This is right! I did it! I Hacked the Cloud…..
It was really difficult as there were a lot of motion monitoring heat sensors and Lasers that I had to breach before I could move into the cloud environment. As a matter of fact, I had to use all my ninja stars, google-fu, and unicorn dust in order to achieve my hack.
This is pretty much the idea people have when they hear someone hacked “The Cloud”. It is a common misconception as the cloud companies have done a great job on selling this idea of security. Let us take a step back for one moment and evaluate what actually makes up “The Cloud”. Short answer – It is someone else’s computer. Another example, of The Cloud, would be if you had your neighbor store your important paper documents in his house and when you needed them, you would have to ask your neighbor to give you access– with a monthly fee. Pretty simple right!?
All right, let’s talk security.
Now that we have a good foundation of what “The Cloud” is, let us talk about it when it comes to security. Look I know everyone knows that the cloud is super safe-ish. See hyperlinks below.
Okay well not super safe but a decent place to start when wanting to offload risk, IT costs and maintenance. From my experience in dealing with cloud companies, security is their last concern as this does not necessarily make them money. Hence the focus on providing more features, backups and IT cost savings. The Cloud is only as safe as the platform it was built on. So, if the virtual machine you are working on is vulnerable (Windows Exploit) are you, as a customer, going to know about it? The answer is NO, and trying to hold the vendors’ feet to the all mighty patch Tuesday will not work either.
Let’s take it a step further though… What if the cloud platform was secure and all vulnerabilities were patched, what is the risk then? Well, the risk is YOU. Think about it for a second, let us just say that your system is compromised and then you make that “secure” connection to the Cloud. Since your computer has been compromised by a Trojan virus, the virus has not only stolen all of YOUR usernames and passwords, but has the same access to ALL of your data in the cloud (a typical hacking technique these days is for a hacker to visually record an employee making financial transactions, then later repeating those same steps at a later date in order to steal money).
So what can you do to protect this from happening to your business? First off, you need to ensure that your cloud provider has been appropriately audited and fully vetted by an internal or 3rd party Security Consultant. Next you need to have a full deployment and update maintenance scheduled to handle all anti-virus upgrades on your computer and mobile devices, connecting to the cloud environment. Lastly, you need to ensure that your network environment is clean by installing an intrusion prevention system (IPS). An IPS will not only protect your computers but block malicious virus’ connecting to your cloud environment and exfiltrating your data.
If you desire to know more about Security Consulting, Intrusion Prevention Systems, Cloud Security or Anti-virus enterprise deployment please reach out to our Security Engineers today.