Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Three Ways to Keep Cloud Data Safe From Attackers

Due to the ease, flexibility and low cost of securely storing and sharing data between commercial cloud providers, by 2025 cloud deployments are expected to be a $68 billion market.

Due to the ease, flexibility and low cost of securely storing and sharing data between commercial cloud providers, by 2025 cloud deployments are expected to be a $68 billion market. However, current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.

Currently, most enterprises procure cloud instances using their company’s name. This lack of obfuscation in the billing trail provides an easy target for threat actors in the reconnaissance phase. Adding a simple layer of procurement obfuscation is an important first step that enterprises can take to better protect their most important data sources from potential threats. 

obfuscated cloud management The idea behind obfuscated billing is that an adversary may be able to access public records that tie an enterprise to a cloud deployment simply because their name is on the bill. When using an obfuscation strategy, the cloud deployment is procured through separate legal entities that make this discovery of the end user much more challenging.

Cloud obfuscation is another critical best practice given the rise of ransomware tactics that lock up critical business processes and data. Many recent ransomware attacks have involved a compromise of credentials that allowed criminals to access cloud instances. These backup environments were then corrupted with false data making it impossible to use them to recover from a ransomware attack.  

Enterprises need to make it much more difficult for threat actors to even know these backup environments exist. One way to do this is by totally disassociating the most critical business data from enterprise cloud deployments. This can be achieved by procuring a totally separate commercial cloud instance that is reserved for the company’s most sensitive data and only accessible through zero trust controls. In addition,this data should be encrypted in transit using keys controlled by the organization.

Cloud deployments allow for extremely cost effective and secure data environments. However, the evolving tactics of threat actors in conjunction with increasing potential insider threats makes additional layers of security essential to protecting an organization’s crown jewels. For example, the Department of Defense has long protected their most classified programs under a term called “Special Access.”  

Special Access Programs (SAPs) require a unique vetting process that is well above normal security clearance requirements, is only extended to personnel who have a need to know, and whose identity is often concealed using code names.  

Commercial enterprises can learn some important lessons from this approach. Whether it is sensitive customer data, health records, trade secrets, or financial information all organizations have data that requires additional levels of protection. An obfuscated cloud management approach is an essential strategy to keeping one’s crown jewels secure.

RelatedAttackers Use Obscurity, Enterprises Should Too

Written By

Gordon Lawson is CEO of Conceal, a company that uses Zero Trust isolation technology to defend against sophisticated cyber threats, malware and ransomware at the edge. Previously, he served as president at RangeForce Inc. Gordon has nearly two decades of experience in the security sector with a focus on SaaS optimization and global enterprise business development from global companies including Reversing Labs, Cofense (formerly PhishMe) and Pictometry. As a naval officer, Gordon conducted operational deployments to the Arabian Gulf and Horn of Africa, as well as assignments with the Defense Intelligence Agency, US Marine Corps, and Special Operations Command. He is a graduate of the US Naval Academy and holds an MBA from George Washington University.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...