Cloud-native adoption has risen in the past few years, which powers today's digital IT infrastructure. According to Flexera's State of the Cloud Report 2022, 50% of enterprises have their workloads and data stored in the public cloud. Gartner even forecasts that the spending on cloud services will grow by 20.4% in 2022.
However, many people, including enterprises, do not prioritize the security aspect of cloud-native infrastructure. Many believe that the cloud provider has taken care of the security on behalf of the customers where the default configuration is already secure enough from having security incidents in the cloud.
This blog will discuss why securing cloud-native infrastructure is necessary for enterprises.
What Is Cloud-Native Infrastructure?
Cloud-native infrastructure is essentially a collection of hardware and software that make a cloud support applications on the cloud, i.e., cloud-native applications, run effectively and efficiently. It can manage the available resources to be scaled vertically or horizontally to serve the resources necessary to run cloud-native applications.
It has many benefits compared to traditional infrastructure, including on-demand scalability, pay-as-you-go pricing, and rapid deployment. This would allow cloud-native applications to be automated, resilient, scalable, and agile without the need to care for the underlying infrastructures using containers and microservices models. This is one of the many reasons why more and more workloads and data are migrated from traditional infrastructure to cloud-native infrastructure. According to the Cloud Native Computing Foundation's State of Cloud Native Development 2021, there was a 67% increase in Kubernetes usage over one year, where 4 million cloud-native developers are using serverless architectures and cloud functions for their applications.
Importance of Cloud-Native Security
Cloud security has become an integral part of cloud-native application development, where traditional security measures might not be suitable to secure cloud-native infrastructure. There are many resources and services of cloud-native infrastructure used as the foundation of a cloud-native application, the cloud-native application needs to be infrastructure agnostic, and the security measures for cloud-native infrastructure need to be integrated early into the application's development lifecycle or "shift-left" paradigm.
There are three main reasons why it is essential to secure your cloud-native infrastructure:
Rising Number of Cyber Attacks on The Cloud
The number of cybercrime is rising over the years, and according to ThoughtLab, in 2021, the average number of cyberattacks increased by 15.1% from 2020. Additionally, with more organizations migrating their infrastructure and data to the cloud, 20% of all cyberattacks target cloud-native infrastructure, making the cloud the third most-targeted environment in 2020.
With many variants of cloud cyber attacks in recent years, here are two of the most common cyber attacks related to native cloud infrastructure.
- Ransomware attacks: Ransomware is malware that encrypts the victim's files and locks out access to the infrastructure. The aim is to demand a ransom payment for decrypting the files and gaining back access to the infrastructure. The attacks are often carried out by email, where the criminals send malicious attachments or links to victims, and the unsuspecting victims access the attachments that would give access to the hacker to the infrastructure.
Verizon's 2022 Data Breach Investigation Report shows a 13% increase in ransomware attacks from 2020. The ransomware attacks can devastate organizations ranging from unavailable services and reputation loss to access loss to critical data and infrastructure. In March 2021, the Chicago-based company CNA Financial was the victim of a ransomware attack that cost them $40 million in exchange for the key to unencrypt its files and data. Hackers entered the network with ransomware that masqueraded as a browser update which enticed the employees into downloading it before it moved laterally across the network.
- Privilege escalation attacks: A privilege escalation attack is a type of attack that tries to gain higher privileges than the assigned privileges to the identity. The aim of the attack is for the identity to gain unauthorized access to the resources. The attack can be caused by several causes, such as the leakage of root or privilege credentials to unauthorized users and the misuse of overprivileged credentials. In a survey conducted by Centrify, 74% of IT decisions are affected by the privilege abuse attack.
In 2018, Marriot suffered from data breaches of 500 million customers' data. It was discovered that unauthorized access to the Starwood reservation system that has been happening for four years would allow unauthorized people to access and leak the customer's data, which ultimately makes the incident one of the most significant data breaches in the world.
