Connect with us

General

Top 10 Cloud Security Threats

Published

on

Cloud Security Alliance (CSA) reports that over 70% of businesses today, operate on the cloud, at least in part, or total.

With benefits such as higher flexibility, lower fixed rates, increased collaboration, automated software updates, and the ability to work from literally anywhere, there is little surprise so many are adopting it.

However, the cloud does have its own share of security concerns.

The Cloud Security Spotlight Report shows that around 90% of all organisations show at least some concern for the security of public cloud. These concerns vary, from accounts being hijacked, to malicious attacks, to internal vulnerabilities to data breaches.

Although with the introduction of the cloud service, we have seen a new age in both transferring and storing data, many companies out there are still very hesitant about how migrating over to the cloud without a clear plan for security measures put in place.

In this article I will be talking about 6 possible security concerns for cloud services that you should be well aware of.

Data Breaches

Data breaches may be the main objective of an attack or it could simply be the result of human error, poor security practices, application vulnerabilities and more. It could involve many data types, providing it was not intended for public consumption, such as financial data, health data, trade secrets, personal identity data and intellectual property. Data kept in the cloud by an organisation may have value to different parties for a number of reasons. Data breaches are most certainly not a new thing, and thus, not unique to cloud computing, but it’s still something many customers tend to fear most.

Multi-Tenancy Exploits

Cloud computing has that multi-tenancy, where enterprises share databases, memory and other resources, all of which are prone to attack. This raises the security concerns, as hackers have more avenues of exploitation.

Malware Infection

Malicious files are basically code or scripts embedded into the cloud service, acting as a valid instance, running as SaaS on a cloud server. This means it’s possible for these malicious files to be injected into the cloud service, and viewed, while on the server as a part of the service or software that is running the cloud itself.

Once one of these malicious files have been executed, it will immediately start to work in sync with the cloud, allowing the attackers to eavesdrop, compromising data integrity, as they steal sensitive data.

A report by East Carolina University titled Cloud Computing Vulnerabilities, looked at the possible threat of malicious files on cloud computing and concluded that viruses have become a serious security concern for cloud computers.

System Vulnerabilities

System vulnerabilities are basically bugs that exist within a program that can be exploited by an attacker and used to infiltrate a system to steal confidential data, take control of the system or disrupt its normal operations. Any vulnerability that exists within a component of the operating system essentially puts the service and its data at risk.

With the introduction of multi-tenancy (as previously mentioned), systems from multiple organisations are now situated together sharing valuable resources such as memory, creating additional potential exploits.

Business Risks Due To Shared Technology

In cloud computing, you have certain technologies that are shared, such as applications, infrastructure and platforms. As a result, any vulnerability identified in one of these technologies, exposes the entire environment to a potential breach or compromise. For better cyber security, you could look at network intrusion detection systems, and two-factor authentication.

Data Loss

Data that is stored on a cloud service can be lost due to many reasons, not just a malicious attack. Data could be accidentally deleted by the cloud service itself, or a catastrophe could occur, such as an earthquake or fire, resulting in the permanent loss of your and many other customers data, unless of course, additional measures were taken by the provider to back the data up elsewhere, which would be consistent with business continuity and disaster recovery practices.

AUTHOR BIO:

Uchenna Ani-Okoye is a former IT Manager who now runs his own computer support website Compuchenna.co.uk.

Trending