It’s been awhile since businesses started migration of their data and applications to the cloud, almost three years now. Top managers are no longer avoiding the benefits of data cloud storage, while security threats remain a serious issue. How to minimize the security risks? Well, the answer is simple: to minimize the risks we have to identify them first.
Cloud computing experience introduces the security gaps that can outweigh the benefits of switching to cloud technology. The Cloud Security Alliance (CSA) organization provided a report with the most common threats companies may face in 2016. “The 2016 Top Threats release mirrors the shifting ramification of poor cloud computing decisions up through the managerial ranks,” said J.R. Santos, the CSA VP of Research.
Below you can find five examples of the most common security threats according to the CSA.
Data flaws.
Data storage providers are an attractive target for malefactors, since leak of the financial information, intellectual property information and health information could be very beneficial for them. Companies which data was stolen may face lawsuits and criminal charges from their customers, but the main trouble is, these companies must fully rely on themselves in these cases. Cloud service providers are not responsible in the matter of law, thus they can’t be charged with anything. Companies must be sure their data is protected on all levels, therefore they should assure data encryption and two-factor authentication.
Broken authentication.
Many companies may be affected with data compromise after they had fired a person and forgot to block corporate access immediately. Also many organizations ignore such useful approach as phone-based authentication. This approach leads to more complicated login process, which prevents malefactors for accessing the corporate resources with stolen passwords. Besides phone-based sign-in process, there are plenty more: provision of smart cards for logging in, or practice of one-time passwords usage.
API.
API is the communication gate for interaction with cloud services. And that’s why API security is more than important for companies that build entire application functionality on third party APIs. In this case the CSA proposes the “first line of defense and detection” approach, which includes full access control and involvement of penetration testing. Don’t forget that API is the most vulnerable of every system, as it could be accessed from the “open” Internet.
Insiders.
Fired employees, so-called business partners, or maybe an IT guy… The reasons might be different. It may be some kind of revenge to a former employer, it may be “money reasons”, when data theft provides malefactor with an incredible benefit. The only way to avoid the damage is an access control. The CSA recommends to divide access rights and monitor IT administrator activities. It’s not that hard to identify a potential insider if the company will pay a close attention to specific employees with wide range of access rights. Because some of these employees may affect the whole corporate infrastructure or destroy client’s data.
DDoS attacks.
The CSA 2016 report says that “experiencing a denial-of-service attack is like being caught in rush-hour traffic gridlock; there is one way to get to your destination and there is nothing you can do about it except sit and wait”. And that is totally true: DDoS is a brutal but still valid way to complicate a competitor’s life. DDoS attacks are still common nowadays. But most of the cloud service providers have recently started an implementation of mitigation plans before actual attack occurs. That means IT infrastructure administrator will have a timely access to all the resources 24/7.
Bottomline:
All the advantages that technology provides are equipped with the new issues. And for now one of the most important issues is security threats. Every company that migrates sensitive data to cloud services should develop and integrate a security strategy with the help of expertised specialists. Because security is one of the most important competitive advantage of the business today, and every organization must take care of it.