Key Considerations for Cloud Security

Thanks to Google Cloud Security for their latest alert on Scattered Spider, who have pivoted their advanced social engineering and MFA-bypass attacks from retail to U.S. insurance firms—now specifically targeting IT support and help desk teams. This wave of intrusions highlights how attackers exploit not just credentials, but also gaps in identity governance and privileged access. For security teams, the key takeaways are: 🚩 Rigorous access controls: Limit how much access IT support and call center personnel have, especially to sensitive systems. 🚩 Effective privilege management: Quickly identify and reduce unnecessary, lingering, or excessive permissions that enable lateral movement post-compromise. 🚩 Monitor privilege escalation paths: Visibility into who can reset credentials or escalate access is critical for breaking the attack chain. 🚩 Support security awareness: Continuously educate support teams on verification and social engineering resistance. We must modernize our identity security approach to continuously validate effective permissions and monitor privilege boundaries—not just roles—to help contain the impact if attackers get in. This is crucial as social engineering and identity attacks become more sophisticated and sector-focused. https://lnkd.in/enYu5AFj #Cybersecurity #InfoSec #IdentitySecurity #ThreatIntel #LeastPrivilege

Are you addressing the root causes of your cloud security threats or just treating the symptoms? The Cloud Security Alliance's Top Threats to Cloud Computing 2024 report illuminates critical security challenges, but many of these threats result from overlooking foundational practices in favor of more complex solutions. My takeaways: 1️⃣ Misconfiguration and change control - Misconfigurations often signal that organizations advance to complex cloud setups without mastering the basics. For example, the Toyota data breach, where a decade-long exposure was due to human error and inadequate cloud configuration management, highlights the need for robust configuration management and continuous monitoring. 2️⃣ Identity & Access Management (IAM) - IAM issues frequently stem from inconsistent governance. The JumpCloud breach, where attackers exploited over-permissioned accounts and poor separation of duties, underscores the importance of regular policy reviews and strict governance practices. 3️⃣ Insecure interfaces and APIs - Securing APIs is crucial, but the rush to innovate can sometimes overshadow security. The Spoutible (an X alternative) API vulnerability, which exposed user data due to poor security practices, serves as a reminder to embed security into the API development process from the start. What can you do? 1) Focus on fundamentals: To address misconfigurations, prioritize strong configuration management and continuous monitoring. Look at tools like Prisma Cloud by Palo Alto Networks. 2) Regular governance reviews: Prevent IAM issues by regularly reviewing and adapting policies. Ensure all your applications are part of your IAM strategy, not just those supporting standards like SAML, OIDC, and SCIM. (Cerby can help you with these apps.) 3) Balanced innovation: Integrate security into development processes to avoid compromising security in a rush to innovate (see Secure by Design from the Cybersecurity and Infrastructure Security Agency). Focusing on the basics and doing them well can mitigate most of the risks in this report. Props to the authors Jon-Michael C. Randall, Alexander S. Getsin, Vic Hargrave, Laura Kenner, Michael Morgenstern, Stephen Pieraldi, and Michael Roza. #Cybersecurity #cloudsecurity #api Cloud Security Alliance

