Emergent (In)Security of Multi-Cloud Environments
Morgan Reece, Theodore Lander, Sudip Mittal, Nidhi Rastogi, Josiah Dykstra, Andy Sampson
TL;DR
This paper tackles risk prioritization in multi-cloud environments where data sharing expands attack surfaces. It combines qualitative STRIDE threat modeling with quantitative DREAD scoring, validated against EPSS, in a three-tier multi-cloud simulation grounded in a healthcare use-case, producing a $Total Risk Score$ that guides budgeting. The authors map threats to MITRE ATT&CK-based mitigations and ITIL administrative controls, enabling informed prioritization of defenses. They find authentication and architecture as top risk areas and highlight that mitigation priorities differ from single-cloud contexts, signaling a need for identity-centric cross-cloud security research.
Abstract
As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures.