search menu icon-carat-right cmu-wordmark

Insider Threats Related to Cloud Computing--Installment 6: Securing Against Other Cloud-Related Insiders

CERT Insider Threat Center
• Insider Threat Blog
CERT Insider Threat Center

Hi, this is Bill Claycomb and Alex Nicoll with installment 6 of a 10-part series on cloud-related insider threats. In this post, we discuss how to secure against two other types of cloud-related insider threats: cloud exploits and those using the cloud against you.

Protecting Against Cloud Exploits

Protecting against the insider who uses weaknesses exposed through the use of cloud services is challenging, but can be addressed via diligence and planning in implementing, transitioning to, and maintaining cloud services. Enforcing fundamental security controls, such as separation of duties, least privilege, consistent auditing, data loss prevention, etc., on cloud-hosted systems is important.

Organizations should not assume that because the system is hosted by a cloud provider that security is also handled externally. Current research on this topic includes solutions by Shin et al. showing methods for authorization in Toward Role-Based Provisioning and Access Control for Infrastructure as a Service (IaaS) and access control in A Policy-Based Decentralized Authorization Management Framework for Cloud Computing.

Additionally, organizations should have agreements and policies in place with cloud providers to handle cloud-based security incidents. A plan for incident response, including offline credential verification, is essential for a timely and efficient reaction to an attack in progress. System administrators within the organization should be familiar with configuration tools for their cloud-based systems, including procedures for quickly changing access controls or even disabling cloud-based services if necessary.

Protecting Against Those Using the Cloud Against You

Detecting insiders who use cloud-based services to carry out attacks on local resources can be challenging, particularly if an organization permits internal access to these services, such as web-based email accounts. Data loss prevention tools and techniques can be effective in detecting sensitive data being sent via email or uploaded to cloud-based storage. Limiting employee access to external resources via network or host-based controls (e.g., firewalls, proxies) is another option for some organizations.

Coming up next: We'll discuss seven proposed directions for future research on cloud-related insider threats, including two in detail.

About the Author