Cyber Security Risks Of Cloud Computing

Uploaded on 2017-08-24 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

The global cloud market is expected to grow to $190+ billions by 2020. Cloud computing has brought the advantage of lower cost of ownership of IT applications, super-fast time to market, and unmatched surges in employee productivity.

From storage to data analytics, applications of all scales and sizes are operating on the cloud. Employees are bringing their own cloud based apps to work, furthering a culture of Bring Your Own Cloud (BYOC).

It’s fair to say, right from SMEs to large enterprises, all organisations are using dozens of cloud computing based tools, and will continue to do so.

However, does this increased cloud adoption not call for better understanding and mitigation of common cloud cyber security threats? This guide helps you understand the most common of these cyber security issues that threaten cloud computing applications.

Loss of Intellectual Property

An analysis done by Skyhigh revealed that more than 20% of the data kept on cloud by enterprises contains sensitive information, including but not limited to intellectual property. Now, most enterprises use multi-tenancy cloud services, wherein their data is kept in servers that are also used to deliver similar services, to other organisations.

Also, there are several entry level cloud based storage solution providers out there who are behind the security game, and lacking the state of the art data protection and security means. Any security breach faced by the cloud service provider compromises your sensitive data. Also, there are cloud storage vendors who misuse circuitous terms and conditions to establish ownership of the uploaded data!

Violations of Compliance and Regulatory Norms

There are several regulatory and compliance requirements facing enterprises in all kinds of markets and geographies. For instance, there’s HIPAA guidelines for private health information, and FERPA for student information. This means that enterprises need to ensure that their cloud storage and application service providers take care of these regulatory norms.

Also, for enterprises that promote the Bring Your Own Device and Bring Your Own Cloud concepts, ensuring compliance to these norms becomes a lot more challenging. Any security breaches and data leakages can lead to severe penalties and loss of brand equity.

Compromised Credentials and Authentication Breaches

Poor certificate and key management, weak passwords, and lax authentication are causes of frequent data breaches in cloud hosted applications.

• Enterprises struggle with identity management issues as they map permissions and privileges with user roles.
• Another huge problem area is when enterprises don’t remove or change user access when he/she quits or changes role.
• Lack of multifactor authentication is attributed as the reason behind the compromising of 80 million customer records in the Anthem breach, and several cloud applications still continue to lack this authentication.

Furthermore, developers are often guilty of leaving crypto-graphic keys and credentials within open source codes, which makes them free to grab at portals like GitHub.

Enterprises looking to federate identify management with a cloud provider need to be aware of all these issues, and how the vendor ensures protection.

Threats to APIs

Most cloud solution providers offer their APIs to enterprise IT teams to help them with cloud provisioning, orchestration, management, and monitoring. This makes the security and availability of cloud solutions dependent on the API security. Re Weak API interfaces expose cloud applications to risks of accountability, confidentiality, integrity, and availability.

For most enterprises, such APIs continue to be the most vulnerable layers because they’re fairly easily accessible via the open Internet. Rigorous penetration testing and security focused code reviews are key enablers of sustainable protection of these APIs from cyber-attacks.

Hijacking of Accounts

Surprising as it sounds, software exploits, fraud, and phishing are still prevalent everywhere you see. Cloud services are also vulnerable to these disruptive cyber-attacks, because cyber criminals have more means to monitor the activities of users on shared clouds.

The two most effective preventive means for a business to protect its cloud data and applications are:

• ensure there is no sharing of passwords and account details among users;
• ensure there are multifactor authentication schemes in place, wherever possible.

Prevention of account details loss is the first step to keeping cloud applications safe from phishing and other violations.

Abuse of Cloud Services

Cloud services can be misused to commit nefarious cyber-crimes, right from usage of cloud resources to access encryption keys, to launching DDoS attacks on an enterprise’s servers. Use of an enterprise’s cloud resources for such cyber-crimes has the following impacts:

• low availability of the cloud systems
• exposure to legal liabilities in form of lawsuits from impacted parties
• severe loss of reputation

Ensure your cloud service provider offers a mechanism of reporting abuse quickly to help avoid and control such issues.

Adotas.com

You Might Also Read:

Cloud Portability Is Still Science Fiction:

Cloud Security Analysed For Management (£)

 

« HBO Offers Hackers $250,000 'bug bounty'
You Might Need To Hire AI Expertise Sooner Than You Think »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.

Tria Federal

Tria Federal

Tria Federal is the premier middle-market Technology and Advisory services provider delivering digital transformation solutions to federal health and public safety agencies.

Collibra

Collibra

Collibra delivers a complete platform for data and AI governance, giving teams the visibility, control and confidence to turn data into a trusted asset.