RISING ABOVE THE CLOUDS: COMPREHENSIVE ANALYSIS OF 2023 SECURITY INCIDENTS AND ENHANCING FUTURE CLOUD SECURITY POSTURE
Keywords:
Cloud Security, Public Cloud, Amazon Web Services, Azure, Google CloudAbstract
In 2023, cloud security reached a pivotal moment after two decades of widespread adoption. Public cloud adoption and migration to public cloud showed no sign of slowing down in 2023. More organizations are adopting cloud-native applications with the rapid introduction of new cloud services and features to reduce the operations burden and rapid development. The increasing adoption of cloud-native technologies amplifies the risk landscape, creating more opportunities for cybercriminals through vulnerabilities and misconfigurations. As more organizations rely on cloud computing services, ensuring cloud security measures becomes increasingly important. This paper looks at cloud security incidents from 2023, renowned industry reports, case studies, and information available in the public domain to provide a holistic view of current security gaps and the emerging threats organizations face. This paper aims to guide security professionals, decision-makers, and anyone navigating cloud security challenges by providing a practical cybersecurity hygiene recommendation for mitigating emerging risks. Awareness created via this paper will help organizations revisit their cloud security roadmap, likely consolidation of security tools, investment in people and processes, and adopt new strategies to combat emerging threats.
References
Amazon.com, Inc. (2002, July). Amazon.com launches web services https://press.aboutamazon.com/2002/7/amazon-com-launches-web-services-developers-can-now-incorporate-amazon-com-content-and-features-into-their-own-web-sites-extends-welcome-mat-for-developers
Palo Alto Networks. (n.d.). Unit 42 cloud threat report, volume 7. Palo Alto Networks.https://start.paloaltonetworks.com/rs/531-OCS-018/images/4.13PM_unit42-cloud-threat-report-volume7-final.pdf
Darktrace. (n.d.). The CISO's guide to cloud security. Darktrace. https://assets-global.website-files.com/626ff4d25aca2edf4325ff97/653a78d624f41929faf4fa69_The%20CISOs%20Guide%20to%20Cloud%20Security_Darktrace.pdf
Gartner. (n.d.). Is the cloud secure? Gartner. https://www.gartner.com/smarterwithgartner/is-the-cloud-secure
SentinelOne. (2023, May 24). Evolution of cloud security | Looking at cloud posture management throughout the decades. SentinelOne. https://www.sentinelone.com/blog/evolution-of-cloud-security/
Expel. (2024). Annual Threat Report 2024. Expel. https://expel.com/wp-content/uploads/2024/01/Annual-Threat-Report-2024.pdf
Datadog. (n.d.). State of cloud security. Datadog. https://www.datadoghq.com/state-of-cloud-security/
IBM. (n.d.). Data breach report. IBM. https://www.ibm.com/reports/data-breach
Thales Group. (2023). 2023 cloud security study: Global edition. Thales Group. https://cpl.thalesgroup.com/sites/default/files/content/CLOUD_AMI_pages/2023/2023-cloud-security-study-global-edition.pdf
Google Cloud. (2024). Cybersecurity forecast 2024. Google. https://services.google.com/fh/files/misc/google-cloud-cybersecurity-forecast-2024.pdf
Wiz. (n.d.). All incidents. Wiz. https://threats.wiz.io/all-incidents
Microsoft. (2023). Digital defense report. Microsoft. https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
Mandiant. (2023). M-trends 2023. Mandiant. https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023
Sophos. (2023). Active adversary report for security practitioners 2023. Sophos. https://assets.sophos.com/X24WTUEQ/at/kg2pgwrg895w2zkszsr7qhz/sophos-x-ops-active-adversary-report-for-security-practitioners-2023.pdf
Sysdig. (2023). 2023 Global cloud threat report. Sysdig. https://sysdig.com/content/c/pf-2023-global-cloud-threat-report?x=u_WFRi
Red Canary. (2023). 2023 Threat detection report. Red Canary. https://resource.redcanary.com/rs/003-YRU-314/images/2023_ThreatDetectionReport_RedCanary.pdf
Varonis. (2024). Cybersecurity statistics. Varonis. https://www.varonis.com/blog/cybersecurity-statistics
Cybersecurity and Infrastructure Security Agency (CISA). (2022). Report on Log4Shell. CISA. https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf
PwC. (n.d.). Global digital trust insights. PwC. https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html
Tenable, Inc. (n.d.). CNAPP: Holistic security for AWS, Azure, and GCP. Tenable, Inc. https://static.tenable.com/marketing/whitepapers/Whitepaper-CNAPP_Holistic_Security_for_AWS_Azure_and_GCP.pdf
Netskope. (2024). Cloud and threat report 2024. Netskope. https://www.netskope.com/netskope-threat-labs/cloud-threat-report/cloud-and-threat-report-2024#pillar_content_16
Cloud Security Alliance. (2023, June 29). Cloud security threats to watch out for in 2023 https://cloudsecurityalliance.org/blog/2023/06/29/cloud-security-threats-to-watch-out-for-in-2023-predictions-and-mitigation-strategies
Taft, D. K. (2023). The unhappy reality of cloud security in 2023. InfoWorld. https://www.infoworld.com/article/3700650/the-unhappy-reality-of-cloud-security-in-2023.html
Palo Alto Networks Unit 42. (n.d.). Web API attacks in the cloud. Palo Alto Networks. https://unit42.paloaltonetworks.com/web-api-attacks-in-cloud/
Palo Alto Networks Unit 42. (n.d.). Exposed services in public clouds. Palo Alto Networks. https://unit42.paloaltonetworks.com/exposed-services-public-clouds/
Palo Alto Networks. (n.d.). Unit 42 cloud threat report, Volume 6. Palo Alto Networks.
https://www.paloaltonetworks.com/resources/research/unit-42-cloud-threat-report-volume-6
Palo Alto Networks. (n.d.). Gartner market guide for cloud workload protection platforms. Palo Alto Networks. https://www.paloaltonetworks.com/resources/research/gartner-market-guide-cnapp
