Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:40 PM
Connect Directly

Zero-Day Attacks Major Concern in Hybrid Cloud

Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.

Securing cloud-based and legacy systems is a balancing act, and businesses have a tough time staying upright. As the race to the cloud picks up speed, many are struggling to fully protect their hybrid environments from zero-day attacks.

Researchers at Enterprise Strategy Group (ESG) polled 450 IT and security pros in North America and Western Europe on hybrid cloud environments and containers. The results demonstrate concern around zero-day attacks and increased container adoption.

"The thesis for the study was the multidimensionality of hybrid clouds is shifting cybersecurity priorities," explains Doug Cahill, senior analyst covering cybersecurity for ESG and leader of this research, which was commissioned by Capsule8.

Hybrid infrastructures have become the major architecture in enterprise environments, a shift that has come with "major headaches and concerns," says Bogdan "Bob" Botezatu, senior e-threat analyst at Bitdefender.

"The move to hybrid happened because increasingly more organizations want to enjoy the benefit of public cloud - scalability, pay-as-you-go rates and flexibility - but also maintain control over the key infrastructure," he explains. The hybrid approach is a necessary step toward public cloud adoption, especially for companies hesitant about cloud security.

Complexity in the Cloud

"Hybrid clouds are comprised of disparate environments," Cahill says, adding that more than 80% of organizations using infrastructure-as-a-service (IaaS) consume services from multiple providers. "This tells us more workloads are moving to public cloud platforms," he adds.

More than half (56%) of respondents have already deployed containerized production applications; 80% report they will have containers in production within the next 12- to 24 months.

The adoption of new technology is a gradual, phased process and many companies are in the middle of migrating old applications to the cloud. Three-quarters (73%) or organizations use, or will use, containers for both new applications and preexisting legacy applications, Cahill says.

Despite their growing reliance on containers, many businesses will continue to at least partially rely on legacy systems for years to come, he continues. Security becomes a challenge when multiple users are accessing multiple environments from multiple different locations.

The biggest hybrid cloud security challenge is maintaining strong, consistent security across the enterprise data center and multiple cloud environments, says Cahill. Businesses want consistency; they want to be able to centralize policy and security controls across both.

Security teams also struggle to maintain the pace of cloud, an increasingly difficult challenge as cloud continues to accelerate. It used to be that cloud adoption was slowed by security, Cahill points out. Now, containers are driven by the app development team. Security has to keep up.

"One of the things we know about cloud computing in general, and about DevOps, is it's all about moving fast," he points out. "They need to keep pace with the rapid rate of change."

Compliance is a major concern for companies using hybrid cloud, adds Botezatu, who says Bitdefender polled CISOs about their biggest fears related to hybrid cloud in late 2016.

"Lack of visibility into what is happening in the big hybrid datacenter, the increased attack surface, security of backups and snapshots and security of data (either at rest or in transit) were the top five answers," he says.

More Complexity = Larger Attack Surface

The complexity of hybrid cloud environments puts organizations at risk for several types of attack. Forty-two percent of businesses reported an attack on their cloud environment in the past year; 28% said a zero-day exploit had been the attack origin.

"Part of [the reason] is the elastic nature of these environments," says Cahill of the critical zero-day threat. "Servers are so rapidly deployed and sometimes they're put into production without going through assessments and vulnerability scanning."

Common threats include taking advantage of known flaws in unpatched applications (27%), misuse of privileged accounts by inside employees (26%), exploits taking advantage of known flaws in unpatched operating systems (21%), misuse of privileged account via stolen credentials (19%), and misconfigured cloud services, workloads, or network security controls (20%).

"The security in many hybrid cloud environments is focused on the perimeter, while totally missing in-depth defenses," says Ofri Ziv, vice president of research and head of GuardiCore Labs. "This leads to environments with weak network segmentation, which is heaven for attackers and worms."

John Viega, cofounder and CEO of Capsule8, says zero-days will always be a real and unpredictable threat. "This is particularly true in production due to the impact of open source," he adds. A zero-day that appears in production from open-source software will affect a huge number of companies.

Move to Unify Security

Part of the reason security is difficult with hybrid cloud is because the majority (70%) of companies currently use separate controls for public cloud-based resources and on-premise virtual machines and servers. Only 30% use unified controls, Cahill explains.

"It's very siloed today," he says. "There are different tools for different environments managed by different people … but that's not sustainable over time. It doesn't afford the consistency of security policies across disparate environments."

This is poised to dramatically change within the next two years. By that time, 70% of respondents claim they will focus on unified controls for all server workload types across public cloud(s) and on-premise resources.

"One of the most important things a company can do is be disciplined about keeping applications on-premise or in a data center and not moving it until it is absolutely mature enough to be seamlessly be deployed in either environment," adds Viega. One way to control this is to focus on containerization in the software development process.

Related Content:


Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/28/2018 | 7:34:46 PM
Major Concern in Hybrid Cloud
This is an important topic, worthy of attention and consideration.  However, I think there are a number of false premises or assumptions, either in the report or in the minds of those that responded to the poll. 

There is always room for ambiguity to play, when we over-commit complicated ideas to simple expressions, such as "the cloud".  To begin with, cloud is style as well as place.  Many of the desirable attributes of public cloud derive from cloud as style - so are available when cloud style is applied to a private place.  Many of the less desirable features of public cloud can be avoided by not putting everything in the public place (or using "public transportation" of data). 

The article and the report seem to suggest hybrid cloud as a combination of public cloud (style, place and transport), and legacy style and infrastructure in a private place - a place soon to be abandoned as soon as the moving van is ready to roll on to "The Cloud".  However, hybrid cloud can also be a reimagining of information systems to utilize the best tools for the various tasks required to properly inform those you authorize - and not inform those you don't.  
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.