The GoDaddy customer breaches didn’t have to happen and don’t have to happen to you.
Cisco threat researchers recently reported a dramatic uptick in Angler Exploit Kit-based attacks connected to compromised GoDaddy domain registry accounts.
GoDaddy, which manages nearly a third of all global domain names used on the Internet, has issued media statements clarifying that it was not breached. It was its customers who allowed their login credentials to be stolen and used to create malicious subdomains, the company explained, accurately stating this is an industry problem for cloud-based service providers.
Webinar By Duo Security: Securing Apps and Data in the Cloud and On-Premises (March 11, 2015 at 10 am PST / 1 pm EST)
GoDaddy is telling it like it is. Cloud security is the responsibility of the enterprise. Cloud-based applications and services don’t have the security tools necessary to enforce security policies. Many enterprises place mission critical infrastructure services like GoDaddy domain registration, sensitive data and applications on the cloud. They need a secure cloud gateway to protect their corporate assets housed there.
Organizations that utilize GoDaddy and other domain registration services are at risk of having their domains hijacked by hackers using domain shadowing.
Just like a firewall sits between the corporate user and the Internet, a secure cloud gateway sits between cloud apps/services and the corporate user. A Cloud Application Security Broker (CASB) can enable an enterprise to responsibly and securely leverage cloud applications like GoDaddy, GitHub, ADP, Google Apps, NetSuite, Office 365, Salesforce, TribeHR, Workday and others, as well as customized and homegrown apps built on Amazon Web Services, Azure or Force.com.
CASBs deliver cloud application security solutions that provide discovery, threat prevention, compliance and auditing tools. Some focus on the proactive protection of cloud applications and services, like secure cloud gateway technologies. A secure cloud gateway can prevent breaches from happening and thus reduce the risk landscape. After the risks and threats are mitigated, other security tools like discovery and analysis can be used for adaptive learning.
If the enterprises using GoDaddy, or any other IaaS solution, had a secure cloud gateway in place, they could benefit from a full suite of security tools, including:
1. Comprehensive protection from phishing, malware and social engineering
2. Multiple users with custom roles acting under the single IaaS privileged user account
3. Definition and enforcement of security controls for authentication and authorization
4. Enhancement of security controls by adding context; device, OS, IP, location and more
5. Elimination of out-of-bound access
6. Granular auditing and behavioral analysis of any and all activity within the protected IaaS solution
The hacking of GoDaddy accounts is the tip of the iceberg. Currently, all cloud infrastructure; domain registration, hosting, ID management and the list goes on; is poorly secured. The enterprise needs to take control of the security of its corporate assets on the cloud. They represent the organization’s critical infrastructure. A secure cloud gateway can do this for GoDaddy or any DNS registry service, as well as other mission critical applications and services.
By Yair Grindlinger, FireLayers co-founder and CEO
About FireLayers
FireLayers enables companies to adopt the cloud responsibly, while ensuring security, compliance and governance of any cloud application on any device by any user. The FireLayers Secure Cloud Gateway, its inaugural solution, is the industry’s first to leverage XACML-based granular policies to deliver full control over popular apps like Salesforce, Office 365, SuccessFactors, NetSuite and endless others as well as customized and homegrown cloud applications. With its Secure Cloud Gateway, enterprises gain new levels of security, visibility and control across their cloud application landscape.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.