“Every cloud has a silver lining” goes the saying but I do wonder if the cloud that most of us are associated with in the IT world indeed has a silver lining or not. Yes, we will be discussing the cloud and its threats in this post.
Most organizations mull their decision to move crucial data to the cloud just as parents ponder over choices about digital independence for their children. The cloud environment is undoubtedly a boon to many organizations based on some of the points listed below:
- It allows its employees to work from anywhere giving them additional flexibility
- This in turn enables streamlined processes
- The cloud also greatly reduces spending on infrastructure costs
Since cost and flexibility hold sway over customers and employers a record number of corporations move their data to the cloud. From a security professional’s perspective though, this is basically giving complete control of your data to someone else.
Now that we have seen why corporations move to the cloud, let us next discuss cloud security threats.
Cloud security threats:
According to a report from Cloud security alliance, here are the top five cloud security threats:
- Data breach
- Data loss
- Account or service hijacking
- Malicious insiders
- Denial of service attacks (The Notorious Nine – Cloud Computing Top Threats in 2013)
Discussing these threats in more detail now.
- Data breach : “Data” – this four letter word has a lot of magic today! It is this data that is being extracted, manipulated and studied with a lot of scrutiny. When this data falls into wrong hands, it gives CIOs and CEOs more misery and that is what is exactly meant by “data breach” – information falling into wrong hands. According to Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so”. Examples of cloud data breaches include the Dropbox episode in 2012, Twitter episode in 2009 to name a few.
- Data loss : Data loss is the permanent loss of data thereby crippling organizations and bringing them to a standstill. Reusing passwords for multiple websites is one of the primary reasons that this might happen.
Data loss may happen when malicious attackers gain access to one account and gain control of other accounts (gmail, Twitter) and obliterate all information contained therein. Attackers are not the only reason why data loss occurs – natural calamities are another reason and it is always a good idea to backup. - Account or service hijacking : Account or service hijacking again happens due to reuse of same password for multiple websites. Once an attacker gains access to your cloud account he/she can manipulate the data and redirect all your traffic to other mischievous sites.
- Malicious insiders : Having given control of an entire organization’s private data to the CSP or the ‘cloud service provider’, there is always the risk of a malicious insider tampering the data.
- Denial of service attacks : These types of attacks prevent legitimate users from accessing services on the cloud thereby frustrating them and causing more financial and mental hardships.
We discussed cloud security in the post – we will discuss the countermeasures to deal with cloud threats in yet another post.
Bibliography
The Notorious Nine – Cloud Computing Top Threats in 2013. (n.d.). Retrieved from cloudsecurityalliance.com:
https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
- What are Scrum roles and why it’s needed? - August 12, 2017
- Stakeholder Analysis – Is it required? - July 28, 2017
- Project Manager – An integrator, how? - July 28, 2017
- Different PMI Certifications – Which one to choose? - July 28, 2017
- What is the importance of Change Management in Project Management? - June 23, 2017
- What’s important to know to build a career in Agile? - June 23, 2017
- Agile Basics, Manifesto & Principles - June 23, 2017
- Scrum – Is it mandatory to learn in today’s IT market? - June 2, 2017