Data is one of the most important and valuable assets for organizations as it might contain confidential and personal information of the organization, the employees, and customers. Therefore, protecting the data from unauthorized users is a priority for the organization where the number of data breaches or leakage incidents has been increasing over the years. According to IBM's Cost of a Data Breach Report 2022, 45% of data breaches are happening on the cloud, where the average total cost of a data breach is USD 4.35 million.
Verizon's 2022 Data Breach Investigation Report states that 13% of data breaches are caused by misconfigured cloud storage. The cloud storage might be configured without the correct access control, allowing unauthorized users to access the stored confidential data. Additionally, the personal data might be stored in unencrypted form, where the 2022 Thales Cloud Security Report mentioned that only 11% of the respondents encrypted their data. Even though cloud providers have tried to make the default configuration more secure, the number of data breaches from the misconfigured cloud has been increasing rapidly since 2018. For example, Pegasus Airlines recently publicly exposed 6.5 terabytes of data that included personal information of the passengers and the company. This is due to the AWS S3 Bucket used to store the information being misconfigured, which would allow anyone to access their data.
Compliance with legal regulations or best practices is one of the major topics the organizations are interested in, particularly security standards and best practices. Depending on the industry, organizations might be subject to different security compliance requirements, for example, Health Insurance Portability and Accountability Act (HIPAA) for American healthcare organizations, Payment Card Industry Data Security Standard (PCI-DSS) for finance organizations, and ISO 27001 for generic organizational security requirements. Compliances with security regulations and best practices would ensure organizations’' cloud infrastructure securely operates and protect the confidential and personal data in the infrastructure. Companies often use compliance as the measure of how secure their organization is. It would also help build trust and provide assurance and confidence to the organization for their customers that they prioritize security. According to Okera's survey, 94% of the correspondents put data privacy compliance as the top priority for their organizations.
However, getting or maintaining cloud security compliance is one big task for organizations to achieve for the cloud infrastructure. It could be caused by several factors, such as lack of cloud visibility to enforce compliance to the cloud, and compliance has become more complex over the years. In addition, not being compliant with security standards and best practices could result in fines, lawsuits, reputational damage, and vulnerability to cyber attacks on the cloud. Organizations might even be fined in the event of a data breach according to the regulations, for example, up to 20 Million Euros according to European Union's General Data Protection Regulation (GDPR). Interestingly, 45% of the correspondents of Okera's survey are not concerned about regulatory fines and penalties when their organizations are not being compliant.
How to Secure Cloud-Native Infrastructure
Securing cloud-native infrastructure is imperative for organizations to ensure the business's confidentiality, availability, and integrity. There are four primary ways to secure it from possible cyber cloud attacks:
- Identity and access management (IAM) is critical to managing who has access to what resources in the cloud-native infrastructure. The least privilege principle, as well as monitoring and auditing the credential and its access, would help to prevent privilege abuse attacks and credential leakage.
- Data security can be enforced within the cloud-native infrastructure by encrypting the data at rest and in transit and implementing appropriate access controls to ensure that only authorized users can access confidential data.
- Cloud-native infrastructure's network configuration must be designed with security in mind, allowing only legitimate connections to access the cloud resources. This could be done by configuring the authorized IP address, ports, and services in the cloud resources and appropriate additional security measures to protect the cloud infrastructure from unauthorized access.
- Finally, an incident response strategy is required in the event of security incidents in the cloud-native infrastructure. It is essential to mitigate the impact of the security incident, remediate the cause of security incidents, and prevent it from happening again.
How Mitigant Can Help to Secure Your Cloud-Native Infrastructure
Mitigant is an agentless SaaS solution protecting enterprise cloud-native infrastructures from possible cyber attacks on the cloud. It detects and remediates any security vulnerabilities due to misconfigured or non-compliant cloud resources to achieve security and compliance with cloud security best practices and standards, such as the Center for Internet Security, PCI-DSS, or HIPAA. It also provides comprehensive cloud visibility that takes inventories of cloud resources and monitors their state to detect unwanted cloud drifts.
Junior Marketing Manager ⎢ Mitigant