Building Identity-Centric Cloud Resilience

In its Annual Review 2021, The National Cyber Security Centre (NCSC) notes the headline cyber security threats facing the UK in the last 12 months. There are few surprises. Along with the opportunities presented to cybercriminals by Covid-19, and the targeting of vaccine and medical research by hostile states, the Review highlights that the pandemic “…has also brought about an acceleration in digitisation, with businesses and local government increasingly moving services online and essential services relying ever more on cloud IT provision. This has broadened the surface area for attacks and has often made cyber security more challenging for organisations.” 

As more and more public sector organisations adopt hybrid cloud or accelerate their transition towards it, it is essential to remember that this move does not come without risk. Building-in resilience is key to ensuring cloud-based citizen services remain secure and available.  Cyber attackers go after data – particularly personal information - and data accessible via the internet is the most vulnerable asset to misconfiguration or exploitation. And, for critical infrastructure, attackers will target services resilience as well.  

As the public sector embraces the cloud to enable remote work and accelerate digital transformation, they must address these risks head-on. The top five threats include: 

1 - Data breaches 

IBM puts the average total cost of a data breach is at $4.24 million. As data shifts to the cloud, security teams must ask themselves who has access to it? By implementing least privilege and Zero Trust principles, organisations can limit accounts to the areas of the network they need. If an attack is successful in taking over an account, the attacker’s possibilities will be limited. 

2 - Misconfigurations and poor change control 

Misconfigurations usually occur when computing assets and access are set-up incorrectly. An example is granting excessive permissions or unchanged default credentials. To overcome cloud misconfiguration problems, organisations must embrace automation tools that can continuously discover unmanaged accounts – especially high-value privileged accounts. This will help prevent the misuse of any accounts with access to information that they shouldn’t have. 

3 – Compromised identities 

Adopting cloud brings challenges related to identity and access management (IAM), and particularly to privileged access management (PAM). High-value privileged credentials associated with not only human users, but applications and machine identities as well, are both powerful and susceptible to compromise in cloud environments. Once this occurs, attackers can gain full access to sensitive databases, or even to an organisation’s entire cloud environment. Many recent attacks have exploited unsecured credentials, resulting in cryptojacking, data breaches, and destruction of intellectual property.  

4 -Account hijacking 

Exploiting vulnerabilities, or via phished or stolen credentials, attackers look for ways to access privileged accounts in the cloud. Account and service hijacking means full compromise: control of the account, its services, and the data within. The fallout from such compromises can be severe – from significant operational and business disruptions to complete elimination of assets, data, and capabilities. 

5 - Insider threats 

Malicious insiders can be staff members, contractors, or other trusted third parties who use their access to affect an organisation. Since insiders have legitimate access, pinpointing potential security issues can be difficult and remediating incidents can be costly. Whether it’s a privileged user abusing their level of access or inadvertently misconfiguring a cloud resource, having a PAM program in place to protect from these insider abuses is paramount. 

Protect identity to build cloud resilience 

The cloud has fundamentally changed the notion of identities and the levels of privilege that are inherent to them. Now, even ordinary user credentials in cloud and DevOps environments can hold as much power as administrator-level credentials do for other types of systems. Adding the complex and dynamic mix of machines and applications to the mix means the privilege-related attack surface grows exponentially. 

Failure to build cyber resilience in the cloud, especially in highly-sensitive public systems, will inevitably lead to a breach or failed audit. These, in turn, will force organisations to slow the pace of development and new services. In the digital era, this is unacceptable. Public sector organisations must prioritise tools that are both efficient and capable. Strong identity security controls help ensure that humans, applications and machines have only the necessary levels of access to sensitive applications and infrastructure to do their jobs. They help make sure that activities occurring within the cloud environment are as de-risked as possible in the course of building world-class public services. 

Laura Foster

Head of Technology and Innovation, techUK

Laura is techUK’s Head of Programme for Technology and Innovation.

She supports the application and expansion of emerging technologies, including Quantum Computing, High-Performance Computing, AR/VR/XR and Edge technologies, across the UK. As part of this, she works alongside techUK members and UK Government to champion long-term and sustainable innovation policy that will ensure the UK is a pioneer in science and technology

Before joining techUK, Laura worked internationally as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.

Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.

Email:

[email protected]

LinkedIn:

www.linkedin.com/in/lauraalicefoster

Read lessmore