Cloud Security

Cloud security is the practice of protecting data and applications hosted in third-party services, from AWS and Azure, to Salesforce and Microsoft 365. This has become a critical area of cyber defense as organizations accelerate digital transformation in an effort to fuel innovation, efficiency, and collaboration at scale. Yet cyber-criminals targeting vulnerable data in the cloud are exploiting this widened attack surface to launch attacks which static security tools struggle to detect and contain. This has played out in several ways:

Speed and scale of cloud attacks
Organizations are harnessing the agility and speed of cloud deployments to accelerate digital transformation, but attackers are leveraging the same efficiency to supercharge their attacks.
Complexity and diversity
Most cloud customers operate across multiple providers with diverse and incompatible controls. This often leads to increased complexity, overly relaxed permissions, and simple mistakes.
Small margin for error
Simple misconfigurations or a single compromised admin credential can have a broad impact across far-reaching environments.
Siloed defenses
The vast majority of cloud-native security controls are static and siloed, lacking the sophistication to track behavioral patterns across diverse applications and a dynamic workforce.

An immune system for cloud security

To complement static and siloed controls, organizations are turning toward self-learning cloud security for unified and bespoke protection across hybrid, multicloud, and containerized environments.

Autonomous Cyber AI:

  • Detects malicious behavior across cloud workloads and accounts
  • Manages complexity and unifies diversity across hybrid and multicloud
  • Meaningfully reduces time to detection, containment, and triage
  • Adapts ‘on the job’, and at the speed and scale of cloud deployments

Watch the video: Protecting your dynamic workforce

Cloud security risks

Insider threat

Insider threat is a dangerous attack vector which has taken on a new dimension and agility via the cloud. These types of attacks originate from within the organization – through disgruntled, careless, or compromised employees, cloud consultants, and other business associates who abuse their access to internal systems.

Malicious insiders in particular have the advantage of familiarity with the systems they manipulate. By leaking data slowly over days and weeks, these actors are uniquely positioned to compromise entire cloud environments and evade static controls designed to monitor abnormal activity.

Compromised credentials

The possibility of an external attacker using legitimate credentials has become a critical risk for organizations with little to no visibility in the cloud. By taking over an account and evading traditional security controls, these actors have the potential to jeopardize an entire organization’s cloud assets, especially as employees continue to re-use passwords across personal and professional accounts.

Beyond stealing or altering critical data, cyber-criminals can use system admin credentials to leverage the cloud’s computing power for their own nefarious purposes, spinning up cloud instances to launch extensive crypto-mining operations or Distributed Denial-of-Service (DDoS) attacks.


Beyond direct cyber-attacks, one of the most common threat vectors in the cloud continues to be critical misconfigurations. While human error can never be completely avoided, misconfigurations are often a natural consequence of the agility of deployment and rapid instantiation of test containers and data sets facilitated by the cloud, which often lead users to move quickly at the expense of security.

Unsecured APIs

Unsecured APIs have become one of the most impactful misconfigurations in the cloud, being listed in the Top 10 OWASP Application Security Risks. An application’s API is ultimately the interface to back-end data, so any vulnerability in error response handling would naturally be an attractive target for cyber-criminals with a range of motivations.

“Less than 1/3 of businesses are monitoring abnormal workforce behavior across their cloud footprint. This is alarming considering the significant increase in usage of cloud apps and collaboration platforms.”
Cybersecurity Insiders

Types of cloud security: Limitations of native and third-party tools

Against this backdrop of evolving threats, CSPs and third-party vendors have developed a range of security tools to help defend the customer’s portion of the Shared Responsibility Model, which outlines the respective security roles of Cloud Service Providers (CSPs) and customers across the main cloud service models. While these solutions can provide some measure of protection, they are often ill-equipped to defend against advanced threats in the cloud.

CSP-native security controls

Apart from securing their own portion of the Shared Responsibility Model, most cloud providers offer native solutions to help customers implement basic cyber hygiene in the cloud. These can span from firewalls, two-factor authentication and IAM tools, through to log monitoring and threat intelligence integrations.

While these native controls are a good start and can contribute to an organization’s overall defense-in-depth strategy, they are often not sufficient in practice. As organizations continue to adopt cloud services from multiple providers, native controls cannot be relied upon to provide comprehensive and adaptive coverage, as they are often exclusively designed for the cloud environment of the specific provider.

Third-party cloud-specific tools

Third-party vendors have also begun to develop cloud-specific security solutions like Cloud Access Security Brokers (CASBs), Cloud Workload Protection Platforms (CWPPs), and Cloud Security Posture Management (CSPM) to fill in the gaps left by native controls.

While these capabilities have their place, they will often fail to catch novel and sophisticated attacks due to their backward-looking approach, which relies on knowledge of past threats to spot future ones.

Cloud security solutions

Powered by Autonomous Cyber AI, the Darktrace Immune System platform fills these gaps and protects the cloud using self-learning technology that understands ‘normal’ at every layer, dynamically analyzing the dispersed and unpredictable behaviors that show up in cloud and collaboration platforms, as well as email and the corporate network. This allows the system to identify subtle deviations indicative of a threat – from an unusual resource creation or open S3 bucket in AWS, to suspicious data movement in Salesforce, to a new inbox rule or strange login location in Microsoft 365.

“We rely heavily on AWS to run predictive models that inform investment decisions, so the security of our cloud environments is absolutely critical to the success of the business. Prior to deploying Darktrace, our AWS environment was a blind spot.”
Investment Principal, Financial Services Leader
Download Darktrace Cyber AI: An Immune System for Cloud Security