SHINING OUR SPOTLIGHT ON ‘SECURE CLOUD ENABLEMENT
Cloud computing in the Middle East has rapidly gained momentum and is expected to be $290 million market in the UAE alone by 2020. Major technology vendors including AWS, Microsoft, Alibaba, and SAP have been quick to recognize the region’s cloud-readiness and have begun investing in the Middle East based cloud data centers. For those concerned about security, the truth is that cloud services are often more secure than standard on-premise deployments as cloud providers tend to invest heavily in security technologies that all subscribers then benefit from.
That being said, in the era of the cloud, information security teams will be presented with a new set of security challenges that will require fundamental shifts in their approach as traditional security standards and methodologies will often not be easily adaptable to the cloud consumption model.
The Target has Changed
Most importantly, we must acknowledge that the focus of cloud-related attacks has shifted. As with any endeavor, cyber criminals are keen to maximize the outcomes of their efforts. It has become apparent to them that with cloud providers investing heavily in the security of their platforms, these are now challenging targets. So, while we will no doubt continue to see the occasional data breach of large service providers that expose login credentials and the information of multiple users, the volume of cloud-related attacks will shift away from the service itself to the endpoint and the end user.
Exploiting the Endpoint
Cyber defenses tend to tail away at the endpoint as user behavior can be exploited and unpatched vulnerabilities become attack vectors. This is because endpoints are operated by users and attackers can trick them in all sorts of deceptive things- something we typically call social engineering. The endpoint also has a lot of interfaces to attack: e-mail, web-browsers, and other applications are just some of these. When we combine this with the fact that many users have far too many system rights, you have a recipe for disaster!
Another reason why the endpoint is of so much interest when aiming to attack cloud applications and data is that that more and more, traffic and even data stored on the cloud is being encrypted. It is therefore only on the client that you can be certain to see the traffic in the clear as well as get a full understanding of what happens on the client when a piece of code is executed.
User credentials are another target for attackers. Gaining these through methods such as social engineering and other ‘non-technical’ means enables cybercriminals to gain ‘legitimate’ access to the cloud services and data. Since the service perceives these users to be correctly identified via their authentication, all the security technologies built into the cloud are circumvented and attackers can carry out their objectives without raising any suspicion.
Thus, as you migrate critical-services to the cloud your organization’s endpoints will be placed at the forefront of cyber-attacks. Only the right strategy that incorporates identification, authentication, policies, and education, can place you on the path to cloud success.
Come Join Us, We Have the Solution
As the region’s trusted security advisor for over a decade, Help AG is here to help you realize all the benefits of cloud computing while safeguarding your services, data, and users. To get a detailed understanding of how we, together with our leading security vendors, can guide you through every step of your cloud transformation journey, join our Security Spotlight Forum in Riyadh, Dubai or Abu Dhabi. We look forward to seeing you at our flagship event and are sure you’ll leave with a clear understanding of what it takes for Secure Cloud Enablement.
Nicolai Solling, CTO at Help AG