There are two major types of public cloud computing attacks: single-tenant and cross-tenant. A cross-tenant attack is the stuff of IT nightmares, but it has not yet occurred. (In a cross-tenant attack, the hackers gain root-level access to the cloud and thus access to most or all of the tenants -- including you.)
Single-tenant breaches are more likely to occur. In these attacks, the hacker has compromised one or more machine instance, but can't go beyond that. The most likely cause of a single-tenant breach is that user IDs and passwords have been compromised. That's typically due to malware or phishing attacks on client devices. In this case, it's all on you; the cloud provider has done its job, but you haven't done yours.
When such breaches occur, hopefully you'll figure it out quickly. When you recognize the breach, the best response is to invoke a prebuilt set of processes that can do the following:
- Shut down the instances -- computer, storage, or both -- that have been compromised. That prevents any activity, whether good or bad, until the problem has been corrected.
- Audit the security system to determine how the attackers gained access and what they did while in the system. Isolate the hackers and remove their access from the system.
- Resecure the system and make users change their passwords before they are granted renewed access.
Of course, this does not address the core problem -- it only fixes a single intrusion. To address the core vulnerabilities of single-tenant attacks:
- Establish proactive monitoring mechanisms to ensure that odd activity is spotted quickly, and the relevant cloud instances are defended. For example, monitor for access from a foreign IP address and for multiple login failures.
- Consider using encryption, at least with your data at rest. That way, even if hackers gain access, your data remains protected.
- Implement identity and access management.
- Consider using multifactor authentication and other types of access mechanisms that provide better protection at the user-access level.
- Review the security services that your cloud provider offers, and consider using any that apply. It can be better to use the native security capabilities than to bolt on your own or those of third parties.
As more workloads move into the public cloud, we'll see more attacks. That's what happens when any platform, cloud or not, gains popularity. But if you're proactive and invest in modern security mechanisms, you'll discover that the cloud is a more secure place for your applications and data than your datacenter has been.