As we discussed in a recent webinar on Microsoft Azure security considerations, Azure’s consistent innovation provides great value but requires enterprises to stay up to date on sophisticated and evolving threats.
Azure environments are constantly at risk from cybercrime or companies are encountering internal security issues due to misconfigurations and mismanagement. For example, App developer Probase left an Azure blob, containing files with personally identifiable data, wide open. It was discovered that UK-based app developer Probase exposed information - including medical records, recruitment data, occupational health assessments, insurance claim documents and more - via an unsecured cloud database. The news was first broken by The Register, which was tipped off by cybersecurity researcher Oliver Hough. The publication, investigating the matter, found that 587,000 files were left in an unprotected Azure blob. Any malicious actors that knew where to look would have been able to find and access the database with ease.
Making matters worse, research from McKinsey shows that insider threats are present in 50% of cyber breaches — and 44% of root causes can be attributed to negligence. Oftentimes, breaches occur when inexperienced or understaffed IT teams are asked to handle large-scale cloud migrations.
Suffice it to say that Azure can be incredibly complicated. If you’re new to the platform, it’s very easy to make small mistakes that can lead to catastrophic consequences.
With all this in mind, let’s take a closer look at some of the leading Azure security issues that were discussed in the webinar to give you a better idea of what you can do to protect your cloud environment.
Azure has made significant investments in security to protect its platform from intrusion. However, the possibility always exists that an attacker could compromise an element in the Azure platform and either gain access to data, take an application running on the platform offline, or permanently destroy data. An attacker only needs to find one misconfiguration to get in, while a security team needs to keep track of all of them, all the time.
The average enterprise experiences 11 insider threats each month, and one-third are privileged user threats. These incidents can include malicious and negligent behavior ranging from taking actions that unintentionally expose data to the internet to employees stealing data.
According to the Verizon Data Breach Investigations Report, 63% of data breaches, including the breach that sunk Code Spaces, was due to a compromised account where the malicious actor exploited a weak, default, or stolen password. Misconfigured security settings or accounts with excessive identity and access management (IAM) permissions can increase the potential damage.
Gone are the days of a limited selection of manageable data stores (e.g., Oracle, IBM, and MS SQL). Innovations in agile cloud development have led to an explosion of new data store options, with teams utilizing Amazon MongoDB, Elasticsearch, CouchDB, Cassandra, Dynamo DB, HashiCorp Vault, and many, many more. Adding these to object stores, like Microsoft Blob, makes it self-evident that new corporate infrastructures do not have a physical or logical concept of a ‘data center.’
This innovation can create cloud sprawl, where an organization has an uncontrolled proliferation of its cloud instances, services, or identities. Cloud sprawl typically occurs when an organization lacks visibility into or control over its cloud computing resources.
With container orchestration, the typical lifetime of a container is 12 hours. Serverless functions - already adopted by 22% of corporations - come and go in seconds. Data is the digital era’s oil, but the oil rigs are ephemeral and countless in this era. Spot instances, containers, serverless functions, admins, and agile development teams are the countless fleeting rigs that drill into your data.
The news is filled regularly with attacks on misconfigured cloud servers and the leaked data that criminals obtain from them. Misconfigurations are the natural result of human error. Setting a cloud server with loose or no credentials and then forgetting to tighten them when the server is placed into production is a common mistake.
Network firewalls don’t help you when it comes to the public cloud. Attacks on applications more than doubled, according to the 2020 Verizon Data Breach report. Keeping track of which users can access an application manually creates risk. You can’t detect common privilege escalation attacks across your infrastructure manually. Also, you can create risk by giving too many admin rights to virtual machines and containers.
Microsoft Azure has built a set of security controls for its customers to use across Azure services, and it is up to the customer to make the most of these built-in capabilities. Here are best practices security experts recommend you follow:
There’s a lot to unpack here, and the truth is these are just a few issues you need to watch out for when using Azure.
If you have questions about protecting your cloud environment, don’t hesitate to reach out. Sonrai’s team of security experts are standing by to help you succeed in the cloud-first era with Microsoft Azure.