As companies move work files to the cloud to support remote workers, they often create opportunities for attackers. These are the most common mistakes to avoid.
Introduction
In the wake of the pandemic, many businesses have moved to use more cloud applications as needed, as more of us work remotely. In a survey of 200 IT managers by Menlo Security, 40% of respondents said they face growing threats from cloud applications and Internet of Things (IoT) attacks due to this trend.
There are good and bad ways to accomplish this cloud migration. Many pitfalls are not new. For example, at one Gartner 2019 meeting, two IT managers stated that their Office 365 deployment was on hold due to the need to update legacy hardware. Now, the way we use and share our home computers has changed. Our computers are no longer personal. This same computer can support your child's virtual school and your spouse's applications.
CyberArk's summer survey found that more than half of respondents save their passwords on corporate PC browsers. Of course, this does not promise anything good for any security policy.
Here are seven main mistakes that negatively affect safety, and some tips on how to avoid them.
1. Using VPN for Remote Access
With all remote workers, a VPN may not be the best access solution. Check out what happened in December 2020 with the FireEye hack. Apparently, the hacked VPN account was the starting point for the hacker to steal his tools. In the past, VPNs were the primary way to protect remote workers.
It is much better to replace VPNs with zero-trust networks, where identity is the control plane and provides the access context.
2. Building the wrong cloud portfolio
By this, I mean considering several factors. Need private clouds to keep your critical business data separate from the rest of the universe? You have a suitable OS.
Are versions available to run specific applications that depend on specific Windows and Linux configurations? Do you have the right connectors and authentication protectors to work with on-premises applications and hardware that you can't carry? If you have a legacy mainframe app?
You probably want to run it on a private cloud first and then try to find a suitable environment that is closest to your existing mainframe setup.
3. Your security policy is not suitable for the cloud
Common cloud security errors include insecure storage containers, misconfigured access rights and authentication settings, and open ports. You want to maintain constant security whether you are locally or connecting from Timbuktu Pro. You also want to be secure from the get-go, before you move a standalone app to the cloud.
Johnson & Johnson did this a few years ago when they moved most of their workloads to the cloud and centralized their security model. Help: Netflix just released an open source tool they call ConsoleMe. It can manage multiple Amazon Web Services (AWS) accounts in a single browser session.
4. Do not test disaster recovery plans
When was the last time you tested your disaster recovery plan (DR)? It may have been too long ago, especially if you were busy with the day to day problems of supporting domestic workers.
The fact that your applications are in the cloud does not mean that they are independent of certain web servers, database servers, and other infrastructure elements. Part of any good disaster recovery is documenting these dependencies and having a tutorial that covers the most important workflows.
Another important part of any disaster recovery plan is continuous testing for partial cloud failures. You will most likely experience interruptions in your work. Even Amazon, Google and Microsoft clouds experience this from time to time. Netflix was one of the first places where general chaos engineering with a tool called Chaos Monkey became popular a few years ago. It was designed to test the company's AWS infrastructure by constantly and accidentally shutting down various production servers.
Use these lessons and tools to develop your own failure testing, especially security-related tests that identify weaknesses in your cloud configuration. A key element is to do this automatically and continuously to identify bottlenecks and infrastructure deficiencies. In addition to using open source tools from Netflix, there are commercial products such as Verodin / Mandiant's Security Validation, SafeBreach's Breach and Attack Simulation, Cymulate simulation tools, and AttackIQ's Security Optimization Platform.
5. Authentication is not optimized for a portfolio with a dominant cloud service
You can have an account and access control, SIEM, CASB, or one - a login tool that was acquired in the LAN era. Now falls short of your authentication needs, a predominantly cloud-based world, and a remote access world.
Be sure to take a close look at these tools to make sure they can cover the cloud environment and your entire portfolio of applications that protect your systems. For example, CASBs do a great job of managing access to cloud applications, you might want one that can work with your specific internal custom application. Authentication-based risk management or protection against more complex and blended threats.
6. Outdated Active Directory
"Identity is now a new perimeter and data is spreading everywhere," said David Mahdi and Steve Riley of Gartner in their presentation.
“You have to give people the right access to the right resources, at the right time, and for the right reason.”
Of course, there is a lot to fix here. This means that your Active Directory (AD) may not reflect reality from both the current and authorized users list and from the current and authorized applications and servers.
The transition to the cloud will be smoother if you transfer the most accurate information.
7. Refusal to ask for help
Many Managed Security Service Providers (MSSPs) specialize in these types of migrations, and you shouldn't hesitate to contact them for help.
You may be too busy to give your full attention to migration and have inadvertently left out some important aspects. In a hurry, they moved everything to the cloud and left several backdoors open or introduced vulnerabilities.