API and cloud security in times of cyber-warfare

Written by: Csaba Krasznay, Director of Cybersecurity Research Institute at University of Public Service

Created: 2022-10-10

The Russia-Ukraine war has already taught cybersecurity practitioners many lessons, but as we move forward in time, there are more and more seemingly less significant issues to address that have long-term importance, such as API and cloud security.

The Russia-Ukraine war has already taught cybersecurity practitioners many lessons, but as we move forward in time, there are more and more seemingly less significant issues to address that have long-term importance, such as API and cloud security. How do these two areas emerge in the shadow of armed conflict? As is well known, the IT Army of Ukraine, a volunteer group of Ukrainian hackers and cybersecurity professionals, strongly supports its country in cyberspace operations. One of their first successful operations, back in late February, was an attack on the Sberbank API, which resulted in the bank being rendered inaccessible. But we could also mention the embargo of several technology companies, including SAP, against Russia, which made the German company's installations inaccessible after banning Russian users from cloud installations.

Meanwhile, the government of Ukraine has taken serious steps to move the country, and specifically the government itself, from traditional IT infrastructure to cloud solutions. Back in 2021, the Ukrainian government signed an agreement with Amazon for the widespread deployment of cloud-based solutions, which at the time was seen as a step towards the country's digital transformation. In 2022, however, the cloud is the safe haven for Ukrainian government IT, as in March President Zelensky signed a decree allowing certain elements of the national data assets to be stored with foreign cloud providers. The resilience of digital data and infrastructures can therefore be significantly enhanced by the use of the cloud, and this seems to work in practice, as the Ukrainian administration has remained operational despite the fact that critical infrastructures are constantly under attack, both physically and in cyberspace.

The cloud is therefore both a dependency and an opportunity. The experience of the war is likely to lead more governments to seriously consider whether it might be worth taking advantage of the increased security offered by the cloud and accepting the technological dependency that it entails. In the meantime, technology vendors are increasingly reluctant to abandon cloud services, as smart devices, Big Data storage and processing, the use of artificial intelligence, and even automation cannot be achieved without cloud use. As a result, there is no question that the cloud is the way forward, even for more conservative organizations. At the same time, this is completely transforming the organization's approach to information security, and although some best practices have been in place for a decade, there is a lot to relearn and rebuild.

First and foremost, the move to the cloud should always be guided by the Zero Trust principle. This means that, while ever more organizations are consigning their partial or even full infrastructure to a cloud provider, experience shows that improper access control of cloud services is a high-risk factor. This dynamically changing resource is most often configured via APIs, often in an opaque manner, not in accordance with organizational policies (if they have organizational policies at all). It means that attackers, be they cybercriminals or state actors, can very often exploit these deficiencies to gain access to sensitive data or to damage otherwise well-functioning infrastructures. The Balasys Proxedo API Lifecycle Platform (PALP) helps, among other things, to ensure that these resources running in the cloud are also secure enough to function. Even in times of cyber warfare.