider how they can secure cloud environments without straining their budgets.

Cloud Security Needs a Proactive Approach

While it's difficult to predict much of what might happen in the next twelve months, the extent to which organizations lean on cloud environments is unlikely to decrease. Even with increased security concerns among executives, it's likely that the security threat cloud workloads face will rise further.

To secure cloud environments, companies need to take a proactive approach. This means understanding how cloud security functions, grasping the extent of the threat environment and using cybersecurity tools that provide comprehensive protection against threats like fileless attacks without straining cloud networks. By providing a "set and forget" moving target defence layer, and allowing comprehensive monitoring of servers and workloads, Morphisec can help cloud users strengthen their security posture against known and unknown threats.

cloud workload protection guidebook