Since security remains an ongoing concern for both big companies and small, tech executives are no longer wasting time wondering if they should risk transferring important data to the cloud.
The first big step in lowering risk is identifying cloud’s top security threats.
The RSA Conference in 2016 listed the ‘treacherous 12’, the top 12 cloud computing threats organisations faced during that year. The report released by the CSA aimed to help cloud customers and IT service providers focus on their defensive efforts.
The kinds of threats
The first threat is a data breach. Providers easily become an attractive target for hackers due to the vast amount of company data stored on cloud networks. The former parties do deploy security controls to protect their environments but it’s the organisations that hold the ultimate responsibility for protecting their own info.
Other kinds of attacks result from lax authentication, poor key management and weak passwords. Companies that struggle with identity management should understand the security measures the provider uses. This is to ensure protection of identity by centralising it into a single repository.
Hacked interfaces and exploited system vulnerabilities are not new, but have become bigger problems with the development of multitenancy in cloud computing.
Tech teams use interfaces to interact with cloud services, which is not the most secure so the CSA recommend companies adopt security focused code reviews and penetration testing to manage the data and avoid mistakes.
Phishing fraud, account hijacks, malicious insiders and the ‘parasitical’ APT attacks (exfiltration of data over an extended period of time) add new dimensions to the threat because hackers can easily eavesdrop on activities and manipulate important data structures.
Industries need to stop sharing account credentials between services, and must effectively monitor and audit administrator activities.
Furthermore, in order to mess with bigger business-data, malicious hackers are well known to delete essential information permanently.
The CSA has warned organisations against embracing the cloud without understanding the cloud environment in its entirety, as the associated threats may encounter legal, technical and compliance issues.
Tech users are not always preyed on for malicious actions; however, misemploying the cloud can result in service availability issues. In a nutshell, the providers should offer customers a mechanism for reporting abuse.
DoS attacks have gained prominence in recent times thanks to cloud computing. According to the CSA, compared to their customers, providers are better equipped to deal with DoS attacks. The key is to mitigate the threat before it occurs.
The CSA has also suggested a defence-in-depth strategy, including multi factor authentication on all hosts, applying the concept of least privilege, and patching the shared resources.
The paradigm shift in client/server to service-based models has transformed the way technology departments think about designing and delivering technology and applications.
For the 12 valuable cloud security threats you need to know please see the following infographic:
Exclusive 7 Day Course
Defend your site from hackers, improve your website speed, get free uptime monitoring and learn tactics used by WordPress experts
Many thanks for subscribing.
Something's not right.