2024 State of Cloud Security Study Key Insights A great morning read from Datadog ‘analyzed security posture data from a sample of thousands of organizations that use AWS, Azure, or Google Cloud.’ ↗️ Long-lived credentials -> remain a security risk, with 60% of AWS IAM users having access keys older than one year. Unused credentials are widespread, increasing attack surfaces across all cloud providers (AWS, Azure, GCP). Recommendation -> Shift to temporary, time-bound credentials & centralized identity management solutions. ↗️ Public access blocks on cloud storage increasing AWS S3 & Azure Blob Storage are increasingly using public access blocks, with S3 seeing 79% of buckets proactively secured. Recommendation -> Enable account-level public access blocks to minimize risks of accidental data exposure. ↗️ IMDSv2 adoption growing AWS EC2 instances enforcing IMDSv2 have grown from 25% to 47%, yet many instances remain vulnerable. Recommendation -> Enforce IMDSv2 across all EC2 instances & use regional settings for secure defaults. ↗️ Managed Kubernetes clusters Many clusters (almost 50% on AWS) expose APIs publicly, with insecure default configurations risking attacks. Recommendation -> Use private networks, enforce audit logs, & limit permissions on Kubernetes worker nodes. ↗️ 3rd-Party integrations pose supply chain risk 10% of third-party IAM roles are overprivileged, creating risks of AWS account takeover. Recommendation ->Limit permissions, enforce External IDs, & remove unused third-party roles. ↗️ Most cloud incidents caused by compromised cloud credentials Cloud incidents are often triggered by compromised credentials, particularly in AWS, Azure, & Entra ID environments. Patterns of Attack + Compromised identities + Escalation via GetFederationToken + Service enumeration + Reselling access + Persistence techniques Microsoft 365 -> Credential stuffing, bypassing MFA, & malicious OAuth apps for email exfiltration. Google Cloud -> Attackers leverage VPNs & proxies for crypto mining and follow common attack patterns. Recommendations -> Implement strong identity controls & monitor API changes that attackers may exploit. ↗️ Many cloud workloads are excessively privileged or run in risky configurations Overprivileged cloud workloads expose organizations to significant risks, including full account compromise & data breaches. Recommendation ->Enforce least privilege principles on all workloads. Use non-default service accounts with tailored permissions in Google Cloud. Avoid running production workloads in AWS Organization management accounts. The study shows improved adoption of secure cloud configurations -> better awareness + enforcement of secure defaults. However, risky credentials & common misconfigurations in cloud infrastructure remain significant entry points for attackers. P.s. use the info to strengthen your org cloud security posture. Full study report in the comment ⬇️ #cloudsecurity #cloudsec #cybersecurity

Cloud security can cause so many problems at any startup. After looking at 100s of AWS accounts, here's what we usually see overlooked: 1. Access Management (Who exactly can log into your cloud accounts? Too many startups give everyone admin access because it's easier.) 2. Multi-tenancy Risks (Your data is sitting on the same servers as other companies. Make sure you understand how it's being isolated.) 3. API Security (All those convenient APIs connecting your systems are great but...they're also a potential door for someone to walk through.) 4. Shared Responsibility Model (AWS isn't responsible for securing your applications - just their infrastructure. The rest is on you) 5. Credential Management (Those AWS access keys you copied to your local machine? They're probably still there, and that's a problem.) 6. Cross-Cloud Security (AWS, GCP, and Azure each have different security models, and they don't automatically talk to each other!) 7. Compliance Foundation (If you're planning to sell to banks or healthcare, you need to build with compliance in mind from day one) It's not all "someone hacked my EC2 instance and started mining bitcoin" - some of these are simple best practices that go out the window when it's a team of 5. Understandable, and solvable. None of these are impossible problems, but each can get ugly fast. What did I miss?

Here are 12 essential security practices you need to know for cloud roles (crucial concepts for interviews) 1. Shared Responsibility Model: Know what your cloud provider secures vs. what you must secure. → provider vs. customer responsibilities. 2. Multi-Factor Authentication (MFA): Add an extra layer beyond passwords for access. → time-based tokens, authenticator apps, biometrics. 3. Identity & Access Management (IAM): Control who can access what and enforce strict permissions. → roles, policies, least privilege. 4. Secure Cloud Storage Permissions: Avoid public buckets and overly broad access. → ACLs, IAM policies, bucket-level security. 5. Encrypt Data at Rest and in Transit: Use encryption to protect stored and moving data. → TLS, AES-256, envelope encryption. 6. Network Segmentation: Limit breach impact by isolating workloads. → VPCs, subnets, firewalls. 7. Update and Patch Systems: Fix known vulnerabilities in all components. → OS, applications, containers. 8. Enable DDoS Protection: Prevent service disruption from traffic floods. → AWS Shield, Cloud Armor, rate limiting. 9. Backup Data Regularly: Protect against data loss with frequent, tested backups. → snapshot automation, recovery drills. 10. Monitor and Log Activities: Track events across your cloud infrastructure. → audit logs, CloudTrail, SIEM tools. 11. Set Resource Usage Alerts: Catch anomalies early through alerts. → billing thresholds, abnormal activity triggers. 12. Use Cloud Security Posture Management (CSPM): Continuously detect and fix cloud misconfigurations. → real-time scanning, policy enforcement. As cloud environments get more complex, organizations really need people who get cloud security — because it’s not just about tech, it’s about protecting what matters most. If you want to stand out, focus on learning these core security concepts and how to apply them in real cloud environments — that’s what companies really value. How many of these cloud security practices do you actually follow? • • • If you found this useful.. 🔔 Follow me (Vishakha) for more Cloud & DevOps insights ♻️ Share so others can learn as well!

