Google

Modern businesses leverage the cloud to drive agility and growth. Whether it’s to speed innovation, support a remote workforce, improve application performance or datacenter efficiency, ensure a backup and disaster recovery strategy, or solve the most complex computing challenges – the cloud can drive massive impact.

But as networks grow in complexity, and data is distributed across various environments, security teams need to be able to monitor and analyze all network traffic for indicators of compromise and suspicious behaviors. Getting access to network traffic in public cloud environments, however, can be challenging.

Google reports that nation state actors are increasingly targeting cloud services and infrastructure as industries across the globe increasingly adopt the cloud. According to the report, threat actors are targeting:

• Public cloud storage services that are unprotected or have weak naming conventions
  
• Misconfigured cloud applications and systems
  
• Cloud instances with weak or no passwords on common remote access protocols, Secure Shell (SSH) and Remote Desktop Protocol (RDP)
  
  

Once inside the network, adversaries have been known to:

• Escalate their privileges by modifying policies or adding identities to privileged groups
  
• Move back and forth between cloud and on-premises environments
  
• Exfiltrate data to adversary-controlled cloud storage to either sell for profit or threaten to make public if ransomware demands are not met
  
• Encrypt cloud-stored file shares and delete cloud-stored backups

In line with shared responsibility, Google states:

“Even though major cloud platforms invest heavily in security and in abuse detection and mitigation, organizations should monitor their own cloud computing resources for suspicious activity to best align billing monitoring and security needs.”

You need maximum visibility to understand and secure assets in Google Cloud environments, including compute instances, containerized workloads, data storage services, and more.