Identifying Top Cloud Security Issues

With so many mainframe sites running projects to migrate some of their workloads to the cloud, the importance of cloud security becomes much more of an issue—particularly as mainframes pride themselves on their in-built security features.

IBM

Let’s start by looking at what IBM’s annual Cost of a Data Breach Report, which features research by the Ponemon Institute, had to say. The 2022 report found that 45% of the breaches in the study occurred in the cloud. The study also found that breaches that happened in a hybrid cloud environment cost an average of $3.80 million, compared to $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds. The cost difference was 27.6% between hybrid cloud breaches and public cloud breaches. Organizations with a hybrid cloud model also had shorter breach lifecycles than organizations that solely adopted a public or private cloud model.

IBM Security X-Force, IBM’s in-house team of cybersecurity experts and remediators, produces a report each year titled “IBM Security X-Force Threat Index,” which looks at the most urgent security statistics and trends. The report says that as defenses grow stronger, malware gets more innovative. Attackers are increasingly using cloud-based messaging and storage services to blend into legitimate traffic. In addition, some groups are experimenting with new techniques in encryption and code obfuscation to go unnoticed. The report advises that maintaining properly hardened systems, enacting effective password policies and ensuring policy compliance are critical to maintaining a robust cloud security posture. It goes on to say that malware targeting Linux environments rose dramatically in 2021, which is possibly correlated to more organizations moving into cloud-based environments, many of which rely on Linux for their operations.

Forrester Consulting

A report from Forrester earlier this year found that 96% of businesses had experienced cloud security issues. The biggest challenge they faced involved identity-related security challenges, which accounted for 98% of the attacks. Perhaps surprisingly, the problems aren’t with people’s identities, but with all of the systems and service identities used to run cloud applications. So, what are these non-people identities? They include bots, serverless functions, the infrastructure of code and compute resources.

The report suggests that there are far more non-person identities than personal identities, which means that an organization’s risk profile is increasing, often in ways and areas unknown to IT teams. In fact, 56% of respondents said identities not attached to individuals are out of control in the cloud.

In order to deal with this, 82% of respondents expect to have invested in new identity access management (IAM) tools to address this issue by 2023. Additionally, 74% of respondents also suggested that cloud migration requires a different IAM approach.

The report suggests that cloud decision-makers also struggle with overly complex access control policies, a dispersed view of cloud platform identities and over-privileged cloud admin users. The survey found that:

• 45% of respondents said that legacy tools don’t integrate well with the cloud
• 40% of respondents said that access control policies were too complicated
• 40% of respondents highlighted regulatory compliance issues
• 40% of respondents identified over-privileged users as an issue

In addition, the survey found:

• More than half of the respondents had been victims of internal incidents targeting their clouds
• 49% said they had suffered attacks involving business partners or third-party suppliers
• Another 49% reported data loss because of cloud misconfigurations
• While 49% reported having to deal with external attacks

Certainly, this report highlights there are cloud security issues that need to be addressed and dealt with.

Palo Alto Networks 

Palo Alto Networks produced a report The State of Cloud Native Security 2022, which looked at global trends in cloud security from 3,000+ cloud security and DevOps professionals. They suggested that too many companies moving complex operations to the cloud struggle to automate cloud security and mitigate risks.

Their report found that:

• 55% of organizations report a weak security posture and believe they need to improve their underlying activities to achieve a stronger posture. This includes things like gaining multi-cloud visibility, applying more consistent governance across accounts or streamlining incident response and investigation.
• 69% of organizations host more than half of their workloads in the cloud.
• 80% of organizations that primarily use open-source security tools have a weak or very weak security posture.

Again, the report highlights issues with cloud security.

Check Point Software 

Check Point Software produced its 2022 Cloud Security Report, surveying 775 cybersecurity professionals.

They highlight as their key survey findings the following:

• Up 10% from last year, a quarter of organizations (27%) have experienced a public cloud security incident. This year misconfigurations (23%) have clinched the top position as the number one security-related incident, surpassing exposed data by user (15%) and account compromise (15%) from last year.
• Organizations continue to rely on multi-cloud solutions with 76% of respondents using two or more cloud providers, compared to just 62% from the previous year. While cost (61%) and ease of use (58%) initially drove their security decision between cloud-native versus independent cloud security solutions, managing multiple cloud vendors has created a greater complexity than first imagined.
• It’s clear that organizations are embracing more agile software development. Today, 35% of respondents have more than 50% of their workloads in the cloud, with 29% stating that they anticipate moving this number up to 75% of workloads in the cloud in the next 12-18 months.
• 61% of respondents have already integrated their DevOps toolchain into cloud deployments, yet organizations are still struggling with the lack of expertise that bridges security and DevOps. Only 16% of respondents have comprehensive DevSecOps in place, with 37% starting to incorporate some aspect of DevSecOps within the organization.

Again, these statistics highlight key security issues.

Securing the Cloud 

While there is a huge drive to migrate all platforms, not just mainframes, to the cloud, there are clearly issues with cloud security. I would guess that there is a shortage of people with the kind of in-depth knowledge that can be found on the mainframe, who are working in a cloud environment.

I’m certainly not suggesting that mainframe sites don’t make the most of the cloud environment. What I am suggesting is that life in the cloud may not be as easy and secure as many people would like you to believe, which is why it’s worth ensuring that your mainframe does not become vulnerable to attack because someone is trying to get their cloud project completed on time and has left a security loophole that can be exploited by bad actors.

Originally published on the TechChannel website.