Is your organization ready for these security threats on the cloud?

The concepts of shared technology and multi-tenancy of a cloud environment come with an inescapable hazard: one single vulnerability or misconfiguration in a hypervisor by a Cloud Service Provider can lead to a security incident across their entire cloud infrastructure. All organizations operating on that hypervisor may be affected. There is no formula or quick-fix solution to deal with this problem, which only seems to be growing with each passing day. Data security services provided by third-party cloud providers do not necessarily insulate your organization against a slew of threats and issues, including failures in authentication, authorization, and protection, among others. Here are some of the security threats that continue to plague businesses and how organizations are fighting back:

Data Breaches

Between on-premise, hybrid and cloud environments, the threats faced by all types of deployments are similar in nature. In the case of a cloud service provider, however, the threats take on a different hue as the service provider stores large amounts of data belonging to multiple businesses. In other words, the severity level of a breach is determined depending upon the kind of data affected during an attack. For instance, loss or compromise of financial data, health records, trade secrets, and intellectual property affect the companies not only legally and monetarily, but also through loss of reputation and business. To deal with threats to data, organizations deploy data loss prevention tools as part of their basic cybersecurity plan to help monitor and control data sharing activity, including any suspicious data movement.

Identity Loss

When organizations assign data access privileges, they do not strictly adhere by the compliance framework. Major security breaches in cloud services are often traced to organizations’ lackadaisical approach to key and certification management. Large numbers of organizations still follow the manual processes in key management, which is fraught with danger and loopholes. To prevent threats to identity, and protect access to cloud services, many organizations have adopted multi-factor authentication, phone-based authentication, and digital tokens among others. Many organizations are also turning to per-boot authentication options as well, which protect the data so that it cannot be accessed before authentication occurs.

Hacked APIs

When organizations use applications on the cloud, they invariably depend on the APIs provided by the cloud service providers. The APIs that provide the link to customer data and organizations are also the most exposed part of the whole cloud ecosystem. For years, hackers have exploited vulnerabilities in APIs; and, organizations have evolved none the wiser after numerous attacks. Solutions to combat this form of attacks are being implemented in the form of threat modelling of systems, architecture and data flows to control the risk of using APIs illegally to access data.

Phishing Attacks

It is now an established fact that cloud services are the most preferred hunting ground for phishing attacks, online scams and fraudsters. With advancements in technology, the area of attack surface too has increased and has given attackers a freeway to eavesdrop on user activities, steal personal information, misuse or sell stolen data. Once breached, an application becomes an invaluable tool for attackers, who can use it to launch other attacks within the cloud. Being unable to control all aspects of data security, companies have been resorting to prohibiting sharing of account credentials between users and services. However, a growing number of organizations have realized the importance of enforcing data governance and compliance with time, location, and clone-based access controls.

Insider Attacks

All security reports concede to the fact that a majority of security incidents occur from inside the organization. Things go wrong when there is no effective logging and monitoring of users and their transactions. Audit administration is critical for securing the cloud system. It is paramount that the system access given to a user be restricted to only data and applications related to performing the job. Organizations may wish to go a step further, by limiting Administrator capabilities as well. Give a certain pool of admins the ability to edit VMs. Another pool may be given the ability to only delete VMs, not share or copy them. By segregating the data responsibilities, and capabilities, an organization can validate users and their system access across platforms and services.

Accidental Breaches

With a multitude of devices being used to access data, organizations need to have consistent policies, password rules and specialized data handling methods. Accidental breaches can happen at any time. This aspect of accidental breaches takes on added significance especially because cloud service providers are third-party vendors, and organizations often exercise little control over how their data is protected. Organizations must do a thorough vetting of the cloud service providers before selecting the right partner. Remember that incidents of “accidental” breaches are on the rise and that there is a very thin line separating an accidental breach from an intentional one. At any rate, reacting to such incidents is no longer an acceptable practice as there are measures to ensure proactive protection—with encryption-even when your data resides with a third-party cloud service provider.

Although most cloud service providers do offer protection with features such as least privilege access, network segmentation, and host-based and network-based intrusion system, among others, organizations need to implement their own security on top of what is provided by the cloud service provider. In the common Shared Responsibility model, the Cloud Service Provider is responsible for the cloud. The Enterprise is responsible for what they put in it. Organizations need to ensure that their data is encrypted at all times, and control all aspects of data security – from data encryption, to key policies and key management, to regular auditing and compliance reporting. Your data and your customers’ data is ultimately your responsibility. Do not that responsibility lightly.

Rahul Kumar
Country Manager, WinMagic