In light of the increase in supply chain hacks, we need to vet our cloud vendors more vigorously. 10 ways to Vet Cloud Providers: 1 Security Certifications: Look for providers with strong security credentials like ISO 27001, SOC 2, and GDPR compliance. 2 Transparent Policies: Clear policies on data handling, breach notifications, and incident response. 3 Data Encryption: Confirm that they offer end-to-end encryption both in transit and at rest. 4 Regular Audits: Choose providers who undergo regular third-party security audits. 5 Access Controls: Verify robust access control mechanisms to restrict who can access your data. 5 Disaster Recovery Plans: Ensure they have comprehensive business continuity plans. 6 Cyber Insurance: Check if the provider has cyber insurance and sufficient third party data breach limits. 7 Employee Training Programs: Regular security training and simulations for their staff. 8 Reviews: Look for reviews online and ask opinions of industry pros. 9 Pen Testing: When and how were they last pen tested? 10 Contractual requirements to tell you if you’ve been breached or suspicious of a breach within X days. Any more you suggest? Comment 👇 #cybersecurity #cloudsecurity #infosec #technews #snowflake #ticketmaster #cloud #cyber #cyberinsurance

🚨 Your Secrets Are Not Safe! 🚨 A recent study using dummy AWS credentials (canary tokens) by Idan Ben Ari exposes the alarming rate at which exposed secrets can be exploited across various platforms. It’s time to wake up. Times to Compromise: NPM: Less than 1 minute ⏱️ PyPI: Approximately 2 minutes ⏱️ GitHub: Seconds after exposure ⚡ Pastebin: Around 1 hour 🕒 DockerHub: About 7 days 📅 BitBucket and GitLab: No accesses 🚫 It’s fascinating to see how quickly platforms like NPM and GitHub are targeted, almost instantaneously, highlighting their high-risk profiles. Conversely, BitBucket and GitLab showed no access attempts, possibly due to less frequent scanning or different user behaviors. These variations underscore the unpredictable nature of security threats and the need for a tailored approach to cloud security. Here’s what you can do: - Implement Real-Time Monitoring and Least Privilege: Utilize monitoring tools to detect unauthorized access immediately and enforce the principle of least privilege to minimize exposure. - Secure and Regularly Audit Unused Roles/Identities: Decommission/Protect unused AWS roles or identities and conduct regular audits to mitigate risks associated with stale credentials. - Lock Down Unused AWS Services: Disable or restrict access to unused AWS services to close potential entry points for attackers. - Utilize Canary Tokens Strategically: Place canary tokens in sensitive areas as early warning systems to alert on unauthorized access attempts, helping you proactively identify security vulnerabilities. This study is not just a warning—it’s a call to action. Secure your cloud environments now before your secrets lead to a security breach. 👉 Full article with all detailed testing methods/results in the comments! Stay vigilant... #cloudsecurity #aws #cybersecurity #infosec #ciem #TheyJustLogin

