More data and applications are moving to the cloud, which creates unique infosecurity challenges.
1. Data breaches
The threat of data breaches retains its number one ranking in 2020. It’s easy to see why. Breaches can cause great reputational and financial damage. They could potentially result in loss of intellectual property (IP) and significant legal liabilities. Know that Encryption can protect data, but with a trade-off in performance and user experience.
2. Misconfiguration and inadequate change control
In June 2018, Exactis incident where the provider left an Elasticsearch database containing personal data of 230 million US consumers publicly accessible due to misconfiguration. You can blame poor change control practices for most of the misconfiguration errors. The complexity of cloud-based resources makes them difficult to configure. That's why you must use automation and technologies that scan continuously for misconfigured resources.
3. Lack of cloud security architecture and strategy
The desire to minimize the time needed to migrate systems and data to the cloud usually takes precedence over security. As a result, the most companies become operational in the cloud using security infrastructure and strategies that were not designed for its own needs. Every company must develop and implement a security architecture framework which is aligned with its business goals and objectives.
4. Insufficient identity, credential, access and key management
Another threat is inadequate access management and control around data, systems and physical resources like server rooms and buildings. You should note that the cloud requires organizations to change practices related to identity and access management (IAM). You should use strict identity and access controls for cloud users and identities--in particular, limit the use of root accounts, along with 2-factor authentication.
5. Account hijacking
The risk of an attacker gaining access to highly privileged accounts is significant. Phishing is not the only way an attacker can gain credentials. They can also acquire them by compromising the cloud service itself of stealing them through other means.
Once an attacker can enter the system using a legitimate account, they can cause a great deal of disruption, including theft or destruction of important data, halting service delivery, or financial fraud.
6. Insider threats
Threats from trusted insiders are just as serious in the cloud as they are with on-premise systems. Insiders can be current or former employees, contractors, or a trusted business partner—anyone who doesn’t have to break through a company’s defenses to access its systems.
An insider does not need to have malicious intent to do damage; they could unintentionally put data and systems at risk. That 64% of all reported insider incidents were due to employee or contractor negligence. That negligence could include misconfigured cloud servers, storing sensitive data on a personal device, or falling victim to a phishing email.
7. Insecure interfaces and APIs
Insecure interfaces and APIs are a common attack vector, as Facebook knows. In 2018, the social media service experienced a breach that affected more than 50 million accounts that was the result of a vulnerability introduced in its View As feature. Especially when associated with user interfaces, API vulnerabilities can give attackers a clear path to stealing user or employee credentials. What you can is as follows:
-
Employ good API practices such as oversight of items like inventory, testing, auditing and abnormal activity protections.
-
Protect API keys and avoid reuse.
-
Consider an open API framework such as the Open Cloud Computing Interface (OCCI) or Cloud Infrastructure Management Interface (CIMI).
8. Weak control plane
A control plane encompasses the processes for data duplication, migration and storage. The control plane is weak if the person in charge of these processes does not have full control over the data infrastructure’s logic, security and verification. The controlling stakeholders need to understand the security configuration, how data flows, and the architectural blinds spots or weaknesses. Failure to do so could result in data leakage, inavailability of data, or data corruption.
You should make sure that the cloud service provider offers the security controls needed to fulfill legal and statutory obligations. You should also perform due diligence to ensure the cloud service provider possesses an adequate control plane.
9. Metastructure and applistructure failures
A cloud service provider’s metastructure holds security information on how it protects its systems, and it discloses that information via API calls. People call the metastructure of the cloud service provider/customer a “line of demarcation” or “waterline.” The APIs help customers detect unauthorized access, but also contain highly sensitive information such as logs or audit system data.
This waterline is also a potential point of failure that could give attackers access access to data or the ability to disrupt cloud customers. Poor API implementation is often the cause of a vulnerability. Please note that immature cloud service providers might not know how to properly make APIs available to its customers, for example.
As a customer, on the other hand, you might not understand how to properly implement cloud applications. This is particularly true when you connect applications that were not designed for cloud environments.
10. Limited cloud usage visibility
Security professionals usually complain that a cloud environment makes them blind to much of the data they need to detect and prevent malicious activity. However you can break down this limited usage visibility challenge into two categories: The use of Unsanctioned app use; and The misuse of sanctioned app, by users or employees.
11. Abuse and nefarious use of cloud services
Attackers are increasingly using legitimate cloud services to support their activities. For example, they might use a cloud service to host disguised malware on sites like GitHub, launch DDoS attacks, distribute phishing email, mine digital currency, execute automated click fraud, or carry out a brute-force attack to steal credentials.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM