The cloud: rapid adoption and rising levels of attacks

Research just published claims to show that there has been a significant increase in attacks against cloud and on-premises IT systems.

Microsoft boosts Internet encryption and transparency
Microsoft boosts Internet encryption and transparency

The Spring 2014 cloud security report from Alert Logic, the Houston-based SaaS cloud services provider, says that the increase in cloud attacks is correlated to the growth of cloud adoption in the enterprise.

According to Rahul Bakshi, the firm's director, a growing number of businesses are now storing their critical data in the cloud.

"At the same time, the bad boys seem to be aware of this, and are also pointing their attacks into the cloud," he said.

So why are companies moving to the cloud - despite the rise in the attack volumes?

This is, Bakshi answered, because a growing number of businesses are starting to solve their cloud security issues.

The Alert Logic director went onto say that his company plans to open offices in the UK in the near future - and is also opening its own data centre in the UK (based in Cardiff, Wales).

"This is UK data in a UK data centre, so the PATRIOT Act does not apply," he said, mentioning a concern that many companies have about hosting their data with a US-based cloud service operator.

The USA-PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act dates from 2001 and allows the US government and its agencies access to all data held by a US company, even on behalf of its clients and users.

Both the Electronic Privacy Information Centre (EPIC) and the Electronic Frontier Foundation (EFF) have criticised the law as unconstitutional.

Delving into the report reveals that, despite apprehension about security risks, the mass adoption of cloud platforms continues to grow - and with it comes an increase in attacks.

"Overall, the data presented in this edition of the Cloud Security Report indicates that the threats in the cloud are growing in two dimensions: the total number of attacks is increasing, and attacks that were historically directed at on-premises environments are now moving to the cloud," says the analysis.

"Although, comparatively, on-premises environments are more frequent targets, this should not undermine the fact that attacks directed at [cloud hosting providers] have increased significantly and are expected to continue at a rate that matches the accelerated pace of cloud adoption and the continued migration of more valuable workloads to the cloud," it adds.

For its research for the report, Alert Logic created several `honey pots' - open servers designed to attract hackers and cybercriminals - in the cloud, and found that the highest volume of attacks occur in Europe, where honey pots experienced four times the number of attacks as the US, and double the number of attacks seen in Asia.

"14 percent of the malware collected through our honeypot network was considered undetectable by 51 of the world's top antivirus vendors," notes the analysis.

Commenting on the report, Laurie Mercer, a consultant with Context Information Security, said that most attackers are indifferent these days as to whether a target is hosted on-premise or cloud hosted.

"The same vulnerabilities that affect on-premise solutions and infrastructure will affect cloud hosted implementations," he said, adding that when using shared hosting solutions, organisations should ensure that they apply security hardening procedures, perform regular penetration testing, implement monitoring solutions and represent the system in incident response planning – just as they would with on-premise hosted information systems.

"If those organisations cannot apply security hardening policies or monitoring - for instance where applications are completely hosted and managed by the cloud hosting provider - they must ensure that the provider is compliant with their own information security policy," he advised.

Keith Bird, UK managing director of Check Point, picked on the honey pot issues identified n the report, noting that malware is getting more sophisticated in being able to avoid detection by traditional antivirus solutions.

"In February and March this year, our threat emulation sandboxing technology detected over 53,000 previously-undiscovered malware threats, which shows the rate at which organisations are facing advanced new attacks," he said, adding that the attack landscape is continually changing, and enterprise security solutions need to keep pace.

"If those organisations cannot apply security hardening policies or monitoring - for instance where applications are completely hosted and managed by the cloud hosting provider - they must ensure that the provider is compliant with their own information security policy," he advised.