Cloud computing
Cloud account compromises are costing organizations millions each year
SaaS security can no longer be overlooked
Dealing with cloud accounts that have been compromised is becoming even more expensive as new research from Proofpoint and Ponenom Institute has revealed that cloud account compromises cost organizations over $6m each year.
To compile their new report titled “The Cost of Cloud Compromise and Shadow IT”, the cybersecurity firm and IT security research organization surveyed more than 600 IT and IT security professionals across the US.
Of those surveyed, 68 percent said they believe cloud account takeovers present a significant security risk to their organizations with more than half indicating that both the frequency and severity of cloud account compromises have increased over the last 12 months.
- We’ve put together a list of the best endpoint protection software around
- These are the best cloud management software solutions on the market
- Also check out our roundup of the best firewall
Chairman and founder of the Ponemon Institute, Larry Ponemon warned against the increased security risks that have come with growing SaaS adoption in a press release, saying:
“This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly. Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually.”
SaaS security
According to 86 percent of respondents, the annual cost of cloud account compromises is now over $500k with those surveyed reporting an average of 64 compromised accounts each year. Of these compromised accounts, 30 percent expose sensitive data putting employees and their organization at risk of cyberattacks.
Nearly 60 percent of respondents indicated that Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. Overall though, more than 50 percent of those surveyed say phishing is the most frequent method used by cybercriminals to acquire legitimate cloud credentials.
At the same time, shadow IT is creating substantial risk for organizations as employees are still using cloud apps and services that have not been approved by their organization’s IT department. The increased use of online collaboration software and messaging tools to share sensitive information along with the move to the cloud and more employees working from home are also putting organizations at greater risk.
Amazon Web Services
Amazon Web Services, Inc.
Amazon Web Services (AWS) is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide a variety of basic abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet. AWS’s version of virtual computers emulates most of the attributes of a real computer, including hardware central processing units (CPUs) and graphics processing units (GPUs) for processing; local/RAM memory; hard-disk/SSD storage; a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, and customer relationship management (CRM).
The AWS technology is implemented at server farms throughout the world, and maintained by the Amazon subsidiary. Fees are based on a combination of usage (known as a “Pay-as-you-go” model), hardware, operating system, software, or networking features chosen by the subscriber required availability, redundancy, security, and service options. Subscribers can pay for a single virtual AWS computer, a dedicated physical computer, or clusters of either. As part of the subscription agreement, Amazon provides security for subscribers’ systems. AWS operates from many global geographical regions including 6 in North America.
Amazon markets AWS to subscribers as a way of obtaining large scale computing capacity more quickly and cheaply than building an actual physical server farm. All services are billed based on usage, but each service measures usage in varying ways. As of 2017, AWS owns a dominant 33% of all cloud (IaaS, PaaS) while the next two competitors Microsoft Azure and Google Cloud have 18%, and 9% respectively, according to Synergy Group.
Availability
Amazon Web Services provides services from dozens of data centers spread across availability zones (AZs) in regions across the world. An AZ is a location that contains multiple physical data centers. A region is a collection of AZs in geographic proximity connected by low-latency network links.
A business will choose one or multiple availability zones for a variety of reasons, such as compliance and proximity to end customers. For example, an AWS customer can spin up virtual machines (VMs) and replicate data in different AZs to achieve a highly reliable infrastructure that is resistant to failures of individual servers or an entire data center.
Amazon Elastic Compute Cloud (EC2) is a service that provides virtual servers — called EC2 instances — for compute capacity. The EC2 service offers dozens of instance types with varying capacities and sizes, tailored to specific workload types and applications, such as memory-intensive and accelerated-computing jobs. AWS also provides an Auto Scaling tool to dynamically scale capacity to maintain instance health and performance.
Storage
Amazon Simple Storage Service (S3) provides scalable object storage for data backup, collection and analytics. An IT professional stores data and files as S3 objects — which can range up to 5 gigabytes (GB) — inside S3 buckets to keep them organized. A business can save money with S3 through its Infrequent Access storage tier or by using Amazon Glacier for long-term cold storage.
Amazon Elastic Block Store provides block-level storage volumes for persistent data storage when using EC2 instances. Amazon Elastic File System offers managed cloud-based file storage.
A business can also migrate data to the cloud via storage transport devices, such as AWS Snowball and Snowmobile, or use AWS Storage Gateway to enable on-premises apps to access cloud data.
Databases, data management
The Amazon Relational Database Service — which includes options for Oracle, SQL Server, PostgreSQL, MySQL, MariaDB and a proprietary high-performance database called Amazon Aurora — provides a relational database management system for AWS users. AWS also offers managed NoSQL databases through Amazon DynamoDB.
An AWS customer can use Amazon ElastiCache and DynamoDB Accelerator as in-memory and real-time data caches for applications. Amazon Redshift offers a data warehouse, which makes it easier for data analysts to perform business intelligence (BI) tasks.
Migration, hybrid cloud
AWS includes various tools and services designed to help users migrate applications, databases, servers and data onto its public cloud. The AWS Migration Hub provides a location to monitor and manage migrations from on premises to the cloud. Once in the cloud, EC2 Systems Manager helps an IT team configure on-premises servers and AWS instances.
Amazon also has partnerships with several technology vendors that ease hybrid cloud deployments. VMware Cloud on AWS brings software-defined data center technology from VMware to the AWS cloud. Red Hat Enterprise Linux for Amazon EC2 is the product of another partnership, extending Red Hat’s operating system to the AWS cloud.
Networking
An Amazon Virtual Private Cloud (Amazon VPC) gives an administrator control over a virtual network to use an isolated section of the AWS cloud. AWS automatically provisions new resources within a VPC for extra protection.
Admins can balance network traffic with the Elastic Load Balancing (ELB) service, which includes the Application Load Balancer and Network Load Balancer. AWS also provides a domain name system called Amazon Route 53 that routes end users to applications.
An IT professional can establish a dedicated connection from an on-premises data center to the AWS cloud via AWS Direct Connect.
