Building and deploying applications in the cloud offers significant advantages, primarily driven by the scalability it provides. Developers appreciate the speed and ease with which cloud-based infrastructure can be set up, allowing them to scale rapidly as long as they have the necessary resources. However, the very scale that makes cloud computing attractive also poses serious risks.
The risk lies in the potential for developers to make mistakes in application building, which can lead to widespread consequences when deployed at scale. Cloud-focused attacks have seen a significant increase, tripling from 2021 to 2022, as reported in the Cloud Risk Report by Crowdstrike.
The challenges in securing the cloud are exacerbated by its relative novelty, with organizations still learning about its intricacies. The newer generation of adversaries is adept at exploiting cloud weaknesses and finding ways to attack multiple systems simultaneously. Cultural issues within organizations, such as the tension between security professionals and developers, can further complicate cloud protection.
To safeguard cloud infrastructure, best practices include adopting the principle of least privilege, regularly evaluating access rights, and avoiding hard-coding credentials. Ongoing hygiene and assessments are crucial in ensuring that access levels are appropriate and minimizing risks of cloud-focused attacks.
Overall, understanding and addressing the risks associated with cloud deployments are vital as cloud-native adversaries grow increasingly sophisticated. Implementing proper security measures, along with staying up-to-date on runtime security and avoiding misconfigurations, are essential in safeguarding cloud-based applications and data.
Elia Zaitsev of CrowdStrike joined TNS host Heather Joslyn for this conversation on the heels of the release of their Cloud Risk Report.
Learn more from The New Stack about cloud security and CrowdStrike:
Cloud-Focused Attacks Growing More Frequent, More Brazen