How IaaS-provider works with information security: threats and protection
According to Apiumhub statistics, 70% of companies have at least one application running in the cloud. Migrating to the cloud entails several advantages , but many enterprises are concerned about data security. However, the view that cloud infrastructure is poorly protected is a myth , since the provider specializes in “perimeter defense”.
In today's article, we’ll highlight some of the biggest security threats and talk about how IaaS providers protect customer data.
/ Flickr / Blue Coat Photos / CC
')
Data theft entails abuses of intellectual property, trade secrets and confidential customer information, resulting in losses and a loss of brand image.
According to a joint report of the insurance companies Lloyd's of London and Cyence, a global attack on the cloud could cost $ 53 billion. In this case, the insurance will cover only 17% of these losses.
One such powerful attack occurred this year. The goal was the Equifax credit bureau. According to Forbes, the attackers stole the data of 143 million customers of the company. This theft caused significant damage: top managers sold their shares two days after they discovered the hacking, and the shares themselves fell by 13%. And this case is not unique - about other major attacks and damage can be found here .
Therefore, to protect customers from theft and hacking, providers start with the most basic security methods - encrypt traffic using HTTPS and SSL . This prevents data theft if attackers try to “eavesdrop” on the channel. Many operators introduce additional security measures: two-factor authentication (2FA), network segmentation, access control, monitoring and audit systems.
At the same time, even such a small step as connecting 2FA helps companies prevent breaking. For example, it was the lack of two-factor authentication that led to the theft of 80 million patient personal data records in Anthem.
Another component protected by cloud and IaaS providers is the API. The provider does its best to protect software interfaces: it uses data encryption, allows you to configure access levels to manage authentication. Vendors also provide Cloud Access Security Broker - a tool to control the transfer and storage of data in all cloud client applications.
Even before entering into a contract, many providers provide information on APIs and requirements for them. For example, we in the company 1cloud openly tell our clients about possible vulnerabilities and what methods of protection are used.
Another way to counteract hacking is network microsegmentation. This solution uses network virtualization and allows you to assign security policies to data center applications, right down to the workload level. The application of network security policies is ensured by firewalls integrated into hypervisors already installed in the data center. This ensures that intruders will not be able to access workflows.
According to Gartner, by 2020 the number of incidents related to workloads in the cloud infrastructure will be 60% less than in ordinary data centers.
You can lose data in different ways : attackers can damage it, or you can accidentally delete it. These problems are solved with the help of backup and snapshots . Most IaaS providers automatically copy the customer database every day. Therefore, if the provider's client contacts technical support and reports data loss, they can be restored.
Clutch interviewed 300 small and medium-sized businesses to evaluate backup efficiency in the cloud. Survey results showed that 87% of respondents are confident in the safety of backups in the cloud. A quarter of respondents say that backing up data in the cloud is much safer than local one.
Backup also protects against ransomware viruses. According to Kaspersky Lab, 15 thousand ransomware modifications appeared in the second half of this year. The total number of attacks made is 270 thousand.
The most powerful ransomware Trojans attacked users in 2017. The first attack happened in May: the WannaCry virus infected hundreds of thousands of computers all over the world. In June, the second encryption virus (Petya) recalled the benefits of backup.
/ frame from video about our Xelent data center
Providers store data in a secure data center with video surveillance systems. Access to the data center is prohibited for outsiders and for most of the staff. The offender will not be able to come and take away the data carriers - he simply will not get inside.
For example, the Xelent data center, which houses the power of 1cloud, has a multi-level protection system. The perimeter of the data center is fenced with vibration sensors and cameras. The entrance to the territory is carried out through a checkpoint and strictly by passes. If the employee has forgotten him at home, he will not pass to the workplace.
As for access to virtual machine disks, it is also not easy to get it. In theory, it is at the data center workers. But in practice, they cannot use it, because data center employees, as a rule, do not have logical access to the cloud (via the network). Additionally, providers monitor traffic, encrypt data, and offer customers tools to track the state of the cloud environment.
Note that some companies use additional and even exotic solutions to enhance protection. For example, the Bank of America data center is located in an inconspicuous concrete building without signs. In appearance, the data center is a closed and impregnable warehouse that few people want to “rob”.
