Security Market Segment LS
Tuesday, 14 May 2019 19:01

Cloud has increased the security threat, says Check Point pro

Ran Nahmias: "In the cloud, a database admin can spin up a database, put whatever sensitive data you want to on it and if the admin inadvertently unchecks two boxes, that database is exposed to the whole world." Ran Nahmias: "In the cloud, a database admin can spin up a database, put whatever sensitive data you want to on it and if the admin inadvertently unchecks two boxes, that database is exposed to the whole world." Sam Varghese

The transition to the cloud may result in increased security threats due to lack of expertise among administrators and possible misconfigurations, a cloud security professional says.

Ran Nahmias, the head of Cloud Security at Israeli firm Check Point, told iTWire during an interview that the chances of misconfiguration of a cloud environment were much greater that in a traditional computing environment as the staff managing the cloud were, in many case, lacking in cloud specific competencies and knowledge. It was also often the case that there were insufficient expert staff to attend to security.

He said a lot of unintentional risks would come from migration to hybrid cloud environments without the customer fully understanding the scale and scope of the migration and not adequately planning the migration.

In the past it was clear what your hardware was, what was running on it and who was responsible to maintain a server, what patch levels and what vulnerabilities existed. While the cloud providers offered security for their environment, when someone ran an application on it, the customer was responsible for configuring that application to be secure.

"Traditionally, database experts do not need to understand the privileges and access levels of the database in most cases," Nahmias said. "In the cloud, a database admin can spin up a database, put whatever sensitive data you want to on it and if the admin inadvertently unchecks two boxes, that database is exposed to the whole world. So the potential vulnerabilities are not new, but the responsibility of the people managing different compute workloads in the cloud is."

Nahmias has been with Check Point for many years and leads the company's business unit which has a mix of engineers, architects and other cloud security specialists. The unit has about 150 staff in all and brings in about US$100 million in annual revenue. He was in Australia to speak at a conference organised by the company.

Asked about the potential impacts of a cloud breach, Nahmias pointed to last year's malicious cryptomining attack on a Tesla cloud environment, where attackers had gained access to sensitive company data and computing power that they used to mine cryptocurrency.

ran nahmias2

Ran Nahmias says the intensity of attacks has increased because of two motivating factors: money and zealotry. Photo: Sam Varghese

As a Tesla user himself, he said he was relieved that the attackers had used their access only for mining cryptocurrency, when it was also possible that they could have gained access to data that would have allowed them to tamper with the company's electric vehicles while they were being driven by customers.

He pointed out that there were infrastructure facilities that reported their status via the public Internet and if attackers gained access to such facilities, they could turn off the cooling resulting in a major disaster. Such facilities employ strict and stringent security practices, but, theoretically, could pose a risk.

Nahmias said the intensity of attacks had increased because of two motivating factors: money and zealotry. Some attackers would access a site through a backdoor and hold a company to ransom using ransomware; in these cases, there were two schools of thought, one that held that paying up was better as the company would stand a good chance of getting the data back. Also, these attackers needed to maintain their reputation in order that their threats would work with other companies. If word got out that they were not delivering on their promise to restore data after payment, then their business model would not work.

The second school of thought was that one should never negotiate with cyber terrorists. Nahmias said he had no view on which approach was better.

But, he said, in the case of individuals who were subject to ransomware, historically there was less chance of attackers honouring their word to decrypt files after payment was made.

Another reason Nahmias advanced to explain the increasing complexity of attacks was that hackers were often creating attack tools on the systems that they had penetrated, using a single line of code to effect the initial entry. Then that code drew on the host system and created the attack tools.

Further, these tools were timed to go off, maybe on the second or third boot. This was a tactical step because a system was at its most vulnerable while booting up as its own defences were yet to all be in place.

Asked about the biggest security issues in 2019 and what companies could do to better prepare and protect themselves and their assets, Nahmias replied: "Looking forward, we see a potential rise in threats resulting from multi-environments companies are running their compute and resources on. The spread to clouds (private, public, hybrid and multi) is a common practice and in many cases those environments are managed 'individually' and not holistically.

"Lack of unified, tight, governed security posture is high risk and may create undesirable security risks. The speed at which companies rush to the cloud, the drivers of the transition and the time it takes to wrap adequate security practices and defences around cloud environments, may pose potential increased risks. Targeted, sophisticated attacks are also a growing cyber-crime methodology that is exploiting weak links in the security posture: mobile devices, roaming laptops, BYOD are all potential weaker links. User behaviour is also somewhat of a risk."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments