Thiru Malai

May 28, 2021

6 min read

Cloud computing

Cloud account compromises are costing organizations millions each year

Dealing with cloud accounts that have been compromised is becoming even more expensive as new research from Proofpoint and Ponenom Institute has revealed that cloud account compromises cost organizations over $6m each year.

To compile their new report titled “The Cost of Cloud Compromise and Shadow IT”, the cybersecurity firm and IT security research organization surveyed more than 600 IT and IT security professionals across the US.

Of those surveyed, 68 percent said they believe cloud account takeovers present a significant security risk to their organizations with more than half indicating that both the frequency and severity of cloud account compromises have increased over the last 12 months.

  • We’ve put together a list of the best endpoint protection software around
  • These are the best cloud management software solutions on the market
  • Also check out our roundup of the best firewall

Chairman and founder of the Ponemon Institute, Larry Ponemon warned against the increased security risks that have come with growing SaaS adoption in a press release, saying:

“This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly. Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually.”

SaaS security

Nearly 60 percent of respondents indicated that Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. Overall though, more than 50 percent of those surveyed say phishing is the most frequent method used by cybercriminals to acquire legitimate cloud credentials.

At the same time, shadow IT is creating substantial risk for organizations as employees are still using cloud apps and services that have not been approved by their organization’s IT department. The increased use of online collaboration software and messaging tools to share sensitive information along with the move to the cloud and more employees working from home are also putting organizations at greater risk.

Amazon Web Services

Amazon Web Services (AWS) is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide a variety of basic abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet. AWS’s version of virtual computers emulates most of the attributes of a real computer, including hardware central processing units (CPUs) and graphics processing units (GPUs) for processing; local/RAM memory; hard-disk/SSD storage; a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, and customer relationship management (CRM).

The AWS technology is implemented at server farms throughout the world, and maintained by the Amazon subsidiary. Fees are based on a combination of usage (known as a “Pay-as-you-go” model), hardware, operating system, software, or networking features chosen by the subscriber required availability, redundancy, security, and service options. Subscribers can pay for a single virtual AWS computer, a dedicated physical computer, or clusters of either. As part of the subscription agreement, Amazon provides security for subscribers’ systems. AWS operates from many global geographical regions including 6 in North America.

Amazon markets AWS to subscribers as a way of obtaining large scale computing capacity more quickly and cheaply than building an actual physical server farm. All services are billed based on usage, but each service measures usage in varying ways. As of 2017, AWS owns a dominant 33% of all cloud (IaaS, PaaS) while the next two competitors Microsoft Azure and Google Cloud have 18%, and 9% respectively, according to Synergy Group.

Availability

A business will choose one or multiple availability zones for a variety of reasons, such as compliance and proximity to end customers. For example, an AWS customer can spin up virtual machines (VMs) and replicate data in different AZs to achieve a highly reliable infrastructure that is resistant to failures of individual servers or an entire data center.

Amazon Elastic Compute Cloud (EC2) is a service that provides virtual servers — called EC2 instances — for compute capacity. The EC2 service offers dozens of instance types with varying capacities and sizes, tailored to specific workload types and applications, such as memory-intensive and accelerated-computing jobs. AWS also provides an Auto Scaling tool to dynamically scale capacity to maintain instance health and performance.

Storage

Amazon Elastic Block Store provides block-level storage volumes for persistent data storage when using EC2 instances. Amazon Elastic File System offers managed cloud-based file storage.

A business can also migrate data to the cloud via storage transport devices, such as AWS Snowball and Snowmobile, or use AWS Storage Gateway to enable on-premises apps to access cloud data.

Databases, data management

An AWS customer can use Amazon ElastiCache and DynamoDB Accelerator as in-memory and real-time data caches for applications. Amazon Redshift offers a data warehouse, which makes it easier for data analysts to perform business intelligence (BI) tasks.

Migration, hybrid cloud

Amazon also has partnerships with several technology vendors that ease hybrid cloud deployments. VMware Cloud on AWS brings software-defined data center technology from VMware to the AWS cloud. Red Hat Enterprise Linux for Amazon EC2 is the product of another partnership, extending Red Hat’s operating system to the AWS cloud.

Networking

Admins can balance network traffic with the Elastic Load Balancing (ELB) service, which includes the Application Load Balancer and Network Load Balancer. AWS also provides a domain name system called Amazon Route 53 that routes end users to applications.

An IT professional can establish a dedicated connection from an on-premises data center to the AWS cloud via AWS Direct Connect.