Just about anywhere you look, organizations are using the cloud in some form—and they’re not all large enterprises.
Small and medium businesses (SMBs) are also reaping the many benefits that the cloud offers over on-premise software, especially the lowered IT costs, increased scalability, and large storage capacity that come along with it. No doubt, with a cloud provider like AWS or Azure taking the wheel of some (or all) of your infrastructure, you have less to worry about.
But cloud services are delivered online, which can make it easier for threat actors to get a hold of sensitive data—and SMBs are wary of their cloud storage security as a result.
In this post, we’ll break down the four big threats to cloud storage security that SMBs should be ready to address.
1. File-based malware
Most cloud storage providers today feature file-syncing, which is when files on your local devices are automatically uploaded to the cloud as they’re modified.
File-syncing is great for businesses since it allows for a “central hub” of files for teams across different devices to access and work on. But it’s great for file-based malware for the same reason.
Cloud storage providers like OneDrive or DropBox are mounted to a local folder on your computer, and files stored in the cloud are synchronized with it. As far as your device is concerned, those cloud folders are just like any other folder. So, if you download a malicious file on your local device, there’s a route from there to your business’ cloud—where it can access, infect, and encrypt company data.
This kind of ransomware attack is also known as “Ransomcloud”. Check out our “File-sharing and cloud storage sites: How safe are they?” article for tips to keep you safe.
Each user in a cloud environment has their own roles and permissions governing the access they get to certain parts of the cloud, and because cloud workloads are accessed online, all hackers need are your credentials to get the “keys to the kingdom”.
This is why strong identity and access management (IAM)policies are so essential to cloud security.
Identity and access management is a means of controlling the permissions and access for users of cloud resources. You can think of IAM less as a single piece of software and more of a framework of processes, policies, and technology.
According to Palo Alto Networks, most known cloud data breaches start with misconfigured IAM policies or leaked credentials.
Specifically, researchers found that IAM misconfigurations cause 65% of detected cloud data breaches, with the runners up being weak password usage (53%) and allowing password reuse (44%).
Many businesses use Application Programming Interfaces (APIs)to connect applications and data to the cloud. At a high level, APIs allow different applications to communicate with each other over a network.
Since APIs provide a means of querying, accessing, and modifying important data, cloud threat actors are constantly searching for vulnerabilities in them. And lo and behold: In a 2021 analysis of its impacted clients, IBM’s X-Force IR team found that two-thirds of cloud data breaches were caused by misconfigured APIs.
In VMware’s 2021 State of Cloud Security report, 1 in 6 companies surveyed experienced a cloud data breach due to a misconfiguration in the past year. Researchers elsewhere found that, of all cloud services, cloud storage has one of the highest misconfiguration rates.
Given this, it’s not surprising that there have been many cloud storage data breaches in recent years.
Just last year, misconfigured Amazon S3 buckets exposed more than 1,000 GB of data and over 1.6 million files from dozens of municipalities in the US. Microsoft Azure hasn’t fared much better: In 2021, misconfigured Azure storage accounts exposed millions of filescontaining sensitive information.
While there’s no denying that the pros of the cloud generally outweigh the cons, businesses still have many cloud threats to address. The good thing is that we don’t need to reinvent the wheel to lessen our chances of a cloud data breach.
For example, anything as simple as employee phishing educationcan help prevent file-based malware. Similarly, good “password hygiene” and multi-factor authentication can improve weak IAM policies. Lastly, conducting regular vulnerability assessmentsand patching can help you find and address weak points before threat actors do.
To learn more about privacy and security best practices, read our tips to protect your data, security, and privacy from a hands-on expert.
Malwarebytes EDR prevents, detects, and responds to ransomware, malware, trojans, rootkits, backdoors, viruses, brute force attacks, and "zero-day" unknown threats so you can avoid business disruption and financial loss.