Modern Cloud-Driven Organizations and Their Dynamic Nature

In today’s digital landscape, organizations are rapidly adopting cloud-based systems to enhance scalability, agility and operational efficiency. Public cloud environments have become the backbone of modern IT infrastructure, enabling businesses to deploy applications faster, more flexibility to manage the workloads and store data across distributed systems. While this shift accelerates innovation and enhances customer experiences, it also introduces significant security challenges.

However, cloud environments come with unique challenges due to their dynamic nature. Unlike traditional on-premises setups, cloud infrastructures are highly elastic, with resources being created, modified and decommissioned in real time based on demand. This constant change makes it harder to manage security effectively and  maintain visibility across the environment. Additionally, the adoption of modern technologies like microservices, containers and APIs further expands the attack surface, introducing new risks and making it even more challenging to establish and maintain a robust security posture.

Key Challenges in Managing Cloud-Driven Infrastructure

Cloud environments offer many benefits, but they also introduce significant risks. Here are some of the most common challenges:

1. Human Error: Human errors are unintentional actions or omissions that can lead to data breaches, such as misconfiguring cloud security or accidentally downloading malware.
2. Insufficient Access Management: Weak IAM practices such as poor password policies, excessive permissions can expose cloud resources to unauthorised access, increasing the risk of account compromise and data breaches.
3. Insider Threats: Insider threats occur when authorised individuals misuse access, either intentionally or unintentionally.
4. Shared technology weakness: Cloud computing follows a shared responsibility model: CSPs secure the infrastructure, while customers manage data, configurations, and access controls.
5. Misconfigured cloud storage: Cloud storage misconfigurations pose a significant security risk, often leading to unintended data exposure.
6. Unmanaged attack surface: Cloud computing has blurred traditional security boundaries, making it harder to track where data is stored and who’s responsible for it increasing the attack surface, creating new risks.

How Halodoc Enhances Cloud Security Using CrowdStrike Falcon

To overcome common security challenges & enhance overall cloud security posture, We’ve adopted CrowdStrike Falcon Cloud Security (FCSC) which helps us identify misconfigurations, potential attack vectors and unusual activity that could signal a future attack. We gain better visibility, automate compliance checks and proactively secure our cloud environment by combining the following components,

• Cloud Security Posture Management (CSPM)
• Cloud Workload Protection (CWP)

Cloud Security Posture Management (CSPM)

CrowdStrike Falcon enhances cloud security with unified visibility, enabling real-time monitoring and control across environments. It helps identify and remediate misconfigurations by prioritising security risks and enforcing best practices.

Understanding the cloud posture through IOM’s

Indicators of Misconfiguration (IOMs), which are misconfiguration based detections that are configured in the cloud, by using the Falcon Cloud Security detection policies.

A real-time identified scenario at Halodoc
We ran into a cloud misconfiguration where an internal function with certain actions was linked to a known third-party cloud account which we are no longer associated with. Falcon provided the necessary remediation recommendations to revoke the third-party from the function’s actions. Take a look below to understand the information that is provided by the tool for another IOM,

The above image depicts an IOM discovered in our cloud for a certain asset which is misconfigured with no encryption configured for data. Below is the sample  configuration of the misconfiguration provided by FCSC,

Identifying Compromising Assets using IOA’s

Indicators of Attack (IOAs) are early warning signs of malicious activity. Unlike traditional security measures that detect threats after an incident, IOAs proactively identify suspicious behaviours before they escalate.

A real-time identified scenario at Halodoc
The tool helped us identify an unexpected access to the root account of our cloud and the actions that are performed post login. However, it is later identified to be an internal employee. Though this is intended, confidence gained, that if any unintended behaviour is observed in future, the tool helps us to be proactive in such situations to handle them before they escalate.

Cloud Workload Protection (CWP)

Securing container runtimes is critical to ensuring containers operate safely from deployment to execution. Security threats to container runtimes mainly stem from shared kernel risks and misconfigurations,

A real-time identified scenario at Halodoc
We have encountered a runtime misconfiguration where an unauthorised process was running inside a containerised workload in our Kubernetes environment. A new service was deployed, but the container image contained an unnecessary script that allowed multiple executions of certain unintended actions which is as follows,

This misconfiguration which created unnecessary noise in the cluster has been identified by the tool and helped us contain the unintended behaviour.

