Advanced Computing in the Age of AI | Thursday, June 8, 2023

Hybrid Clouds Remain Unsecured as New Threats Emerge 

via Shutterstock

The added layer of operational complexity associated with hybrid cloud deployments is only making it harder for security teams to ward off attacks—assuming cloud users have created those teams that would ideally be working with developers and IT managers, a cloud security study concludes.

Meanwhile, security researchers have uncovered an emerging threat to bare metal cloud services.

A hybrid cloud security survey released this week by network security manager FireMon found that most security teams are unable to keep up with the scaling of enterprise cloud services. Fully 60 percent of the more than 400 cloud security managers surveyed said they are losing ground as the shift to hybrid and multi-cloud deployments accelerates.

The problem is exacerbated by inadequate security budgets and a lack of coordination between DevOps and security teams that would ideally be integrating security features into cloud-native applications.

Then there is the lack of tools capable of functioning across public and private clouds for managing network security. Only 28 percent of respondents to the vendor survey said they were using security tools that work across multiple clouds.

“Complex enterprise environments, budget constraints, lack of clarity around which team is responsible for cloud security, and the absence of standards for managing security across hybrid cloud environments are impairing organizations’ ability to secure their cloud business initiatives,” said Tim Woods, FireMon’s vice president of technology alliances.

“This problem will only be solved with a new generation of security technologies and processes that fully integrate with DevOps and provide end-to-end visibility and continuous security and compliance across hybrid environments,” Woods added.

Concerns about the security of hybrid cloud deployments grow as new threats emerge on shared infrastructure being used to deliver enterprise applications. For example, threat researcher Eclypsium disclosed on Tuesday (Feb. 26) a new vulnerability dubbed “Cloudborne” that allows attackers to implant malicious code in server firmware.

The vulnerability associated with management of bare metal servers has turned up in IBM SoftLayer and was also found to be common among other cloud services. Eclypsium reported that the vulnerability can survive removal efforts and then be passed along via a firmware backdoor.

“Since firmware underlies even the host operating system and the virtualization layers of a server, any implants would naturally be able to subvert the controls and security measures running at these higher layers,” the threat researcher noted in a blog post.

Among the possible consequences of a Cloudborne attack are disruption of applications after malicious code disables a server via a permanent denial-of-service attack, or what security specialists refer to as “bricking” a server.

Others bad outcomes include theft of data stored in hybrid clouds and increase risk of ransomware attack after firmware is used to disable servers, Eclypsium said.

“While it is easy to think of the cloud as a purely virtual environment, vulnerabilities and implants at the firmware level provide an often under-appreciated way for threats to persist in the transition from one customer to the next,” the threat researcher warned.

These and other security threats are fueling calls for standard cloud security practices as hybrid deployments accelerate. “Security must be a component of application deployments where both are synchronized to each other,” FireMon’s Woods concluded.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).