Acalvio Logo

The digital transformation has been powered by several factors, the most important of which is the rapid move to the cloud. It is estimated today that 90 percent of organizations utilize some type of cloud service and that 60 percent of organizations use cloud technology to store confidential data.

In fact, approximately 83 percent of enterprise workloads are going to be on the cloud by 2020. Yet despite the benefits of the cloud, most IT professionals say that security is their number one concern when they adopt a cloud computing strategy. In fact, the move to the cloud has exposed a multitude of new vulnerabilities and weaknesses, and cyber attackers have moved aggressively to take advantage of them.

There are eight key areas in which the cloud has introduced new and expanded risk. Let’s take a look at them individually:

Data Breaches
We all know a data breach when we see one. Data breaches usually involve the exfiltration and theft confidential or sensitive data, perhaps regulated by compliance, that is stolen and accessed by an organization or individual not authorized to do so. The risk of a data breach is not unique to cloud computing, but is rather a trending topic due to many visible breaches in the cloud now identified in the media and the press.
Data Loss
Everyone is concerned about access to data and data theft, but most never really expect to have their data completely lost or destroyed. Yet this is what many organizations are facing due to new threats like the advanced ransomware as a service (RAAS). Data in the cloud can also be lost due to physical catastrophes, administrative error, and other causes. For this reason, segregated data back-up, offsite storage, and disaster recovery remain essential and even more necessary for cloud-based data.
Insecure Application Program Interfaces (APIs)
The cloud has brought many new application program interfaces for customers to use when interacting with their cloud services. Many services, such as logging, monitoring, set-up for orchestration, administration and management, and provisioning, all depend on these APIs. These interfaces are also used to set up the most sensitive security, such as encryption, that, when broken, can expose large amounts of data to exposure and theft. These APIs may extend accessible IP addresses outside of the organization and hence are subject to continual and ongoing attacks.
Identity and Credential Access Management
The biggest and most obvious problem is the protection of password data. It is expected that attackers will penetrate your networks and cloud, and, when they do, they will target passwords and authentication data. Worse yet, that authentication data tends to be the same across multiple systems – when an attacker gets into one they often get into other systems as well. One of the best mitigation techniques is to use multi-factor authentication. This can reduce, though not always eliminate, the effectiveness of this attacker tactic.
Account Hijacking
Accounts have been exploited by phishing and related attacker techniques for many years. Given the reuse of passwords, this makes this attack vector quite successful for the diligent attacker. Once an attacker gains access to these credentials, they can begin to gather more sensitive data and to manipulate many aspects of your business.
General System Vulnerabilities
Vulnerabilities have been a problem across networks for many years. The multi-tenancy advantages of the cloud unfortunately provide access to shared memory and resources, creating an entirely new attack surface. This new list of vulnerabilities continues to grow and varies by cloud provider.
Malicious Insiders
It is a fact that many data breaches are caused by malicious insiders. This creates an obvious conundrum – not all malicious activity is anomalous, and not all anomalous activity is malicious. These are the hardest attacks to discover, as insiders often have requisite permissions to move through the clouds and networks unimpeded.
Denial of Service Attacks
Denial of service attacks (DoS) are designed to shut down cloud access by flooding the servers and networks with more traffic than can be processed. The goal is to create extreme difficulties for the cloud service providers, shut down or severely slow their systems, and cause the system users concern over the lack of availability and performance.

There are also additional vulnerabilities with the use of the shared technology in the cloud, risks due to advanced persistent threats, and much more.

Given the high probability that an attacker will successfully breach your cloud platforms, the question becomes how you will detect and diagnose this attack, take steps to mitigate it, and successfully shut it down. Your goal is detection and mitigation. So long as you can interrupt the attacker’s Kill Chain, you have prevailed and your cloud will be secure.

Many of the new technologies that protect clouds focus on authentication, encryption, digital rights management, data loss prevention (DLP), and configuration analysis. In the case of configuration analysis, errors that can expose security challenges can be identified and mitigated rapidly. Most of the other forms of attack are currently only being detected by probabilistic-based approaches that attempt to analyze traffic and detect malicious and/or anomalous behavior. Unfortunately, attempts to discern the relative probability of high-risk attacker behavior can generate huge amounts of spurious alerts. Adjust the thresholds too low and attackers will slip through the system undetected. Adjust the threshold too high and there are so many alerts that triage becomes almost impossible.

Acalvio ShadowPlex deception technology was designed to protect the cloud. ShadowPlex Cloud, released in 2018, is our mature deception platform and is designed to protect cloud assets. ShadowPlex Cloud detects malicious activity within your public cloud environments rapidly and with virtually no false alerts. Deception is binary. Either you are touching a deception asset or you are not. If you do, you have absolutely violated security policy and your activity is to be considered highly suspect. The alerts generated by ShadowPlex Cloud will represent a true and present threat of the highest urgency.

Find out more about Acalvio and how deception technology can help you reduce risk and maintain compliance. We’d be pleased to introduce you to our latest technology and share information about customers that have used Acalvio ShadowPlex to protect the most health care institutions around the world.