FREDERICK, Md.--(BUSINESS WIRE)--In a brief video explainer and commentary, Josh Stella, chief architect at Snyk and founding CTO of Fugue, a cloud security and compliance SaaS company, talks to business and security leaders about why the cloud is generally spared from ransomware and examines the top threat to their cloud environments.
Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles.
That attack was the latest example of the threat ransomware poses to all industries. The most recent edition of SonicWalls annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019. And an advisory jointly issued by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA reveals the latest trend is ransomware as a service gangs of bad actors essentially franchising their ransomware tools and techniques to less organized or less skilled hackers.
Clearly, protecting against ransomware attacks must be part of your organizations holistic cybersecurity strategy if youre still operating data center infrastructure and not cloud infrastructure. Hardening data centers and endpoints to protect against ransomware attacks is mandatory, but cloud infrastructure faces a different kind of threat. And if your organization is all in on cloud, ransomware is less of a worry.
What Is Ransomware?
Dont confuse a ransomware attack with a data breach, which involves stolen data. The purpose of ransomware is not to steal your data (although that can also occur during a ransomware attack) but rather to take control of the systems that house or encrypt your data and prevent you from accessing it until you pay the ransom. This can have a devastating impact on an organization by effectively shutting down operations until access to the data is restored.
While ransomware is a major cybersecurity threat, were simply not seeing ransomware attacks executed against cloud environments. The reason for this involves fundamental differences between cloud infrastructure and data center infrastructure.
A New Threat Landscape
Your cloud environment is not simply a remote replica of your onsite data center and IT systems. Cloud computing is 100% software driven by application programming interfaces (APIs) the software middlemen that allow different applications to interact with each other. The control plane is the API surface that configures and operates the cloud.
For example, you can use the control plane to build a virtual server, modify a network route, and gain access to data in databases or snapshots of databases (which are actually a more popular target among cloud hackers than live production databases). The API control plane is the rapidly growing collection of APIs your organization uses to configure and operate the cloud.
The priority for all cloud platform providers like Amazon, Google and Microsoft is to ensure your data is robust and resilient. And replicating data in the cloud is both easy and cheap, and a well-architected cloud environment ensures there are multiple backups of your data. Thats the key inhibitor to an attackers ability to use ransomware: Multiple copies of your data negates their ability to lock you out. If an attacker is able to encrypt your data and demands ransom from you, you can simply revert to the latest version of the data prior to the encryption.
The redundancy and resiliency that AWS, Google and Microsoft are building for hundreds of thousands of their customers running millions of servers and networks are impossible for you to replicate in your own data center infrastructure. And if your access to your on-premises systems is taken away from you and encrypted, it can be extremely difficult and in some cases effectively impossible for you to regain access without paying the ransom.
Security in the cloud is different because its a function of good design and architecture not intrusion detection and security analysis. Hackers are not trying to penetrate your network in order to lock you out of your systems; theyre trying to exploit cloud misconfigurations that enable them to operate against your cloud control plane APIs and steal your data right out from under you.
What Is Cloud Misconfiguration?
A misconfiguration can vary from individual resource misconfigurations that can appear simple, such as leaving a port open, to significant architectural design flaws that attackers use to turn a small misconfiguration into a massive blast radius. And I can guarantee that if your organization is operating in the cloud, your environment has both kinds of vulnerabilities. The good news is that because cloud infrastructure is software that can be programmed, these kinds of attacks can be prevented with software engineering approaches using policy as code.
Build Cloud Security on Policy as Code
When developers build applications in the cloud, theyre also building the infrastructure for the applications as opposed to buying physical infrastructure and deploying apps into it. The process of designing and building cloud infrastructure is done with code, which means developers own that process, and this fundamentally changes the security teams role.
In a completely software-defined world, securitys role is that of the domain expert who imparts knowledge to the people building stuff the developers to ensure theyre working in a secure environment. And that knowledge is delivered as automated developer tooling that leverages policy as code rather than checklists and policy documents written in a human language.
Policy as code enables your team to express security and compliance rules in a programming language that an application can use to check the correctness of configurations. Its designed to check other code and running environments for unwanted conditions or things that should not be. It empowers all cloud stakeholders to operate securely without any ambiguity or disagreement on what the rules are and how they should be applied at both ends of the software development life cycle (SDLC).
Cloud Security Must Be Automated
At the same time, policy as code automates the process of constantly searching for and remediating misconfigurations. There are no other approaches that in the long run are successful at this because the problem space keeps growing. The number of cloud services keeps growing, the number of deployments you have, and the amount of resources keeps growing. And so you must automate to relieve security professionals from having to spend their days manually monitoring for misconfigurations and enable developers to write code in a way that is flexible, that can be changed over time, and that can incorporate new knowledge, such as the latest big data breach that makes news headlines.
Harden Your Cloud Security Posture
Organizations that have implemented effective cloud security programs share some characteristics that any enterprise can emulate to harden their cloud security posture:
I dont want to downplay the threat ransomware attacks pose to your organization and encourage you to visit http://www.StopRansomware.gov, the U.S. federal governments resource for learning how to protect yourself from becoming a ransomware victim.
But I also want to emphasize that although your cloud environments are not highly vulnerable to ransomware, the risk of a data breach due to misconfigurations is high and growing as you adopt more cloud-based platforms and services.
The best defense is prevention. Use policy as code in the development phase, in the continuous integration/continuous delivery (CI/CD) pipeline, and in the runtime to quickly identify and remediate misconfigurations. As you gain maturity, these steps can be operationalized throughout your DevOps processes so that the entire process is automated and efficient.
About Josh Stella
Josh Stella is chief architect at Snyk and a technical authority on cloud security. Josh brings 25 years of IT and security expertise as founding chief technology officer at Fugue, principal solutions architect at Amazon Web Services, and advisor to the U.S. intelligence community. Joshs personal mission is to help organizations understand how cloud configuration is the new attack surface and how companies need to move from a defensive to a preventive posture to secure their cloud infrastructure. He wrote the first book on Immutable Infrastructure (published by OReilly), holds numerous cloud security technology patents, and hosts an educational Cloud Security Masterclass series. Connect with Josh on LinkedIn and via Fugue at http://www.fugue.co.
About Fugue
Fugue (part of Snyk) is a cloud security and compliance SaaS company enabling regulated companies such as AT&T, Red Ventures, and SAP NS2 to ensure continuous cloud security and earn the confidence and trust of customers, business leaders, and regulators. Fugue empowers developer and security teams to automate cloud policy enforcement and move faster in the cloud than ever before. Since 2013, Fugue has pioneered the use of policy-based cloud security automation and earned the patent on policy as code for cloud infrastructure. For more information, connect with Fugue at http://www.fugue.co, GitHub, LinkedIn and Twitter.
All brand names and product names are trademarks or registered trademarks of their respective companies.
Tags: Fugue, Snyk, cloud security, SaaS, Josh Stella, ransomware, policy as code, cybersecurity, cloud, infrastructure as code, open source, cloud security automation, network configuration, cloud configuration, cloud misconfiguration, data breach, cloud threats, application programming interface, API
Read this article:
Why Ransomware Attacks Steer Clear of the Cloud - Business Wire
Read More..