What’s next for ransomware? First on the list is public cloud ransomware, by which we mean ransomware that targets and encrypts data stored in public cloud services like Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP). Public cloud adoption is growing, with organizations using it in multiple ways.
For many, it is simply a replacement for the physical on-premises servers they used to store data. Whereas previously employees would save files to the server at the back of the office, now they save them to servers in the cloud. Another popular use case is for running web applications, such as running a website or providing web-based services. The third main use case for the public cloud is software development. Software engineers are increasingly writing code on public cloud servers as spinning up a server in the cloud is quicker and easier than building physical environments.
The public cloud offers lots of advantages. When it comes to security, however, there is a lot of uncertainty and confusion around responsibilities. Many people are unaware of which
parts of security ownership sit with the public cloud providers, and which parts sit with the customer. This uncertainty leads to gaps in protection, presenting ransomware actors with
a treasure trove of valuable data that’s ripe for encryption.
The allure of the public cloud doesn’t stop there. The rapid increase in volume and value of data stored in the cloud gives cyber criminals a greater target to go after. Plus, weak configuration and open public access to cloud resources (be that storage buckets, databases, user accounts, etc.) make it easier for criminals to breach open databases.
The first step to protecting yourself from public cloud ransomware is understanding the public cloud shared responsibility model. In short, this means that you are responsible for securing everything you put in the cloud, including all your data, as well as access to the public cloud. The public cloud providers are responsible for the security of the cloud. This includes the security of the physical facility where the data centers are located.
You should apply the same basic principles to your cloud-based data as your on-premises data. So just as you use server protection and a firewall on premises, so you should use server protection and a firewall to secure data in the public cloud. Plus, you need to know what you’ve got in the public cloud, so you can make sure it’s secure.