3 things you should know about cloud security in 2020

The world is now neck-deep in digital. Companies everywhere are trying to conquer the digital universe by revitalizing business models or building new ones from scratch to remain competitive. Much of this action is based on a common foundation: cloud computing.

In fact, the use of cloud computing has exploded over the past decade, and there’s no end to the growth in sight. Global spending on the cloud hit $273 billion in 2018 and is poised to exceed an astonishing $623 billion by 2025, according to industry reports.

The reason for cloud’s growth is clear: it is often associated with lower costs, greater flexibility, and greater security. But while cloud offers a big boost in physical security beyond what a garden-variety end-user is typically willing or able to afford, it’s still a shared responsibility proposition. Put another way, the provider oversees cloud security, and the customer is in charge of its own security in the cloud – including the integrity of the stored and processed data, and the resilience of all apps and APIs that interface with the web.

But most cloud packages include only basic security. If an extra layer of security isn’t added, the customer’s entire IT value chain is basically a line of sitting ducks. And since more and more corporate and customer data resides in the cloud, tight IP access can become a serious bottleneck. If the cloud platform is offline, it’s game over.

Disabled by DDoS attacks

This is not just a theory. In October 2019, Amazon Web Services (AWS) suffered a major DDoS attack roughly eight hours long. Users couldn’t connect because AWS miscategorized their legitimate customer queries as malicious. Google Cloud Platform encountered a variety of troubles at roughly the same time, but the company claims they were unrelated to DDoS. A few weeks earlier, a number of DDoS attacks knocked out a South African ISP for a full day, making internet access widely impossible.

In fact, DDoS attacks are some of the biggest threats reported in the global business arena, and Europol’s “Internet Organised Crime Threat Assessment 2019” report describes the extent of the problem. Similarly, in a warning, the US Department of Homeland Security (DHS) said that, in the past half-decade, DDoS attacks have grown ten-fold in size, and “it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale.”

The World Economic Forum (WEF) highlights that the disabling of a single cloud provider could generate $50 billion to $120 billion in economic losses — a scale reminiscent of the financial blowback after Hurricane Sandy and Hurricane Katrina. 

Corrupt clouds

Attacks on corrupted or manipulated cloud servers are also on the rise. For instance, after a data breach, stolen credit card credentials are often used to create fake cloud accounts.

According to Link11’s 2019 DDoS Report, the share of DDoS attacks involving corrupted cloud servers increased to 51 percent in 2HY/2019. (Disclosure: I am the COO of Link11.) The biggest known attack peaked at 724 Gbps in bandwidth. Since many large enterprises use a 10 Gbps or a 1 Gbps internet connection, a data tsunami this massive would be more than 70-700 times than bigger than the available pipe. Our research found that the number of attacks on cloud providers roughly corresponded to their relative market share: More cases of corrupt clouds were registered for AWS, Microsoft Azure and Google Cloud.

Significantly, the longest DDoS attack Link11 dealt with in the second half of 2019 endured for a staggering 6,459 minutes – an outage equivalent to more than 100 hours, or five consecutive days. Needless to say, such a prolonged blackout can wreak serious damage and put a firm that relies on its digital presence – whether in platforms, e-commerce or apps – into a tailspin.

APIs in the spotlight

As if all that isn’t worrying enough, the DDoS issue is creeping to a place beyond infrastructure. Many organizations are starting to run cloud-native applications, and — as part of the Fourth Industrial Revolution — manufacturers, logistics companies, and utilities are equipping their production lines, warehouses, factories, and other facilities with sensors and wireless connections. Each of these needs an API to function properly.

But while APIs can streamline both architecture and product delivery, they can also be a conduit for a wide variety of risks and vulnerabilities. When an essential business application or API is compromised, it neuters all the operations pertaining to the business and starts a chain reaction. Thus, protecting OSI layers 3 and 4 is no longer enough; today, layer-7 attacks can do more damage using less total bandwidth.

Your action plan

When companies run test and development instances in the cloud, the service’s basic level of security might be sufficient to protect the company’s data and systems. But firms that run mission-critical, revenue-related services in the cloud should thoroughly analyze the threat landscape and ensure they have the right tools in place – that is, ones that offer more than basic security and guarantee (to the extent possible) that their systems will remain resilient and function at “enterprise-grade.” Upgraded security includes automated reporting and alarms, dashboards, integration into existing SIEM systems, and other features.

Plenty of service providers offer such goodies, and it’s easy to think their packages are all more or less the same. But, as always, the devil is in the details. Prospective buyers should carefully assess their providers’ SLAs to ensure they’re comparing apples with apples and that the service level will meet their specific needs. 

Larger and more frequent attacks, the risks that APIs introduce, and the financial cost of downtime all add up to a threat that’s far greater than the sum of its parts. Still, when well-planned and implemented with security as a prime concern, the cloud makes perfect sense – not just for economic reasons, but also because it enables deeper collaboration with partners and customers and a faster time-to-market.