copensec@copensec.com ~ $
CopenSec Marketing Logo

The Cloud - Shadow DataCenter.....?

published
reading time
4 minutes

Cloud - Shadow datacenter?

As organizations rush to adopt cloud-first strategies, many are unknowingly creating new security blind spots. Without proper oversight and security controls, cloud environments can become shadow data centers - accessible to attackers but invisible to security teams. This post examines a real-world incident that highlights the critical importance of treating cloud infrastructure with the same security rigor as physical data centers.

In a fast changing world of IT and specifically Cloud Datacenters, or cloud first architecture, new attack vectors open up for Cyber Criminals.
As a cyber Security Consultant, with focus on Network security, I often find, that companies lack insight in their cloud environment.
The case is often, that management has ordered a focus on cloud, without proper funding or at least proper focus on getting the help/knowhow to implement this.

Let me give you an example. A customer called in panic, their entire production Database was gone! No one knew what had happened, but during the night, they started getting alerts, that customers couldn’t see any of their previous orders or place new ones. Of course, this lands on the developers desk; all good application wise, on to the Operations/Devops team; shoot, where’s the DB?! Restore a backup from yesterday afternoon. BACK IN BUSINESS! But what happened? Luckily in this case, the board asked for a root cause on why customers weren’t able to place orders, for a whole night, and a good part of the day. I say luckily, because what they found, was not good.

A developer, who was not employed anymore, had set up a test VM, where he could test new versions of their software. He also allowed RDP access to the machine, and since it was his DEV machine, he allowed it access to both test and prod Databases in order to troubleshoot the software, I guess. And since only the application servers was supposed to be in Azure, and were changing often, all Vnets in Azure, had full access to the on-prem server networks. What they discovered, was that an attacker had brute-forced the RDP credentials on this forgotten machine, downloaded the entire production database, and then deleted it afterwards.

The key takeaway from this, as i see it, is to treat the Cloud environment as another datacenter, the same way you would a physical. It might sound obvious, but we see too often, that is not the case.

How to do it then

In my perspective, the Cloud services brings a needed change in the way IT operates. Most importantly for the businesses, it adds a faster and more reliable way to scale, that being up or down, without needing new hardware and physical network equipment. For developers, it’s a lot faster to spin up new environments, that being for testing new software versions, features or creating brand new services. For the classical Operations teams, it also free up time for them, if we see them, as we used to, before introducing the DEVOPS role.

But, from the perspective of Security teams, the change has happened backwards in most cases. meaning, that instead of implementing with Security in mind, it has been with ease of mind. And then adding Security on top of that, is prone to go sideways. Either for Security or the Developers.

The incident described above could have been prevented with basic security hygiene: regular access reviews, proper network segmentation, and decommissioning processes for departing employees. Modern cloud security tools can help prevent such incidents:

  • CNAPP (Cloud Native Application Protection Platforms) provide comprehensive visibility across your entire cloud infrastructure, detecting misconfigurations and vulnerabilities before attackers can exploit them
  • Live logging and SIEM integration enable real-time monitoring of access attempts, failed logins, and suspicious activities - the RDP brute-force attack would have been detected immediately
  • PAM Making sure, that employees only has access to ressources they need, and only when they need it
  • Next-generation firewalls with proper segmentation prevent lateral movement, ensuring that even if one system is compromised, attackers can’t access critical databases

As cloud adoption accelerates, these fundamentals become more critical than ever. Don’t let your cloud become a shadow data center - make it visible, manageable, and secure.

To get started on Cloud Security, consider the following:

  • Deploy CNAPP solutions for continuous cloud security posture management
  • Implement zero-trust network architecture with segmentation
  • Implement Priviliged Access Control, with just in time access
  • Set up centralized logging with real-time alerting for failed authentication attempts
  • Establish regular testing of cloud environments

About the writer

Picture_rw
Rasmus Wiegman
Senior Cyber Security Consultant & CEO in CopenSec
14 years of experience in Cyber Security & Consulting
Tech Lead - CheckPoint Cloud Solutions