Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Three Ways to Keep Cloud Data Safe From Attackers

Due to the ease, flexibility and low cost of securely storing and sharing data between commercial cloud providers, by 2025 cloud deployments are expected to be a $68 billion market.

Due to the ease, flexibility and low cost of securely storing and sharing data between commercial cloud providers, by 2025 cloud deployments are expected to be a $68 billion market. However, current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.

Currently, most enterprises procure cloud instances using their company’s name. This lack of obfuscation in the billing trail provides an easy target for threat actors in the reconnaissance phase. Adding a simple layer of procurement obfuscation is an important first step that enterprises can take to better protect their most important data sources from potential threats. 

obfuscated cloud management The idea behind obfuscated billing is that an adversary may be able to access public records that tie an enterprise to a cloud deployment simply because their name is on the bill. When using an obfuscation strategy, the cloud deployment is procured through separate legal entities that make this discovery of the end user much more challenging.

Cloud obfuscation is another critical best practice given the rise of ransomware tactics that lock up critical business processes and data. Many recent ransomware attacks have involved a compromise of credentials that allowed criminals to access cloud instances. These backup environments were then corrupted with false data making it impossible to use them to recover from a ransomware attack.  

Enterprises need to make it much more difficult for threat actors to even know these backup environments exist. One way to do this is by totally disassociating the most critical business data from enterprise cloud deployments. This can be achieved by procuring a totally separate commercial cloud instance that is reserved for the company’s most sensitive data and only accessible through zero trust controls. In addition,this data should be encrypted in transit using keys controlled by the organization.

Cloud deployments allow for extremely cost effective and secure data environments. However, the evolving tactics of threat actors in conjunction with increasing potential insider threats makes additional layers of security essential to protecting an organization’s crown jewels. For example, the Department of Defense has long protected their most classified programs under a term called “Special Access.”  

Special Access Programs (SAPs) require a unique vetting process that is well above normal security clearance requirements, is only extended to personnel who have a need to know, and whose identity is often concealed using code names.  

Commercial enterprises can learn some important lessons from this approach. Whether it is sensitive customer data, health records, trade secrets, or financial information all organizations have data that requires additional levels of protection. An obfuscated cloud management approach is an essential strategy to keeping one’s crown jewels secure.

RelatedAttackers Use Obscurity, Enterprises Should Too

Advertisement. Scroll to continue reading.
Written By

Gordon Lawson is CEO of Conceal, a company that uses Zero Trust isolation technology to defend against sophisticated cyber threats, malware and ransomware at the edge. Previously, he served as president at RangeForce Inc. Gordon has nearly two decades of experience in the security sector with a focus on SaaS optimization and global enterprise business development from global companies including Reversing Labs, Cofense (formerly PhishMe) and Pictometry. As a naval officer, Gordon conducted operational deployments to the Arabian Gulf and Horn of Africa, as well as assignments with the Defense Intelligence Agency, US Marine Corps, and Special Operations Command. He is a graduate of the US Naval Academy and holds an MBA from George Washington University.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Security awareness training firm KnowBe4 has named Bryan Palma as president and CEO effective May 5.

Threat intelligence firm Team Cymru has appointed Joe Sander as its Chief Executive Officer.

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

More People On The Move

Expert Insights