As businesses move to the cloud, the rapid adoption of Infrastructure as a Service (IaaS) is no surprise. Unfortunately, securing the cloud and the data within it is no easy task. The speed and complexity of cloud computing requires a new, software-defined approach that differs from the strategies employed in a traditional, on-premise data center, leaving many wondering where to start.
For all the benefits that the cloud has to offer, some of the biggest causes for concern are questions around security. How do you know if you were breached if the server no longer exists? How do you protect yourself from insider threats, external attacks, and data loss in this new elastic, ever changing infrastructure? How can you have confidence that your cloud service providers security capabilities are up to snuff, when you don’t have visibility into who is accessing your data?
Look no further than the headlines to know that efforts to protect the cloud from attacks often fail. After attackers compromised the company's Amazon Web Services (AWS) account, Code Spaces, a cloud-based hosting platform that enabled development and collaboration for software teams, was forced out of business. Within 12 hours the company's Apache Subversion repositories and Elastic Block Store volumes and nearly all of its virtual machines were destroyed. By the time the company reclaimed its dashboard, the attackers had created alternative AWS logins, questioning the overall security of the system further. The company chose at that point to shut down and help its customers migrate any recoverable data to other services.
With hindsight we can ask ourselves, what could Code Spaces have done to stop this type of attack? Were there steps it could have taken beforehand to prevent the breach? Were there ways Code Spaces could have slowed down the attack or stopped it in its tracks?
In an era when attacks are becoming more sophisticated and motivations are harder to pin down, organizations must employ strategies to protect against threats to their cloud infrastructure. One such strategy is to defend like an attacker. Created by Lockheed Martin, the “Cyber Kill Chain” model has traditionally been used to describe the evolving stages of a cyber attack. However, if this model is applied to internal security processes it’s possible for an organization to identify a compromise and eliminate threats before they result in a security breach and data loss that could potentially bring down the entire business, like in the case of Code Spaces.
By approaching the security of your cloud with the mindset of an attacker, you will be able to uncover weak spots and employ more effective defense strategies. Let’s take a look at each step of the Cyber Kill Chain and get into the mindset of an attacker.
During the reconnaissance step an attacker gathers information before starting the actual attack. This can be done by looking for publically available information on the Internet in order to find a target that has vulnerabilities that can be compromised; or by seeing what vulnerabilities exist within the cloud infrastructure of a specific organization.