Real-time monitoring, behavioural analysis and runtime blocking based on Indicators of Attack (IOAs) are crucial for stopping the threats from the container runtimes. The below image demonstrates how the tool helps us identify and map the threat actors movements & actions internally.

Analyzing Attack Paths to Uncover Cloud Exploitable Weaknesses

A cloud attack path represents the possible sequence of steps attackers might take to escalate privileges, move laterally and gain deeper access to critical systems from an exposed AWS resource. The attack paths shown in the Falcon console are prioritised based on the following qualities:

• Key risks to the cloud environment
• Shortest paths to critical assets
• Most effective remediations

A real-time identified scenario at Halodoc
Falcon drafted a possible attack path analysis helping us understand how an unmanaged asset which is exposed to the internet can be utilised by a threat actor to compromise it and escalate its way into the internal systems and the possibility of damage to the operations or business.

Enhanced Visibility & Actionable Insights into Our Cloud Assets and Misconfigurations

Not only the IOA’s/ IOM’s, the dashboards shown by the FCSC help us to get a holistic view of all the cloud-native assets. This means we get a real-time, visual map of every asset in our cloud, along with the right information to quickly and confidently make decisions when something needs attention.

Continuous Cloud Compliance Posture

Our compliance posture has been increasing sequentially thanks to the tool and its detailed analysis of our cloud posture and the suggested enhancements which made us reach to a better compatibility with different compliance models.

Enhanced Halodoc’s Cloud Security Posture by leveraging FCSC

Falcon Cloud Security with Container (FCSC) has played a critical role in strengthening Halodoc’s cloud security. It helped us map out a potential attack path, showing how an exposed asset could be exploited to breach internal systems. FCSC also flagged a runtime misconfiguration in our Kubernetes environment, where an unnecessary script allowed unintended actions.

It detected unexpected root account access—later confirmed as legitimate—boosting our confidence in spotting anomalies early. Additionally, it uncovered a cloud misconfiguration linking an internal function to a third-party account we no longer use, enabling quick remediation. With FCSC, we gained deep visibility, proactive threat detection, and stronger defenses against evolving threats.

Conclusion

By combining Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP), we ensure comprehensive security for our cloud environment. While CSPM continuously monitors our infrastructure, detects misconfigurations and enforces security best practices to maintain a robust security posture, At the same time, CWP delivers real-time threat detection and response, protecting workloads from evolving cyber threats. Together, these capabilities help minimise the attack surface, mitigate security risks and enhance overall cloud resilience.

By leveraging Cloud Security Platform, organizations can:

• Continuously monitor and manage cloud security across distributed environments.
• Gain deep visibility into cloud assets, configurations and potential vulnerabilities.
• Detect and remediate misconfigurations before they can be exploited by attackers.
• Identify and respond to emerging attack vectors in real time.
• Secure workloads against vulnerabilities, unauthorized access and malicious activity.

References

• https://www.wiz.io/academy/cloud-security-challenges
• https://www.crowdstrike.com/platform/cloud-security
• https://www.sentinelone.com/blog/understanding-cloud-workload-protection-cwp-in-under-10-minutes/

Bug Bounty

Got what it takes to hack? Feel free to report a vulnerability in our assets and get yourself a reward through our bug bounty program. Find more details about policy and guidelines at https://www.halodoc.com/security

Join Us

Scalability, reliability and maintainability are the three pillars that govern what we build at Halodoc Tech. We are actively looking for engineers at all levels and if solving hard problems with challenging requirements is your forte, please reach out to us with your resumé at careers.india@halodoc.com

About Halodoc

Halodoc is the number 1 all around Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke. We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 3500+ pharmacies in 100+ cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allow patients to book a doctor appointment inside our application. We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, GoJek, Astra, Temasek and many more. We recently closed our Series D round and in total have raised around USD$100+ million for our mission. Our team works tirelessly to make sure that we create the best healthcare solution personalised for all of our patient's needs and are continuously on a path to simplify healthcare for Indonesia.