Network security in the cloud more important than ever
SANS Institute has released the results of a study by SANS Instructor Dave Shackleford on network security in the cloud.
The study, which builds on the SANS 2021 Cloud Security Survey, focuses on how cloud security has changed enterprise infrastructure in response to the COVID-19 pandemic and an increasingly distributed workforce.
The report finds that from 2020 to 2021, the largest cloud growth came from increased use of workforce and collaboration SaaS services.
In fact, in the wake of the pandemic, nearly 80% of businesses digitally transformed to cater to employees working remotely. This, combined with the inconsistency of government lockdowns disrupting the workforce, has resulted in businesses adopting a hybrid work model with cloud at the centre of most systems.
In addition, 67% of enterprises consider SaaS, PaaS and IaaS cloud delivery platforms as part of their network perimeter.
However, more than 16% of respondents experienced a security breach in cloud environments. The top attack vectors observed in these breaches include configuration weaknesses, credential and account misuse, and shadow IT.
The main network security controls deployed in public cloud environments are web application firewalls (WAFs), network access controls and network intrusion detection and prevention.
According to SANS Institute, supporting these statistics, since 2019 there have been a variety of vulnerabilities in cloud assets, as well as incidents involving the disclosure of sensitive data and breaches related to the use of public cloud environments.
Some notable examples include the following.
In December 2019, Microsoft reported it had accidentally exposed a large database of customer support records within Azure, blaming ‘misconfigured security rules’ for the disclosure.
Several Microsoft outages between 2019 and 2020 were significant. The first was an Azure database outage in 2019 caused by DNS configuration changes and some automation script failures. In 2020, numerous Office 365 outages caused many organisations to experience downtime and not be able to access their cloud applications and data.
In April 2021, cloud and hosting provider DigitalOcean disclosed a breach of customer billing data without providing any insight into the vulnerability that allowed it to happen.
In addition, Verizon noted in its 2021 Data Breach Investigations Report (DBIR) that external cloud assets were involved in more incidents and breaches for the first time last year.
Despite these types of security issues, more organisations than ever are moving workloads to the cloud, building applications in the cloud and subscribing to a wide range of SaaS and other cloud services.
The report looks at whether the cloud is now considered part of the enterprise network, how enterprises are using network traffic and metadata for detection and response, and whether enterprises now consider the cloud an integral part of their network and how that has changed their approach to infrastructure security.