On March 4th, 2021, the Infosec and compliance firm Qualys, a member of the Forbes 100 and a provider of security auditing services to over 10,000 customers globally, experienced an attack by a Clop Ransomware zero-day exploit target affecting the Accellion FTA server – a legacy file transfer technology. Many other companies were also targeted, but Qualys has stated that no ransomware was installed in their system, nor was there any request for payment received. Qualys uses the FTA server in a segregated DMZ environment for their customer support system. It is completely isolated from the production systems that are used to support Cloud based security auditing services and related information. Independent information security experts have classified this as a “security incident” rather than a “breach.” In other words, the Qualys Cloud Platform itself remained secure and was unaffected.
Should an incident like this create concern about the security of Cloud applications in general? Qualys is a global leader in Information Security. The QID findings created by their auditing tools are a key metric for Security Auditors in major enterprise networks. It is understandable that an instinctive reaction may be to question the overall security of the Cloud, especially using Cloud hosted applications. But this concern might better be directed towards the security of one’s own network. The major “brand name” Cloud Service providers – IBM Cloud, Amazon Web Services, Microsoft Azure, and others – place a much higher priority on security than small organizations and less well established independent Cloud service providers. They typically secure the auditing services and certifications provided by formal third-party security assessments, which are conducted by organizations and agencies including the Federal Risk Authorization and Management Program (FedRAMP,) Service Organization Control (SOC) 2, and the ISO 27001 (International Organization for Standardization.)
What does this mean in practical terms? The Gartner Group has estimated that, through 2022, at least 95% of Cloud security failures and breaches will be attributed to security failings within the Cloud customer’s own premises equipment and networks. Cloud computing, and the security practices related to its usage, should never be used in a way that is less secure than the prudent practices deployed to secure traditional in-house networks. In many organizations, Cloud security usage occurs before the development and enforcement of robust strategies related to this usage. There is no technology that is 100% secure, and when regulated or sensitive data is present, use of unapproved or not fully vetted Cloud services presents significant risk. Most reported security incidents and breaches are related to “open shares,” in which a user intentionally or even accidentally exposes sensitive data to outsiders. This most commonly occurs due to mechanisms widely used in IaaS and SaaS (Infrastructure as a Service and Software as a Service.)
What does this mean for organizations already using Cloud services, or about to embark on doing so? An inventory of Cloud service services currently in use should be conducted, and documentation of the individuals who “own” those programs internally, or are responsible for their use, should be created. Additionally, a comprehensive set of security policies specifically related to Cloud usage should be established and enforced.
How can Datacom Systems help? We often say “you can’t protect what you can’t see.”
We specialize in providing products such as SINGLEstream Network Taps and VERSAstream Network Packet Brokers, which help create greater visibility for a broader array of tools in key places on your network. Bolstering this are DURAstream Network Bypass Switches, which provide an assurance of 100% uptime for in-line tools such as IPS (Intrusion Prevention Systems) and DPI (Deep Packet Inspection.) Contact our Sales Team to arrange a technical discussion that can help to identify areas of interest and suggestions for implementation that are cost effective and robust.