CLOUD AND CYBER
“ The increase in remote working accelerated cloud adoption , introducing new attack vectors for organisations used to protecting a traditional perimeter ”
DEL HEPPENSTALL PARTNER , KPMG
Rapid adoption of SaaS solutions attracts attackers Del Heppenstall , Cyber Security Partner at KPMG UK , confirms that attacks against cloud infrastructure are increasing , as is the use of compromised cloud environments as an enabler for cyber-attacks against organisations and individuals worldwide . “ The pandemic – and subsequent increase in remote working – accelerated cloud adoption , introducing new attack vectors for organisations used to protecting a traditionally defined perimeter ,” he says .
KPMG are seeing attackers ’ increased focus on compromising configuration errors in cloud environments and a lack of securely implemented API service integrations . “ This is partially due to the rapid adoption of SaaS solutions during the pandemic , but also a lack of focus on protecting this important attack vector ,” says Heppenstall .
To compound this problem , a shortage of digital skills among employees remains a crucial issue in cloud security , where the demand for cloud expertise far outstrips supply . Many underestimate the differences between cloud technology and traditional alternatives when implementing technical design and associated risk assessments .
“ We often see organisations moving to the cloud at short notice in response to data centre contracts ending , resulting in the migration being performed with insufficient planning and support ,” says Sarah Lyons , Deputy Director for Economy and Society Resilience at the National Cyber Security Centre ( NCSC ).
“ The services and technologies that cloud environments rely on to deliver these benefits are constantly evolving and accelerating in their complexity and potential ,” she explains . “ It is important that those responsible for delivering services understand the implications of any changes made to the technology they are consuming and adapt accordingly .”
Container orchestration and automation introduce new risks Cloud security incidents may involve complex attacks , but the simplest barely qualify as “ attacks ” and are more likely to involve data being left freely accessible to anyone who knows where to look , explains Stuart Green , Cloud Security Architect at Check Point Software . “ More complex cloud architectures often use a large number of loosely coupled components , each with its own unique set of configurations and , consequently , the possibility for misconfigurations .”
technologymagazine . com 91