Access To Data as the
Cloud Evaporates

As you descend through the layers of cloud technology,
threats become more physical and privilege escalation
becomes easier

Guy sitting in front of four monitors

End users are an easy attack vector into public and private clouds

  • Make poor password choices
  • Click unsolicited links in email
  • Use untrusted computers to access secure networks
Photo by Martin Terber. License
Person using a tablet

Cloud connected tablets and mobile devices create a simplified attack surface

  • Sensitive email may be sent through and stored on shared use cloud systems and phones or tablets
  • Apps for tablets and smartphones to connect to industrial control systems (ICS) for monitoring or control
  • Mobile devices and tablets are not designed for security and lack adequate safeguards
Photo by ebayink. License
Man stealing phone from a woman sitting at an outdoor table with her back turned

Mobile devices including laptops, cell phones, and tablets are easy and attractive targets for physical theft

  • It is common for these devices to have persistent cloud connections, stored credentials, and proprietary or sensitive information
  • Persistent cloud sync creates potential for larger leaks from device theft

Cloud Service Providers

Cloud service providers

Third Party Cloud services often rent underlying services from providers

  • Cloud service providers often rent from IaaS providers such as Microsoft or Amazon
  • Cloud service customers could use their access to launch attacks against other customers
  • Cloud service providers offer their services to multiple clients, which could have unforeseen vulnerabilities and consequences
Login screen

Login portals and control panels are common points of attack

  • Common login portals are an attractive attack vector
  • Control panels and management portals may lack proper privilege separation
  • Portals are often public and often use publicly available usernames
Conceptual rendering of databases

Private databases often run on shared hardware

  • Cloud service providers are attractive targets due to the volume of customer records
  • Databases are difficult to protect and need multiple protection strategies for data at rest, data in process, and data in motion
  • Divergent protection strategies can ignore or hamper each other
Multi-tenancy

Multi-tenancy complicates defense strategies

  • Multiple customers share physical infrastructure within cloud environments
  • Attackers can use placement techniques to try to opportunistically deploy on shared hardware with targets
  • Exploitation can occur through shared servers, software, databases, network interfaces and switches
  • More info

Administrative Provisioner

Infrastructure service worker

Infrastructure as a Service as an Attack Surface

  • Attackers have a wide variety of entry points, both digitally and physically
  • IaaS providers may be reliant on real estate companies to build, run and/or operate facilities
  • Contractual agreements range from full control of a facility by one customer to renting portions of a shared facility, access control is often not fully under the IaaS provider's purview
People icons with arrows towards disks

Colocated Data Centers Increase Shared Risk

  • Individual IaaS provider may have a "cage" where networking equipment is located
  • Cages are often access controlled by traditional key, key card, or biometrics
  • Access control to facilities is typically managed by third party security vendors
Infrastructure service worker

Shared Responsibility without Equally Shared Consequences

  • Though a provider may offer a contract with a service level agreement (SLA), downtime may have more dire consequences for customers than providers
  • Threats to data confidentiality or integrity of critical infrastructure providers may have consequences that include loss of life and national economic impacts
Tomas Gonzalez-Torres, STS-125 Lead Spacewalk Officer

Remote Management of Physical Servers Can Subvert Virtualized Security Controls

  • Remote management consoles offer full access to individual machines with the ability to make significant changes to physical configurations
  • Improper network segmentation can allow access from unsecured networks
  • Software vulnerabilities can allow access to users' resources
World map with flags

Cloud Infrastructure Spans Jurisdictional Boundaries

  • Cloud providers often have physical hardware in multiple legal jursidictions, complicating legal disputes
  • Cloud data may be migrated by automatic provision and replication systems to customer
  • Hostile geographic localities
  • Data housed in a given country may be subject to that countries laws, seizure, and/or interception
Map made by Mason Vank.

Data Center Facility Owner

Data Center Employee

Responsibility for Physical Access Control May be Spread Across Several Parties

  • The facility owner of a data center often controls physical access to facilities, equipment, and servers including: Customer access (Security), Facilities management (cooling, water, electric), Telecom installation (fiber)
  • These services may be contracted to third parties
Photo by Tuesday Digital. License
Sets of cooling towers in data center building

Remote Access to Maintenance Systems may offer a side-channel Vulnerability

  • Remote access to heating, ventilating and air conditioning systems is standard practice and can be an attack vector
  • On-site HVAC equipment maintenance via third-party contractors is also a threat
  • Remote access to power equipment is another plausible attack vector
Facebook engineer Joshua Crass holds up a server board

Personnel vetting presents problems for cloud providers and customers

  • Security and other personnel are a serious potential attack vector
  • Personnel vetting is not standardized across the industry and is often limited to simple employment background checks
  • Employees may have full access to the facilities
  • Neither cloud customers nor cloud service providers typically have influence over emplyee vetting for IaaS providers or facility owners
Photo by Intel Free Press. License
Fiber optic cable being put into the ground

Cable Entry Points and Switching Rooms are Often Critical Points of Failure

  • Cable entry points or shared fiber vaults are be attractive targets for data siphoning or vandalism
  • Damage to data center switching rooms could cause extended facility outages
  • Meet me rooms or shared spaces may allow indirect access to other customers equipment
Room with empty chairs and monitors

Security and Network Monitoring are an attractive target

  • Security feed, CCTV, and network monitoring are remotely accessible - a significant compromise danger
  • CCTV feeds can be used to establish patterns in security personnel for physical or social engineering attacks
  • Network monitoring access could permit significant reconnasaince about customer networks
Orbital in the telecommunication room

Fiber Conduits and Cable Trays are shared amongst data center customers

  • Cable trays are common use and generally run through uncontrolled space, outside customer security perimeters
  • When cable faults are detected, common practice is to cut off cable ends and leave the remainder in the tray, which could later be repurposed maliciously
  • Data taps could theoretically be injected in shared cabling areas