𝐂𝐥𝐨𝐮𝐝 𝐀𝐈 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐖𝐡𝐚𝐭’𝐬 𝐋𝐮𝐫𝐤𝐢𝐧𝐠 𝐁𝐞𝐧𝐞𝐚𝐭𝐡 𝐭𝐡𝐞 𝐒𝐮𝐫𝐟𝐚𝐜𝐞? A recent report from #Tenable reveals a concerning reality: nearly 𝟕𝟎% of cloud AI workloads carry at least one unremediated #vulnerability—and the rest may simply be unaudited. The widespread reliance on default, overprivileged service accounts in platforms like Google Vertex AI (used by 𝟕𝟕% of organizations) is multiplying risks across every layer of the AI stack. From misconfigured data buckets to vulnerable open-source components, attackers have more entry points than ever—and the blast radius for even minor oversights can be enormous. The infamous OpenAI Redis library incident, which exposed user data, is just one example of how simple misconfigurations can lead to major privacy breaches. Security in cloud AI isn’t just about patching bugs—it’s about adopting a risk-based, platform-wide approach. Organizations need to merge human and machine identities, enforce least-privilege access, and embed security controls directly into the MLOps pipeline. As cloud AI workloads scale, so too must our security strategies. 𝐊𝐞𝐲 𝐭𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬 𝟏. 𝐀𝐮𝐝𝐢𝐭 𝐚𝐧𝐝 𝐫𝐞𝐜𝐨𝐧𝐟𝐢𝐠𝐮𝐫𝐞 𝐝𝐞𝐟𝐚𝐮𝐥𝐭 𝐩𝐞𝐫𝐦𝐢𝐬𝐬𝐢𝐨𝐧𝐬—don’t let overprivileged accounts become your Achilles’ heel. 𝟐. 𝐀𝐝𝐨𝐩𝐭 𝐚 𝐮𝐧𝐢𝐟𝐢𝐞𝐝, 𝐫𝐢𝐬𝐤-𝐛𝐚𝐬𝐞𝐝 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐩𝐩𝐫𝐨𝐚𝐜𝐡—prioritize vulnerabilities by potential impact, not just technical severity. 𝟑. 𝐄𝐦𝐛𝐞𝐝 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐧𝐭𝐨 𝐞𝐯𝐞𝐫𝐲 𝐬𝐭𝐚𝐠𝐞 𝐨𝐟 𝐲𝐨𝐮𝐫 𝐀𝐈 𝐩𝐢𝐩𝐞𝐥𝐢𝐧𝐞—from data ingestion to model deployment. Let’s not just innovate—let’s protect. The future of AI depends on it. Security should be at the heart of every AI initiative, not just an afterthought. 𝐒𝐨𝐮𝐫𝐜𝐞: https://lnkd.in/gtQf-ZyG #AI #DigitalTransformation #GenerativeAI #GenAI #Innovation  #ArtificialIntelligence #ML #ThoughtLeadership #NiteshRastogiInsights 

The CSA recently released a new report that shows top threats to cloud computing in 2024. Thales also released a report that describes top reasons for breaches in the cloud. 🧐 Here’s a summary and what you should know: Overall, “The survey […] shows a continuing drop in the ranking of traditional cloud security issues that are the responsibility of cloud service providers [...]” 🙌 Focusing on the top 4 from CSA, we have: 📌 Misconfiguration & inadequate change control 📌 Identity & Access Management (#IAM) ← why do you think I’m constantly talking about this and have entire courses & labs dedicated to this topic? 😉 📌 Insecure interfaces and #APIs 📌 Inadequate #cloudsecurity Strategy ⛔️ Misconfiguration & Inadequate Change Control ⛔️ ➡️ What this is: “Inadequate change control [...] can lead to improper configurations that remain undetected” “Misconfigurations are the incorrect or sub-optimal setup of cloud computing assets that can leave them vulnerable to unintended damage or external/internal malicious activity. Lack of cloud system knowledge or understanding of cloud security settings and nefarious intentions can result in misconfigurations” (train your team, folks 😉) 💡 Examples: - Secrets management - Disabled monitoring/logging - Ports/services left open/running - Storage access - Subdomain hijacking Etc… ⛔️ Identity & Access Management (IAM) ⛔️ I cover this a lot in other posts, workshops, training, etc, so I won’t expand on it here. ⛔️ Insecure Interfaces & APIs ⛔️ ➡️ What this is: “APIs and UIs become vulnerable for various reasons” 💡 Examples: - Inadequate authentication - Lack of encryption - Insufficient input validation, - Poor logging and monitoring, - Outdated or unpatched software etc… ⛔️ Inadequate Cloud Security Strategy ⛔️ ➡️ What this is: Strategically thinking about cloud deployments beforehand by “considering external factors, existing implementation, and selection of cloud technologies, priorities, and trends toward creating a high-level plan or approach.” 💡 Examples: Worries about vendor lock-in, out-of-control costs, picking the right tool/service for requirements today and in the future, etc… 👉👉 Shifting to the root causes from Thales, there are three I want to highlight because they have a common cause (human error): 📌 31% due to a misconfiguration or human error 📌 28% due to exploitation of a known vuln 📌 17% due to failure to use MFA for privileged user accounts 🙋♂️ I’d love to hear from you. What do you think about these results? Do they accurately represent your challenges? What you think leads to the top cloud threats and root causes of cloud data breaches? Let me know in the comments below! Also, be sure to share this with your colleagues. This is important info!