• Haris Pylarions, CEO at Hack The Box


• 19.11.2021 04:10 pm

1. What are the security risks for financial companies using cloud platforms?  

Cloud platforms completely change the security foundation of a business’s network, and therefore presents a key challenge to keep data secure. For the past thirty years, the advice has been to keep sensitive data segmented, using network architecture as a security mechanism for limiting access to any data considered sensitive. The heart of network security has always been at the firewall or switch, which are physical devices under company control that permit two devices to talk to each other. The cloud makes managing this challenging, as all the data lives on the cloud provider’s network.

Due to cloud data "living on the internet" and not on the company's internal network, mistakes can lead to anyone being able to access the data. In a traditional network, it is not possible for users on the internet to access a company's internal file server. This means that if an access-control list (ACL) on the file server is misconfigured, only computers on the local network can exploit the misconfiguration. If a company utilises Amazon S3 because it is "like a fileserver" and mistakenly sets the ACL for "Authenticated Users" to access the S3 Bucket, any authenticated Amazon user is able to access that bucket because the data is internet accessible. It's easy to confuse the term "Authenticated User", as an admin might think of it as authenticated and in their organization, where it really just means anyone with an Amazon account.

This pushes the burden of security into new  territories. To keep the data secure, system admins must play an important role to learn the terminology and technologies of each cloud provider their organisation uses.

2. How can businesses make sure their systems are secure? 

One of the largest advantages with the cloud is that tampering with logs is near impossible. The cloud provider owns the log server, so a complete compromise of a tenants’ network does not provide the ability to delete or modify any logs. Businesses should continually test their logging and make sure there is an audit trail for all sensitive actions.

It has become increasingly common for attackers to disable logging on machines they have compromised. In a non-cloud network this can be as simple as killing a process. But in the cloud environment, authentication is happening with the provider and it is near impossible to prevent some logs from being created, which makes things easier for businesses.

All authentication attempts should be logged. This data is critical, as authentication is the first action before anything can be done and allows responders to know where to start an investigation. Additionally, with the help of AI (Artificial Intelligence), this data is becoming more useful. AI can be used to identify when accounts attempt to access resources in an unusual way. In cloud environments, these logs cannot be modified or deleted by attackers, leaving a trail to be followed.

3. How does this fit with a wider company focus on cybersecurity?  

Financial services companies need to have processes in place before integrating new cloud solutions, as well as a strong security team with the latest knowledge and a company-wide security culture in place, making security a top priority for all employees. Security is not the sole responsibility of IT departments, as any individual can be an attack vector for cybercriminals. This means putting in place clear security policies and regular staff awareness and upskilling programmes. It is imperative that companies nurture a security mindset to encourage all employees to stay on top of their skills.