To launch an application-level DoS attack, cybercriminals analyze the vulnerabilities of web servers, databases and other cloud resources. According to Corero, 40% of companies are subject to DDoS attacks monthly / weekly and daily.
In the first quarter of 2017, resources in 72 countries were attacked. China, South Korea and the United States remain the leaders in the number of DDoS attacks. The longest attack lasted 120 hours. In the second quarter of 2017, 86 countries were attacked. The record DDoS attack lasted 277 hours - 131% longer than the longest attack of the same period last year.
Providers protect services from DoS and DDoS attacks. This is facilitated by the Content Delivery Network (CDN) delivery and distribution network and Web Application Firewall (WAF) application-level protection screens.
Other integrated security technologies include artificial intelligence, automation, and machine learning. Nick Coleman, an IBM specialist, says that automation and artificial intelligence will be used everywhere to protect data in 3-4 years.
These technologies allow you to simplify and speed up the execution of routine security policy tasks and predict threats. Open source projects and frameworks , such as TensorFlow, help developers create and automatically configure policies based on an analysis of threats to external resources.
The machines show themselves well in the search for vulnerabilities: at the beginning of this year, cloud artificial intelligence helped to find 10 security holes on LinkedIn. Google , Oracle and others have high hopes for machine learning technology.
Once again, summarize the most common types of attacks on cloud infrastructure and methods of protection. Provided by providers:
According to a study by Crowd Research Partners, 74% of respondents believe that data encryption is the most reliable way to protect in the cloud. Half of the experts surveyed noted access control as the most effective method of cloud protection. 40% of respondents voted for the introduction of interfaces for tracking and notification of threats.
PS Our other safety materials:
In today's article, we’ll highlight some of the biggest security threats and talk about how IaaS providers protect customer data.
/ Flickr / Blue Coat Photos / CC
')
Data theft and hacking
Data theft entails abuses of intellectual property, trade secrets and confidential customer information, resulting in losses and a loss of brand image.
According to a joint report of the insurance companies Lloyd's of London and Cyence, a global attack on the cloud could cost $ 53 billion. In this case, the insurance will cover only 17% of these losses.
One such powerful attack occurred this year. The goal was the Equifax credit bureau. According to Forbes, the attackers stole the data of 143 million customers of the company. This theft caused significant damage: top managers sold their shares two days after they discovered the hacking, and the shares themselves fell by 13%. And this case is not unique - about other major attacks and damage can be found here .
Therefore, to protect customers from theft and hacking, providers start with the most basic security methods - encrypt traffic using HTTPS and SSL . This prevents data theft if attackers try to “eavesdrop” on the channel. Many operators introduce additional security measures: two-factor authentication (2FA), network segmentation, access control, monitoring and audit systems.
At the same time, even such a small step as connecting 2FA helps companies prevent breaking. For example, it was the lack of two-factor authentication that led to the theft of 80 million patient personal data records in Anthem.
Another component protected by cloud and IaaS providers is the API. The provider does its best to protect software interfaces: it uses data encryption, allows you to configure access levels to manage authentication. Vendors also provide Cloud Access Security Broker - a tool to control the transfer and storage of data in all cloud client applications.
Even before entering into a contract, many providers provide information on APIs and requirements for them. For example, we in the company 1cloud openly tell our clients about possible vulnerabilities and what methods of protection are used.
Another way to counteract hacking is network microsegmentation. This solution uses network virtualization and allows you to assign security policies to data center applications, right down to the workload level. The application of network security policies is ensured by firewalls integrated into hypervisors already installed in the data center. This ensures that intruders will not be able to access workflows.
According to Gartner, by 2020 the number of incidents related to workloads in the cloud infrastructure will be 60% less than in ordinary data centers.
Data loss
You can lose data in different ways : attackers can damage it, or you can accidentally delete it. These problems are solved with the help of backup and snapshots . Most IaaS providers automatically copy the customer database every day. Therefore, if the provider's client contacts technical support and reports data loss, they can be restored.
