The use of cloud computing applications has grown significantly in the last two years as the Covid-19 pandemic forced many organisations to adapt to remote working.
Many of those businesses may never go back to being fully on-premises, either because they are switching to a permanently remote model or a hybrid model where employees balance their time between working remotely and working from the office.
While this has brought benefits, the increased use of cloud applications and services also brings security risks. Employees can now access corporate applications from anywhere -- and that can be exploited by cyber criminals.
A successful phishing email attack, or a leaked or easily-guessed username and password, could provide an attacker with access to a user account and a gateway to the entire network. And because the user is remote, potentially malicious activity might not get picked up until it's too late, if at all.
Hybrid cloud is becoming increasingly common in enterprises, because using multiple different public and private clouds can provide benefits when it comes to agility and combining different providers to optimise environments and workloads throughout the organisation. There's also the benefit that if one cloud service suffers an outage, the business can keep operating, because there's the ability to keep running from multiple services.
But just as cloud usage brings additional security risks if not managed correctly, this is multiplied in a hybrid cloud environment.
"This complexity and these differences can lead to the opportunity for adversaries," says Kevin Bocek, VP Security Strategy and Threat Intelligence for Venafi.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The ease of setting up cloud computing accounts means it can be done by anyone -- developers, administrators or other IT staff. This can be often be done without the involvement, or even knowledge, of security teams.
"We're dealing with this new environment where security teams don't have control, and they have to really change the way that we've been trained for the last 20 or 30 years," says Bocek.
Some organisations, when deploying cloud based services, may believe that the security element is handled entirely by the vendor, when this often isn't the case.
That can lead to misunderstandings about configuration and issues surrounding the security of potentially internet-facing services -- and the data that could be exposed if such services aren't secured properly.
"What we've observed during our investigations is also a lot of misconfiguration in the cloud, and it's coming back to the lack of skills, and ability for the people to really understand what they are doing. They are just clicking 'next', and they are not really looking at what they're doing. At the end of the day, they might expose interesting information for the attacker," says David Grout, EMEA CTO at Mandiant,
As a cybersecurity company, Mandiant is often called to investigate security incidents, a quarter of which involve public cloud assets. Like any other software, cloud-based platforms need their security managed -- and that starts with applying patches and security updates as soon as possible after they become available.
That's because, just like other software and applications, vulnerabilities can be uncovered in cloud suites. And once they've been disclosed, cyber criminals and other malicious attackers will attempt to exploit unpatched instances -- and it's the responsibility of the cloud user, not the vendor, to actually apply these updates.
"People think that they will be covered by the cloud providers, but at the end of the day, the applications are yours and you need to manage the patching," says Grout.
In order to manage and patch, security needs to be aware of what software and services are being used. If IT is procuring multiple cloud services, it can be difficult to keep track, but knowing the extent of the infrastructure is key when it comes to keeping it secure. This applies to cloud services too.
"If you have a multi cloud platform -- or even a single cloud strategy -- at the end of the day, you need to find a way to collect all the information in one single platform," says Grout.
One of the most important things that can be done to stop attacks is to apply multi-factor authentication to all users of all cloud services. That additional barrier can protect against the vast majority of attacks that attempt to steal identities required to access cloud services.
MORE ON CYBERSECURITY