The “Dirty Dozen” Threats to Cloud Computing
It’s important to remember that cloud security isn’t only the responsibility of the cloud provider. Most of the responsibility for data security, implemented largely through configuration settings and access controls, remains the responsibility of the data owners. In order to provide proper security, you need to understand the threats facing cloud infrastructure.
Earlier this year, the Cloud Security Alliance published a list of the top 12 threats cloud computing faces. Have you implemented measures to counter all of them?
- Data breaches. Theft of data is a risk whether your cloud usage is Infrastructure as a Service, Platform as a Service, or Software as a Service. Both personally identifiable information and intellectual property are of great interest to hackers.
- Insufficient identity, credential, and access management. Strong access controls are critical to appropriate identity management in the cloud. Misconfigurations can easily make turn private resources into public ones.
- Insecure interfaces and APIs. The remote nature of cloud means that services and data are exposed through application programming interfaces, including those used for provisioning, management, and monitoring. These interfaces are often targeted for attack and can contain vulnerabilities that introduce security risks.
- System vulnerabilities. Cloud doesn’t eliminate the impact of bugs in operating systems and applications. The shared resources of the cloud can create new opportunities for malicious actors to exploit system vulnerabilities to access machines and data.
- Account hijacking. Stolen credentials let attackers gain access to accounts and take over control of your servers, data, and other IT resources.
- Malicious insiders. For many companies, the biggest threat isn’t from outsiders, but from unhappy insiders who can easily access and exploit confidential data.
- Advanced persistent threat. Not every cyberattack is the equivalent of a smash-and-grab break in. Some are carefully constructed and executed over a period of time, enabling the attacker to gain entry and then conceal their movement around the network.
- Data loss. Some threats to cloud computing aren’t the result of outside attackers. You can lose data if it is accidentally deleted or if a fire or flood damages storage devices. Data can even be lost when its file is accessible, if the content is encrypted but the key was lost.
- Insufficient due diligence. Some threats come from high up the management chain. If executives aren’t cautious in their decision making and don’t perform due diligence, the choice of cloud provider can create technical and legal risks to the business.
- Abuse and nefarious use of cloud services. The accessibility of cloud, as well as the availability of free trials and the ability to pay for services by credit card, make it easy for malicious individuals to misuse cloud resources.
- Denial of service. Although high availability is one of cloud’s benefits, the cloud isn’t immune to Denial of Service (DoS) attacks.
- Shared technology vulnerabilities. Public cloud resources are shared by users; without special arrangements, you don’t have sole use of physical devices. Vulnerabilities in tools potentially expose services and data to other tenants.
There’s no doubt of the benefits of cloud computing, but making cloud computing safe requires developing a strategy to address these top security threats. Prescient Solutions’ expert Microsoft Azure services make sure your cloud resources are properly secured. Contact us to learn more about protecting yourself from potential threats in the cloud.