Attackers search for configuration errors and access data of cloud services automatically. New technologies like CSPM and SSPM make the cloud more secure.
Cloud use is on the rise, also in Germany. Analyses show that attackers are preparing for this: They automatically search for configuration errors and hunt for access data for cloud services. The security industry has reacted to this, as it-sa 2022 Expo&Conference showed. New technologies such as CSPM and SSPM are available and help to prevent configuration errors. Security specifications can thus be standardised and a central management of different cloud instances is possible. A German start-up is also among the vendors.
The more companies use the cloud, the more popular it becomes as a target for attackers. According to a Bitcom study, access data to cloud services are among the most popular prey of hackers. In addition, customers are often not clear about the responsibility they have for securing their own data or instances. Providers usually use a so-called shared responsibility model, in which both sides are responsible for certain security precautions. But often, misconfigurations make it easy for attackers to gain unauthorised access. Using specially designed search engines, criminals are scanning the cloud for attack targets.
Even cloud providers are not immune to mistakes and may involuntarily provide support for attackers, such as one of the largest platform operators a few weeks ago. A misconfigured cloud server made it possible to illegally access data from over half a million users from all over the world, including 150,000 companies. This allegedly involved around 2.4 terabytes, which included user information, product orders, offers, project details and personal data.
Detect configuration errors and monitor security
The security industry is aware of such problems and has reacted to them. During it-sa 2022 in Nuremberg, various service providers showed tools to support the configuration of cloud instances or for detection of configuration errors. Cloud Security Posture Management (CSPM) is the name of a technology that helps to prevent or detect security gaps caused by configuration errors. Put simply, CSPM allows essential security functions to be standardised and centrally managed across different cloud platforms. Among other things, this provides the basis for central alarms when a dangerous configuration parameter is discovered or for a central logging.
One of the providers of CSPM solutions is the Israeli security software firm Checkpoint with its product Cloud Guard. For example, it provides a uniform management interface for all cloud products. In addition, it is connected with a threat intelligence component that is supposed to provide early indications of ongoing or planned attacks. A firewall with learning mode is intended to increase security. It no longer works rule-based, but automatically with the integration of AI methods for data stream analysis.
New providers want to shake up the market
A similar, albeit more specialised, approach to CSPM is taken by SaaS Security Posture Management, or SSPM for short. With Software-as-a-Service (SaaS), mostly complex software applications are provided via the internet. The best-known is probably Microsoft's Office 365, which has since been renamed from O365 to M365. Market researchers from Gartner estimated the SaaS sector at around USD 122 billion at the end of last year, making it one of the strongest sectors of the cloud industry in terms of revenue. If a company uses other SaaS services such as Salesforce, ServiceNow or GitHub in addition to M365, complex challenges arise for security specialists. The industry reacts with SSPM. One provider in this category is AppOmni. This SSPM software continuously scans system APIs, configuration settings, data access models and event logs to automatically detect as well as prevent security misconfigurations and compliance breaches. In addition to the SaaS platforms already mentioned, Atlassian, Zoom or Snowflake products can also be monitored. The investors in AppOmni include both Salesforce and ServiceNow. It seems that these SaaS providers have recognised the need for corresponding security solutions.
Mitigant also wants to get involved in the same field. The German start-up was founded by four HPI graduates. The Hasso Plattner Institute (HPI) in Potsdam is considered one of the leading security institutions at German universities. Mitigant, which was only founded last year, has already received funding from the Federal Ministry of Education and Research. The start-up is dedicated to checking security requirements and verifying whether they have been implemented well and are working as expected. One of the founders described it as a way of creating a comparison between compliance and reality. The focus is currently on Azure and AWS, but other platforms are being planned. Mitigant's offer can be an enrichment for SMEs in particular, as these companies often do not have the appropriate specialists to guarantee the security of their cloud instances.