Extreme Compute’s Cloud Threat Landscape Report for 2021 showed an increase in cloud application vulnerabilities. On-premises resources being used to pivot to cloud resources are the leading causes of threat actor vulnerabilities. RDP (Remote Desktop Protocol) is used to access both cloud and on-premises resources. Affirmation flaws: The remotely accessed device uses a password-based single-factor authentication approach. The risk increases if the same password is used for RDP and device access. A lack of RDP password management leads to weak passwords. Access to all ports. Threat actors know where to bypass firewalls and attempt RDP access or launch on-path attacks if TCP 3389 is not adequately managed.  

Misconfigurations

Misconfigurations are a major cause of cloud and on-premises vulnerabilities. Misconfigurations come third behind phishing and compromised passwords. Config errors and omissions cost an average of $3.86 million. Here are some common misconfiguration results:

• Unintentionally exposing data to the internet without authorization
• Public storage bucket access
• Incorrect network creation
• Providing all system users with unrestricted access to cloud data
• Passwords and keys exposed
• Compromise of Application Programming Interfaces (APIs)

Two-thirds of assessed incidents involved misconfigured APIs.  

Affirmation flaw

Credential compromise is one of the top two cloud attack vectors. Up to 30,000 cloud accounts are for sale on the dark web. Using only passwords or PINs to access cloud user and admin accounts allows threat actors to capture credentials. RDP credential compromise attacks are common. According to recent reports, 71 percent of for-sale credentials are RDP access to public cloud services. A cloud shadow IT is a service or application that is used outside of regular IT security and change management processes. Managers become impatient of waiting for IT to respond to business needs. Shadow IT thrives because policies, processes, and monitoring measures either do not exist or are ineffective. Shadow IT services frequently suffer from common cloud vulnerabilities such inadequate authentication, lack of data limits, and a lack of comprehensive risk assessment due to lack of IT and security evaluation. From on-premises to cloud compromise. One of the most common attack vectors is moving compromised on-premises resources to cloud resources. Upon breach of an on-premises system, absence of network segmentation, shadow IT operations, misconfiguration, and other systemic weaknesses enable lateral network and cloud mobility. These five cloud security issues are not isolated. Instead, they typically complement each other.  

1. Managing the Issues

Businesses often invest time and money into protecting their on-premises networks. On the other hand, they seem to pay less attention to what happens in the cloud, both approved and unapproved.  

2. Authentication issues and pivoting

On-premises resources are mirrored in the cloud. Cloud networks connecting to internal networks are high-risk trust zones. Managing traffic between the cloud and the data centre is required. There should be no trust between cloud resources and on-premises networks. This is the start of a zero-trust information processing environment. The ZTN approach handles weak authentication and threat actors pivoting from compromised on-premises systems to the cloud. During a point-in-time authentication to an object, ZTN never assumes a subject (entity attempting access) is who they claim to be (information resource being accessed). It also never implies a topic is who or what they claim to be. Adaptive authentication and explicit trust zones are ZTN tools. Login requests using adaptive authentication are checked for context. Context includes time, day of week, location, and device. Adaptive authentication can also be continuous and based on user behaviour. If the subject’s behaviour deviates too much from the baseline, they may be requested to authenticate again or logged off. Network segmentation creates clear trust zones around things. Perimeter-to-server micro segmentation utilising firewalls or VXLAN technology might be described as a step towards a zero-trust network. The resulting network segments are called trust zones. Moving from one trust zone to another may require re-authentication or stricter authentication. Consider ZTN for both on-premises and cloud infrastructure. Moving from on-premises to cloud resources is also a transition from one trust zone to another.  

3. Using RDP

To improve RDP access, consider these points. Some suggestions for managing RDP access include:

• Using MFA
• RDP software patching
• Authentication at the network level
• Using GPO to restrict RDP access
• Creating a lockout policy
• RDP over IPSec or SSH

Using RDP gateways can solve all of these issues.  

4. Managing Shadow IT

Managing shadow IT is difficult since it is not just technological. It also has a lot of political baggage. A lack of flexibility in IT encourages managers to bypass traditional processes. Policies defining penalties and continuous monitoring must exist to prevent unauthorized cloud usage. Shadow IT should be managed with collaboration and governance.  

5. Managing Misconfigs

Misconfigurations occur in all cloud environments. Policy-driven change management, continuous audits, and multi-layer configuration review significantly reduce these risks. Confidential computing and segmented access ensure even breached applications cannot be used to exfiltrate sensitive workloads.   Lastly, these five issues are not the only threats — but they remain the most consistently critical. Cloud security requires holistic management, not isolated solutions.