Clutch interviewed 300 small and medium-sized businesses to evaluate backup efficiency in the cloud. Survey results showed that 87% of respondents are confident in the safety of backups in the cloud. A quarter of respondents say that backing up data in the cloud is much safer than local one.
Backup also protects against ransomware viruses. According to Kaspersky Lab, 15 thousand ransomware modifications appeared in the second half of this year. The total number of attacks made is 270 thousand.
The most powerful ransomware Trojans attacked users in 2017. The first attack happened in May: the WannaCry virus infected hundreds of thousands of computers all over the world. In June, the second encryption virus (Petya) recalled the benefits of backup.
/ frame from video about our Xelent data center
Physical hacking
Providers store data in a secure data center with video surveillance systems. Access to the data center is prohibited for outsiders and for most of the staff. The offender will not be able to come and take away the data carriers - he simply will not get inside.
For example, the Xelent data center, which houses the power of 1cloud, has a multi-level protection system. The perimeter of the data center is fenced with vibration sensors and cameras. The entrance to the territory is carried out through a checkpoint and strictly by passes. If the employee has forgotten him at home, he will not pass to the workplace.
As for access to virtual machine disks, it is also not easy to get it. In theory, it is at the data center workers. But in practice, they cannot use it, because data center employees, as a rule, do not have logical access to the cloud (via the network). Additionally, providers monitor traffic, encrypt data, and offer customers tools to track the state of the cloud environment.
Note that some companies use additional and even exotic solutions to enhance protection. For example, the Bank of America data center is located in an inconspicuous concrete building without signs. In appearance, the data center is a closed and impregnable warehouse that few people want to “rob”.
DDoS and DoS
To launch an application-level DoS attack, cybercriminals analyze the vulnerabilities of web servers, databases and other cloud resources. According to Corero, 40% of companies are subject to DDoS attacks monthly / weekly and daily.
In the first quarter of 2017, resources in 72 countries were attacked. China, South Korea and the United States remain the leaders in the number of DDoS attacks. The longest attack lasted 120 hours. In the second quarter of 2017, 86 countries were attacked. The record DDoS attack lasted 277 hours - 131% longer than the longest attack of the same period last year.
Providers protect services from DoS and DDoS attacks. This is facilitated by the Content Delivery Network (CDN) delivery and distribution network and Web Application Firewall (WAF) application-level protection screens.
Other integrated security technologies include artificial intelligence, automation, and machine learning. Nick Coleman, an IBM specialist, says that automation and artificial intelligence will be used everywhere to protect data in 3-4 years.
These technologies allow you to simplify and speed up the execution of routine security policy tasks and predict threats. Open source projects and frameworks , such as TensorFlow, help developers create and automatically configure policies based on an analysis of threats to external resources.
The machines show themselves well in the search for vulnerabilities: at the beginning of this year, cloud artificial intelligence helped to find 10 security holes on LinkedIn. Google , Oracle and others have high hopes for machine learning technology.
How to protect data in the cloud
Once again, summarize the most common types of attacks on cloud infrastructure and methods of protection. Provided by providers:
- Data theft entails company losses and image loss (for example, Equifax). To resist intruders, providers encrypt traffic in the cloud using HTTPS and SSL. Additional measures are also used: 2FA, network segmentation, access policy management, API protection tools, artificial intelligence, machine learning and automation.
- Data loss due to encryption viruses (Petya), ransomware Trojans (WannaCry), accident or forgetfulness may become irreversible. In order to protect client data from loss, the cloud provider uses the Backup and Snapshot functions. In addition, the supplier copies databases daily and uses reliable media. If the data is lost, the technical support provider will help them recover.
- To secure the infrastructure, providers store data in reliable data centers, use encryption, tools for tracking the environment.
- Half of the companies are subject to DDoS and DoS attacks on an ongoing basis. To protect data and prevent attacks of this type, IaaS providers launch regular checks, use CDN and WAF.
According to a study by Crowd Research Partners, 74% of respondents believe that data encryption is the most reliable way to protect in the cloud. Half of the experts surveyed noted access control as the most effective method of cloud protection. 40% of respondents voted for the introduction of interfaces for tracking and notification of threats.
PS Our other safety materials:
Source: https://habr.com/ru/post/342770/
All Articles