How to defend your cloud environments: 7 major rules

In 2024, the adoption of cloud computing by organizations has reached remarkable levels, with around 94% of companies now utilizing cloud-based services, according to Rightscale’s report. However, cloud solutions bring significant security challenges, as they rely on shared resources and connectivity, making them susceptible to data breaches, misconfigurations, and account hijacking. Let’s explore essential rules that can help minimize these risks and protect cloud environments effectively.

Cloud infrastructure offers organizations an average savings of 40% on physical space and reduced operational expenses. Furthermore, these environments enable faster time-to-market and improve overall business agility. Over half of organizations have stated that cloud adoption has accelerated their product and service delivery, allowing them to respond more promptly to customer needs.

Security is another major reason for businesses to migrate to the cloud. Approximately 60% of business executives believe that cloud computing enhances their security posture, particularly as it enables automated updates and reduces the risks of human error.

The common threats to cloud environments

Despite all the advantages, there are still some risks associated with cloud computing. For instance, last year, MITRE, a U.S.-based non-profit organization renowned for its work in technology and defense research, experienced a significant cloud security incident. In April 2024, attackers exploited two zero-day vulnerabilities in Ivanti’s Connect Secure VPN, gaining unauthorized access to MITRE’s Networked Experimentation, Research, and Virtualization Environment platform.

This breach resulted in the exposure of sensitive research data, including technical findings, development methodologies, and simulation results related to cybersecurity frameworks MITRE ATT&CK® and CALDER, which are widely used by government agencies and private organizations. It is unlikely that national security data was directly compromised.

Subsequent investigation revealed that the incident was perpetrated by a foreign nation-state threat actor. The successful breach was attributed to unpatched software and compromised devices, which provided the attackers with unauthorized access to sensitive areas within the cloud environment.

Another major cloud security incident in 2024 involved the popular project management tool Trello. In January, the company experienced a data breach, compromising 15 million user accounts. Hackers utilized a public API to connect an existing database of email addresses with Trello account information, which included usernames, full names, and other details.

Overall, according to the 2024 Cloud security report by Check Point Software, 61% of organizations experienced at least one security incident related to public cloud use in 2024 - a significant increase compared to the 24% figure in 2023. Out of these incidents, 21% resulted in data breaches.

Among other common vulnerabilities in cloud environments are misconfigurations, which can lead to the exposure of sensitive data if not promptly addressed, and insider threats, where employees or contractors inadvertently or maliciously compromise cloud security. Additionally, companies often struggle to keep pace with the rapid proliferation of cloud solutions, and a lack of staff skills to operate in the cloud environment becomes a significant security threat in itself.

Ways to protect your cloud

Luckily, businesses that rely heavily on cloud infrastructure can avoid such devastating attacks. The key is to follow seven essential rules. Each of them provides a specific approach to securing a critical aspect of the cloud environment, from access management and data encryption to monitoring and employee training. They complement each other and contribute to a well-rounded cloud security posture.

Rule 1: continuously monitor and log all cloud activities

In 2024, according to SailPoint, around 83% of organizations reported that continuous monitoring helped them catch security incidents early, preventing potential data leaks and system compromises​.

Effective network monitoring helps identify threats such as unauthorized access, data exfiltration, and misconfigurations that might expose sensitive data. By continuously tracking activities and analyzing logs, organizations can quickly pinpoint unusual behaviors, such as access attempts from unknown locations, unusual data transfers, or unauthorized use of privileged accounts.

Rule 2: implement strong identity and access management (IAM) policies

Effective IAM ensures that only authorized users have access to specific cloud resources. A key component of these policies is multi-factor authentication, which requires users to verify their identity through two or more authentication methods, such as a password and a one-time code sent to a mobile device. This ensures that potential attackers would need more than just a password to gain entry.

Role-based access control (RBAC) is another critical IAM strategy, assigning permissions based on user roles within an organization. For example, an employee in the finance department might have access to financial records but be restricted from viewing IT infrastructure details. With RBAC, users are given the minimum level of access required for their roles, significantly reducing the risk of misuse of sensitive data.

Rule 3: encrypt data in transit and at rest

It's important to encrypt data both when it's being transmitted (in transit) and when it's stored (at rest). This ensures that even if attackers intercept or access the data, it remains unreadable without the correct decryption keys.

To implement encryption effectively in your cloud environment, you should use both transport layer encryption (like transport layer security, TLS) for data in transit and disk encryption for data at rest. Many cloud providers offer built-in encryption tools that facilitate these practices.

Rule 4: regularly update and patch cloud resources

Cloud environments, like any other IT infrastructure, are susceptible to vulnerabilities as software ages or new exploits are discovered. When systems remain unpatched, they become easy targets for attackers who often scan for outdated software and exploit known vulnerabilities. A recent study found that approximately 60% of cloud breaches could be attributed to unpatched or misconfigured systems.

Regular updates help protect cloud resources from these risks by addressing known issues before attackers can take advantage of them. Cloud platforms typically make it easy to set up automated backups for persistent resources like databases or virtual machines. These backups ensure that, even in the event of a major attack or human error, data can be recovered without significant disruption.

Rule 5: use data retention policies

To protect against malicious attacks, such as ransomware, it’s essential to establish policies that prevent the immediate deletion of resources in the cloud. Many cloud providers offer this feature, allowing you to configure a delay period. This ensures that even if an attacker gains access to your account and attempts to delete critical resources, those resources won't be removed right away.

For instance, with a 30-day delay, a resource marked for deletion would remain recoverable for that entire period. This delay provides two key advantages: it allows time to detect and respond to unauthorized actions, and it gives you the opportunity to restore data before it is permanently lost. If your cloud provider does not offer this safeguard, it may be worth reconsidering whether they meet your security needs.

Rule 6: keep your costs down

In the event of a DDoS attack, cloud infrastructure can manage the surge in traffic by automatically scaling resources. However, this scaling can rapidly increase costs, potentially putting a strain on the company’s finances. To avoid these unexpected expenses, ensure that your cloud provider offers strong DDoS protection and mitigation options.

These measures can help absorb and filter attack traffic, minimizing the impact without leading to excessive resource scaling. If your provider’s built-in protections are inadequate, consider using third-party DDoS mitigation tools. This approach will help safeguard both your systems and your budget during an attack.

Rule 7: train employees on cloud security awareness

According to the Ponemon Institute, 82% of data breaches are caused by staff mistakes, such as clicking on phishing links, using weak passwords, or falling for social engineering attacks. To prevent these issues, it's essential to invest in ongoing, thorough security training programs. In fact, companies with comprehensive training programs can save an average of $2.66 million per breach.

What these programs might include? Phishing simulations that help employees identify suspicious emails and avoid disclosing sensitive information. Additionally, providing cloud-specific security training, which focuses on secure data handling, password management, and understanding cloud-specific threats, ensures that employees are well-prepared to handle security challenges effectively.

We've compiled a list of the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro