COVID-19 is leading to a rapid uptake of cloud adoption globally. The downside to this growth, however, is that 30% of organisations are exposing sensitive content to the internet, Palo Alto Networks’ Unit 42 Cloud Threat research report learnt. This could be personally identifiable information, intellectual property, or healthcare and financial data – reflecting the struggle of enforcing proper access control for the data storage operating in the cloud.
Sean Duca, Vice President, Regional Chief Security Officer – Asia Pacific & Japan at Palo Alto Networks, shares how the cloud security landscape has changed post-pandemic, and what are the safeguards needed to protect organisations from cloud security threats.
iTNews Asia: How has the cloud security landscape changed post-pandemic in APAC?
Our Unit 42 Cloud Threat research found that globally, cloud security incidents increased by an astounding 188% in the second quarter of 2020 (April to June), as organisations experience large expansions in the size of cloud workload deployments following the onset of the pandemic. The APAC region saw the highest rate of cloud adoption globally, with a 70% increase in cloud workloads.
Across APAC and globally, we observed a spike in cloud security incidents especially in COVID-19 critical industries. Of note, cloud security incidents for the retail, manufacturing, and government industries rose by 402%, 230%, and 205%, respectively.
This trend is hardly surprising given that these industries faced great pressure to adapt and scale in the face of the pandemic—retailers for basic necessities, and manufacturing and government sectors for COVID-19 supplies and aid.
Interestingly, while cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), and Monero (XMR) grew in popularity during the pandemic, cryptojacking in the Cloud is on the decline.
From December 2020 through February 2021, only 17% of organisations with cloud infrastructure showed signs of such activity, compared to 23% from July through September 2020. This is the first recorded drop since Unit 42 began tracking cryptojacking trends in 2018.
iTNews Asia: COVID-19 has pushed many organisations to the cloud. How ready are these organisations to manage their cloud security given the increase in cloud security incidents globally?
Our research shows that cloud security programs for organisations globally are still largely in their infancy, specifically when it comes to automating cloud security and mitigating cloud risks.
- Sean Duca, Vice President, Regional Chief Security Officer – Asia Pacific & Japan at Palo Alto Networks
Moreover, we’ve seen that when an organisation's cloud workload suddenly increases, the number of security incidents also increases dramatically, often to the point that it overwhelms DevOps and Security teams. Such spikes in cloud security incidents make clear that automated security controls around DevOps and continuous integration/continuous delivery (CI/CD) pipelines often lag behind the shift to cloud.
iTNews Asia: What are the new cloud security threats to a remote workforce that organisations need to take note of?
Organisations were able to quickly move more workloads to the cloud in response to the COVID-19 global pandemic, but they struggle to automate cloud security and mitigate cloud risks.
With mass remote work, the enterprise network becomes decentralised as most applications and users will be outside the organisation. The sheer increase in the number of remote workers makes it difficult for organisations without the proper infrastructure in place to maintain remote access security.
Legacy networking and security approaches that force backhauling to corporate data centres are no longer optimal. In addition, current cloud-delivered security offerings provide limited application coverage and inadequate protection - 53% of all remote workforce threats are for non-web apps, so solutions that only protect web applications leave organisations exposed to threats.
Many companies are also using cloud services to execute operational processes like certificate management, marketing outreach and email automation services. However, this puts the organisation at greater risk of misconfigured cloud storage, and is further exacerbated by the sheer number of systems that are now linked to cloud storage, which increases the potential attack surface.
Moreover, the lack of proper security control over data may give rise to data breaches, especially with the increased scale of data stored in the cloud as a result of mass remote work. Our findings show that 35% of businesses globally permitted their cloud storage resources to be publicly accessible from the internet.
Publicly accessible data represents a particularly serious risk to businesses as anyone with the right URLs can access the data without passwords or other authentication. Such sensitive information could be at risk of being accessed or sold by cybercriminals.
iTNews Asia: What are the safeguards needed to protect themselves from cloud security threats?
Organisations have to rethink their security architecture and move towards a cloud-delivered security model that can connect any user, to any application, from anywhere.
The first step in cloud security and compliance is to gain awareness and deep cloud visibility. Organisations need to understand how their developers and business teams are using the cloud today. This means getting and maintaining situational awareness of what’s happening in the cloud environment, down to the API and workload layers.
Second, organisations should enforce security guardrails and aim to move security to the earliest possible point in the development process. One way this can be done is through consistent scanning of infrastructure as code (IaC) templates for common security misconfigurations.
Successful cloud risk management also requires security teams that are able to leverage APIs in public cloud environments to manage workload security at scale. Training or hiring security engineers who code can help to automate security processes for more effective security management.