Earlier this week the personal details of more than 10.6 million MGM Resort hotels guests were published on a hacking forum, the result of a cloud server data breach.
With this in mind, we take a look at practical steps you can take to avoid falling victim to a public cloud attack, including how Sophos can help you see and secure your data in the public cloud.
Know your responsibilities
The first step to securing data in the public cloud is to know what you are responsible for.
Pubic cloud providers such as AWS, Azure, and Google offer customers a great deal of flexibility in how they build their cloud environments.
But the consequence of all this flexibility is that they can’t completely protect your virtual network, virtual machines, or data while in the cloud. Instead they run a Shared Responsibility model – they ensure security of the Cloud, while you are responsible for anything you place in the Cloud.
Aspects such as physical protection at the datacenter, virtual separation of customer data and environments – that’s all taken care of by the public cloud providers.
You might get some basic firewall type rules to govern access to your environment. But if you don’t properly configure them – for instance, if you leave ports open to the entire world – then that’s on you. So learn what you’re responsible for – and act on it.
Watch our shared responsibility video to learn more.
Five steps to minimize your risk of attack
Whether you’re a heavy public cloud user or just getting started, here are five essential steps you should take to minimize your risk of a cloud-based attack.
Step 1: Apply your on-premises security learnings
On-premises security is the result of decades of experience and research. When it comes to securing your cloud-based servers against infection and data loss, it’s a good idea to think about what you already do for your traditional infrastructure, and adapt it for the cloud:
Stop threats from getting onto your cloud-based servers in the first place by putting a web application firewall (WAF) at your cloud gateway. Also look to include IPS (to help with compliance) and outbound content control to protect your servers/VDI.
Sophos XG Firewall protects your cloud and hybrid environments. And, with pre-configured virtual machines in Azure and AWS, you can be up and running quickly.
Server host protection
Run effective cybersecurity protection on your cloud-based servers, just as you would your physical servers.
Endpoint security and email protection
While your network may be in the cloud, your laptops and other devices are staying on the ground, and all it takes a phishing email or spyware to steal user credentials for you cloud accounts.
Ensure you keep endpoint and email security up to date on your devices to prevent unauthorized access to cloud accounts.
Step 2: Identify all your cloud assets
If you can’t see the data in the public cloud, you can’t secure it.
That’s why one of the most important factors in getting your cloud security posture right is getting accurate visibility of your infrastructure and how traffic flows through it. This will allow you to identify anomalies in traffic behavior – such as data exfiltration.
Step 3: Build a complete inventory
Build a complete inventory of your cloud estate, including server and database instances, storage services, databases, containers and serverless functions.
As well as looking at numbers of assets, also look for weak spots. Potential risk areas include:
- Databases with ports open to the public internet that could allow attackers to access them
- Cloud storage services set to public
- Virtual hard drive and Elastic Search domains set to public
Step 4: Regularly review identity access management
Actively manage user roles, permissions, and role-based access to cloud services. The scale and interwoven nature of individual and group access to services creates an enormous challenge, and attackers will exploit that gap in security.
Ensure you have visibility over all access types, and their relationships to cloud services to identify overprivileged access and review your policies accordingly. Afterall, if a hacker obtained these credentials, they could search far and wide across your cloud accounts for sensitive data.
Step 5: Actively monitor network traffic
Look for the telltale signs of a breach in your network traffic, with unusual traffic spikes a key indicator of data exfiltration.
The dynamic nature of the cloud means that traffic and assets are changing frequently, so humans generally struggle to track all these data points.
Instead use AI to harness these data sources and build a picture of what “normal” traffic is, then when activities occur outside “normal” you can be alerted instantly to unusual, and potentially malicious behavior.
Sophos Cloud Optix makes it easy for you to see all your cloud databases and workloads. It also enables you to identify potential vulnerabilities within your architecture so you can prevent a potential breach point.
Start an instant no-obligation online demo to see Cloud Optix in action for yourself.