Cloud Security – NSA Guidelines


Cloud Security - NSA Guidelines

The National Security Agency has released a detailed examination of methods used to attack cloud providers. There is growing concern these services could be a weak spot in companies’ cyber security defenses in 2020.

The NSA advisory contains detailed descriptions of attack methods observed by U.S. intelligence agencies and steps on how to counter them.

Cloud providers and managed service providers are attractive targets for hackers, as a successful attack could provide access to sensitive systems for dozens or hundreds of client companies.

The guidance focuses on four primary areas of cloud security:

Misconfigurations in cloud systems

As an example, the NSA cited configuration errors from defense contractors that exposed data from the National Geospatial-Intelligence Agency in 2017.

Poor access controls, such as weak authentication methods

The agency said the Iran-based Mabna hacking group has been able to bypass multi-factor authentication systems by subverting other controls.

Crowded servers

Some systems that allow several companies to be hosted on the same cloud server can be vulnerable to attack, the NSA warned, enabling hackers to attack multiple targets with one successful breach.

Supply-chain vulnerabilities

The NSA cited the ShadowHammer cyberattack campaign in March, which used flaws in computers made by Asustek Computer Inc. to install malware through legitimate software updates as one example.

NSA Cloud Security GuidelinesMalicious insiders, criminals and nation-states are examining weaknesses in cloud security, the NSA said, with varying objectives. Criminals and insiders might look to exploit sensitive information or destroy it, for instance, while nation-states might attempt to use access to these servers to gain entry to more sensitive systems at a cloud provider’s customer. Untrained or neglectful employees also could inadvertently allow attackers to gain access to sensitive information by failing to properly follow security procedures, the agency said.

Microsoft Premier and Unified Support Alternative - US Cloud

Next Steps:

Save 30-50% with US Cloud

Enterprises worldwide are replacing Microsoft with US Cloud to save 30-50% on support costs.

Enjoy ultra-responsive, 24/7 fanatical global support from domestic US teams while freeing up funds to invest in innovation, create competitive advantage, and drive growth.