How to protect your cloud from ransomware

First, it’s important to understand the “why” around ransomware. Understanding why will help you in planning and preparing for what may occur. After any attack or breach takes place, the first questions are always “Why did this happen?” and “Why is my company being targeted?”

These are basic human reactions, but to stay ahead of an attack, these questions should be asked proactively, not reactively.

Ransomware attacks happen primarily because of vulnerabilities with access to the environment, a lack of network segmentation between public and private resources, and a gap in preventative and resiliency efforts within the architecture. Attackers exploit these vulnerabilities to gain access to the network and steal sensitive data. When sensitive data is found, the attacker encrypts it, exits the environment with the encryption keys and contacts you with their ransom demands.

As stated above, access security, network segmentation and resilient architecture are all areas that help protect against ransomware. However, because everything in the cloud is accessed through the Internet, security in these areas becomes more complex. It is therefore critical to properly define proper permissions and limit access to sensitive information within your applications, virtual machines and storage accounts.

In contrast to a private data center that has physical controls at the perimeter, the cloud does not. This potentially creates multiple pathways for an attacker to gain access and move through your network resources. You must build segmentation between public-facing resources and data that is identified as sensitive and private. Blocking this public-to-private access helps prevent lateral network movement towards the company’s sensitive and critical data.

Because an attack is thought to be inevitable, having a mitigation and response strategy in place will allow you to recover if a ransomware attack occurs. Ransomware holds data hostage at a single point in time. Therefore, implementing back-up strategies across your environment will provide a path to recover from a ransomware attack with minimal impact. The impact level will differ based on how often you back-up your cloud storage, database and compute services.

Access to critical systems and data should be limited to those who require it for their daily work. Those people that do have access should only have access when they need it. All privileges should be requested and auditable to maintain a chain of custody and activity for access to all resources and data. This brings us to the next question.

Before you define the access permissions and network segmentation, you must know where your most sensitive data resides within your virtual network. When it comes to ransomware protection, this is priority number one.

The geographically dispersed nature of the cloud creates its own challenges. However, if you plan, identify and classify your data correctly, you will be able define those locations.

It may not be possible to avoid storing certain types of sensitive information on a public infrastructure. For example, customer data will be accessed on a public website when that customer is ordering from your e-commerce site. The due diligence of understanding that it exists there will enable you to classify that data and protect its location. The blending of public and private data on the same applications and databases will require increased resiliency for the public infrastructure.

You may decide that having a public e-commerce website is mission critical. This website should be included in the same resilience and ransomware protection planning as other private applications and data.

When it comes to protecting access to resources and preventing data loss, everyone in the company shares the responsibility. Cloud technologies provide users the ability to access information from virtually anywhere. This flexibility and freedom are what attackers leverage to gain access and take malicious actions, like installing ransomware. Everyone in the company should take active ownership for protecting their online identities, just as they do with their driver’s license and credit cards.

In addition, taking proper care when handling data is an important responsibility for everyone. Understanding the data they are accessing or creating, as well as protecting who they share that information with and where it is stored, will protect the company from data loss.

Cloud security and risk stakeholders will be responsible for defining the processes, procedures and infrastructures that will create the boundaries and virtual walls that protect against ransomware attacks. This includes data access and permissions through identity and access management, as well as data segmentation within the infrastructure of storage, compute and networking.

Throughout this article, we have discussed different considerations and approaches to protect your company from a ransomware attack. You have probably noticed that there isn’t just one magical solution to protect your cloud environment against ransomware or other attacks. You should have a multi-faceted approach to protecting against these attacks.

One such approach employs defense-in-depth as a protection strategy, as illustrated below.

These questions and answers should serve as a foundation for planning your cloud environment and protecting it from security threats like ransomware. However, these should not be considered the only questions to ask. There may be others based on regulatory and standards compliance, as well as company-specific requirements and policies. Hopefully, this list will get you thinking about ways to protect your company against ransomware and other threats.