HOME
NEWS

How to Protect Your Cloud Environment From Today’s Top 5 Threats


By VARINDIA - 2023-09-27
How to Protect Your Cloud Environment From Today’s Top 5 Threats

By Lexi Croisdale, Content Marketing Manager, Varonis

 

Humans eat, sleep, and expose data. 

Just in the time it takes you to read this blog, your blast radius will expand meaningfully. As access to sensitive data expands in the cloud, so do the different ways it can be compromised.

With some of your most crucial data living in the cloud environment, how can you keep it protected? Which threats should you be most concerned about?

Let’s discuss it below:

Threat #1: Identity risk 

One of the challenges of using the cloud is the sprawl of applications that create a unique set of identities. As the cloud footprint increases, it’s a challenge for security teams to monitor and secure multiple identities in multiple spaces.

Threat actors are also evolving and targeting users specifically through various tactics, like social engineering and compromising personal accounts.

The LAPSUS$ group made headlines when they hacked major companies, including Microsoft, Okta, Samsung, Ubisoft, and Nvidia, using phone-based social engineering and SIM-swapping. The group would call IT departments and impersonate the target, bypass multifactor authentication or password resets, and gain access to the data. 

There are two steps to help determine the identities of users inside and outside of your organization who have access to your environment.

● Take stock of all the applications being used in your organization and understand the permissions involved within each of them.

● Conduct reporting on a weekly, monthly, or quarterly basis. The metrics found in your report will identify areas that need attention, such as stale users, personal account use, a jump in external users, or more admin access being granted

 

It’s also important to set parameters for offboarding employees, as stale user accounts could give former employees the ability to expose your sensitive data and give attackers an opportunity to access your environment.

 

Threat #2: Configuration risk 

A multitude of cloud applications brings a multitude of configuration settings. 

When implementing new applications, it takes time to learn how specific settings are configured by default, what the best practices are, and to distinguish if the settings for production environments differ from sandbox or dev environments.

Varonis Threat Labs discovered that anonymous users could exploit misconfigured Salesforce communities to potentially expose sensitive data — such as customer lists, support cases, email addresses, and more — to anyone on the internet. 

At a minimum, malicious actors could exploit configurations to perform recon for spear-phishing campaigns, and at worst, they could steal sensitive information about the business, including its operations, clients, and partners.

Many organizations don't realize that Salesforce, or some of the other file-sharing collaboration platforms, are built by design to share data publicly and that it’s a feature, not a bug.

Auditing your security configurations on a recurring basis can help minimise the amount of unwarranted access to your cloud environments. Some applications, such as Salesforce, also have built-in health checker tools that you can run manually.

 

Threat #3: Third-party app risk 

Third-party apps connect to your SaaS or infrastructure applications, and this often happens without oversight from security teams because users can grant themselves permissions — often without thinking twice about the access they give these apps.  

Think of trying to sign up for the latest social networking app, and to bypass filling out a lengthy form, you can simply connect it to your Gmail account, thus opening up access to your information stored within this app. 

It can be challenging to understand which apps are configured and what they have access to, which is similar to the identity risks covered in threat #1. 

There is also the risk of apps containing vulnerabilities that threat actors could exploit. Through a single click, access can be granted to these malicious applications.

As the usage of third-party apps rises, assessing our connected apps and the risks involved with them is essential. We recommend analyzing the permissions for each app and ranking their risk level as low, medium, or high. 

You can assess how many employees are using the app and their activity levels with automation or through manual reporting. For example, users who haven’t opened a high-risk app in the last six months should have their permissions revoked to avoid breaches. You may want to disconnect the app altogether if it’s not being used. 

Continually monitoring and cleaning up your third-party app library will ease monitoring and maintaining what apps have access to your data.

 

Threat #4: Cloud vulnerabilities 

Vulnerabilities in the cloud are usually not by design and could be bugs or holes in the code or application.

In 2021, our research team identified a bug in Salesforce dubbed Einstein's Wormhole, which exposed calendar events that could contain highly sensitive data such as attendee names, emails, meeting URLs, passwords, and replies being sent to organizers. Prior to the bug being patched, meeting information with potentially sensitive information was exposed to the entire internet. 

It’s important to monitor and see what’s happening inside applications, regardless of how much control you have over their coding and/or ability to fix bugs and patch appropriately. It's also important to internally educate teams about the risks involved with applications that are beyond your security teams' control.

Everyone owns a portion of the risk and should understand that the cloud is more accessible than ever.

 

Threat #5: Link/permissions risks

Most cloud applications are designed for collaboration and file sharing, which can allow end users to share data externally, organization-wide, or even create public links that could be accessible to anyone on the internet. 

While sharing links eases the ability to collaborate and distribute information, they also bring a higher risk of your data getting into the wrong hands and employees having access to information they don’t need.

A classic example of excessive permissions mixed with an insider threat is the U.S. Pentagon document leak. A junior airman had access to classified information that he shouldn’t have had access to and while there were perimeter defenses in place to stop him from downloading the data to an external source, he was able to take pictures of the content and transcribe the information. The employee then hosted the information on a Discord server, spurring a diplomatic crisis.

Having least privilege automation in place can help combat the risk involved with excessive permissions by revoking organization-wide, external, and public link access over time. 

The power of automation keeps your information secure and doesn’t require a heavy lift for security teams to constantly analyze link permissions for the thousands of users and files they create.

 

In closing 

Cloud environments are evolving quickly, and so are the threats looking to compromise them. No matter what the risk is or what the attack vector is, the goal is always the same: threats are after the data.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA