9 Cloud Security Threats MSSPs Need to Know Right Now
Get the lowdown on recent breaches and how to prevent them, thanks to the Cloud Security Alliance.
![Cloud Security Threat Cloud Security Threat](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt7604643d52624668/652457bb1229a731b7dc25e2/Cloud-Security-Threat.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
This financial institution suffered a breach impacting 106 million accounts for two main reasons. First, it employed less-experienced cloud architects. Second, that lack of expertise opened the door for a former engineer with one of the big three public cloud providers to hack the system. This all led to class-action lawsuits, a dramatic drop in the bank’s stock price, a congressional inquiry and an $80 million fine.
Our Take: The Lesson for MSSPs
Help customers build, or rebuild, airtight cloud environments. Make sure they hire and train knowledgeable cloud architects on top of the services you provide. Check every aspect of the cloud environment on a regular basis to vet for vulnerabilities someone on the inside or the outside could exploit.
This brand put customers’ identity and finances at risk after hackers got hold of user credentials and tried to sell them. It all happened because executives wanted to make the service available before implementing thorough cloud security measures. The service originally was designed without the requirement for unique passwords or multifactor authentication. Once the breach went public, customers ended up waiting on support calls for hours, and the brand lost money and trust. It also underwent a regulatory inquiry and subsequently had to pay fines.
Our Take: The Lesson for MSSPs
Do your utmost to deter clients from taking a cloud-based service live before all security safeguards are in place. Enforce the use of unique passwords and multifactor authentication.
Soft internal cloud security measures paved the way for a third-party vendor to take advantage. As such, this Wall Street player lost millions of dollars and took a big hit to its reputation. It also still could face litigation.
Our Take: The Lesson for MSSPs
Get into the weeds with each cloud vendor database. Understand where information is stored. Check whether identity access management is in place (it should be!). Verify who has the authority to be in each database at all. Finally, work with customers to only team with the most proven, secure and trustworthy cloud vendors.
An unidentified external hacker knocked this company’s operations offline with DDoS attacks. A variety of factors created the maelstrom, including insufficient training, outdated software and poor cloud architectural design. This firm somehow evaded the financial and reputational consequences of some of the other organizations in the Cloud Security Alliance’s report. However, the outcome easily could have been much different.
Our Take: The Lesson for MSSPs
Craft a complete incident response plan for each customer. Then test that plan with the client. Also, check all router and firewall setups. They must be ready to stop invalid IP addresses.
This example goes to show that anyone, including a cybersecurity company, can face a breach. In this instance, human error during design of the cloud environment opened the door to hackers. The Cloud Security Alliance report shows that the vendor had to reissue tens of thousands of customer certificates, passwords and API keys. There’s no data showing the financial impact. But the company did get its share of negative media coverage and its CEO resigned.
Our Take: The Lesson for MSSPs
Assign the most knowledgeable and experienced architects to client (and internal) cloud design. After that, vet all components with manual and automatic tools. Check all servers and access keys.
Poor misconfigurations on the product’s Android app allowed third-party threat actors to access customers’ personally identifiable information. Once the issue became known, the incident response team took longer to respond than the Cloud Security Alliance considers wise. The possibility remains that the company will face fines, and customer and shareholder backlash.
Our Take: The Lesson for MSSPs
Program privacy and security settings into any customer mobile application. Test the app regularly for any weakness that would it expose it to breaches.
One of Britain’s largest grocers used a third-party vendor for its website. That vendor was storing customers’ personal data in a public cloud platform with no authentication or other security. A mobile app also exposed millions of license plate images and vehicle types.
Our Take: The Lesson for MSSPs
Assist customers with cloud vendor selection. Help users vet the people who will be accessing any and all cloud environments. Conduct security awareness training.
Another case of human oversight allowed a malicious hacker to install mining scripts. The breach released vehicle telemetry data and gave the bad actor leeway to abuse the unsecured Kubernetes containers for cryptocurrency mining. Private customer information was not compromised, but the car maker still could encounter reduced buyer confidence and tarnished brand value.
Our Take: The Lesson for MSSPs
This anecdote presents another argument for having a detailed and proven incident response plan. It also underscores the need for ensuring seamless cloud network design.
The cloud communications provider more closely integrated with its conferencing partners.
Fuze users can access Zoom, Webex, Microsoft Teams, GoogleMeet, GoToMeeting and other meeting providers on a one-click basis from the Fuze platform. As a result, customers can experience less friction and complexity in switching between platforms.
Read Fuze’s press release.
Download the full Cloud Security Alliance report here. Look for extensive analysis of the financial, operational, compliance and reputational impacts of each breach presented, as well as additional takeaways MSSPs can implement.
Download the full Cloud Security Alliance report here. Look for extensive analysis of the financial, operational, compliance and reputational impacts of each breach presented, as well as additional takeaways MSSPs can implement.
The Cloud Security Alliance has just released a report on cloud security threats that dives into some of the greatest threats to organizations. Some of the findings may come as a surprise even to the most meticulous MSSPs. They are all laid out in CSA’s “Top Threats to Cloud Computing: Egregious 11 Deep Dive.”
Channel Futures recommends reading the full report (we’ve included a link on the last slide) for all the details. Plus, the analysis includes insights for preventing, detecting and correcting any breaches, which MSSPs will find helpful. The report also comes with metrics for evaluating progress. In the meantime, click through the slideshow above for a taste of the cloud security issues offered in the report.
Read more about:
MSPsAbout the Author(s)
You May Also Like