The advent of cloud applications has made it much easier for organizations of all sizes to evaluate and adopt new applications. The move to Software as a Service (SaaS) has removed the need to go through a lengthy process of purchasing and installing hardware before installing and configuring software. The ongoing updates and maintenance of a SaaS application are also performed by the app provider. Trying out a new application has now become as simple as pointing your web browser at the website of the application provider and then entering credit card details once you have decided that the app is right for you.
Using Cloud Based Applications is Unavoidable
While we immediately think of email and office automation, provided through packages such as Microsoft’s M365 or Google Workspace, the move to cloud-based apps has been much more far-reaching. We are seeing a continuous march of applications used in all areas of business into the cloud. Aside from the ease of procurement and deployment associated with cloud apps, the fact that they can be accessed from “anywhere” makes them increasingly attractive. Marketing, sales and CRM applications have been moving to the cloud for a number of years. Stalwarts such as Salesforce have been in the cloud for decades and newer entrants like Hubspot were born in the cloud. Messaging and collaboration applications represent another group of apps which naturally fit in the cloud as they are intended to connect users who are everywhere. Apps in this space that quickly come to mind include Slack, Microsoft Teams and Zoom.
The move to the cloud hasn’t stopped with these newer applications. More traditional business applications are also joining the journey to the cloud. Even traditional Enterprise Resource Planning (ERP) applications like SAP, which began in the mainframe era, are finding it necessary to move into the cloud to compete with newer entrants. Almost all human resources software is now available as a cloud app with notable examples including Workday, SuccessFactors and BambooHR.
Digital transformation has also quite literally moved the execution of business transactions into the cloud with companies like DocuSign and IronClad providing the tools needed to manage and sign contracts and legal documents in the cloud.
While using cloud-based applications is usually much simpler than deploying applications on premises, it isn’t without its risks. To start with, control over the availability of the application now rests in somebody else’s hands. That said, the providers of cloud-based applications usually have far greater resources at their disposal to ensure that their systems remain available than the average business does. More importantly, businesses that use cloud applications are handing over the management of their data assets to somebody else. This is where it becomes clear that security is a very important consideration when using cloud applications. One of the most important factors that needs to be considered is that cloud providers make use of what is known as a “shared responsibility model” when it comes to security. While the application provider is responsible for security of the platform and providing the tools necessary to authenticate users and secure data, it is up to the customer to take responsibility for managing credentials (user names) and ensuring that access to data is configured and managed correctly.
List of Cybersecurity Breaches of Cloud Based Applications
Despite the best efforts of both application providers and customers to live up to their side of the shared responsibility model there have still been some notable breaches, as we will see in the examples below.
- Microsoft, while being one of the largest providers of security products, is still not immune to breaches of its services, as some customers of its email services discovered earlier this year. Microsoft began an investigation after it received reports from a US federal agency of unusual email activity. It was discovered that a threat actor known as “Storm-0558” managed to breach Outlook Web Access through the use of forged authentication tokens. It is believed that this breach might have been espionage-motivated, although it is understood that no classified data was stolen.
- Zoom’s video-conferencing application has also been a frequent target. Often this has been through careless use, where customers don’t use the security controls provided by Zoom and unauthorized outsiders gain access to video calls in what is sometimes called “Zoombombing”. In more serious instances, threat actors have distributed fake Zoom installers that have also installed malware. These issues together with a number of security vulnerabilities in the Zoom application itself have presented a significant number of security issues for Zoom to overcome.
- Google has also not been without its share of security challenges. In one example, dating back to 2016, a malware campaign known as “Gooligan” which infected devices and then stole authentication tokens resulted in over a million Google accounts being compromised.
- A perennial problem for application providers is the risk of threat actors somehow getting access to credentials belonging to their staff. This happened to Hubspot when a threat actor managed to get access to an employee’s credentials and then targeted cryptocurrency businesses who were using Hubspot’s marketing tools.
As these examples show, despite the efforts of application providers to secure their platforms and of customers to configure application security correctly, there is still a risk that breaches can occur.
XDR Analyzes Telemetry from Cloud Applications
Fortunately most cloud applications generate telemetry which provides details about access and configuration changes. This telemetry can be used to detect attempts to breach security. In fact, with detailed analysis it is even possible to detect breaches which are the result of social engineering by uncovering access patterns which are unusual.
What users of cloud applications need is tooling which allows them to analyze large volumes of telemetry coming from multiple application sources and then to present alerts in a single location. This is something that XDR does well, and increasingly XDR is becoming the toolset of choice to analyze the telemetry generated by cloud applications.
Samurai XDR allows you not only to connect the telemetry sources from your endpoints and on-premises infrastructure – it can also ingest and analyze the telemetry coming from your cloud applications, providing you with a single location to manage all of your security alerts. To simplify your threat detection and response across your IT infrastructure and cloud applications, start your free trial of Samurai XDR today.
Featured articles
How to Build a Resilient Cybersecurity Strategy for MSPs
26 September 2024 | Webinars
In today's rapidly evolving threat landscape, MSPs are on the front lines of cybersecurity. As threats become more sophisticated, MSPs...
MSP Blueprint: Proactive Threat Hunting with XDR for Enhanced Cybersecurity
12 September 2024 | Cybersecurity 101
This article explores how Managed Service Providers (MSPs) can leverage Extended Detection and Response (XDR) to enhance proactive cyber threat...
The Importance of XDR for Regulatory Compliance
5 September 2024 | XDR
The SEC's 2024 cybersecurity disclosure rules mandate public companies to disclose incidents and detail their risk management strategies. Even non-public...