Cloud Security

“Every cloud has a silver lining” goes the saying but I do wonder if the cloud that most of us are associated with in the IT world indeed has a silver lining or not. Yes, we will be discussing the cloud and its threats in this post.

Most organizations mull their decision to move crucial data to the cloud just as parents ponder over choices about digital independence for their children. The cloud environment is undoubtedly a boon to many organizations based on some of the points listed below:

  1. It allows its employees to work from anywhere giving them additional flexibility
  2. This in turn enables streamlined processes
  3. The cloud also greatly reduces spending on infrastructure costs

Since cost and flexibility hold sway over customers and employers a record number of corporations move their data to the cloud. From a security professional’s perspective though, this is basically giving complete control of your data to someone else.

Now that we have seen why corporations move to the cloud, let us next discuss cloud security threats.

Cloud security threats:

According to a report from Cloud security alliance, here are the top five cloud security threats:

  1. Data breach
  2. Data loss
  3. Account or service hijacking
  4. Malicious insiders
  5. Denial of service attacks (The Notorious Nine – Cloud Computing Top Threats in 2013)

Discussing these threats in more detail now.

  1. Data breach : “Data” – this four letter word has a lot of magic today! It is this data that is being extracted, manipulated and studied with a lot of scrutiny. When this data falls into wrong hands, it gives CIOs and CEOs more misery and that is what is exactly meant by “data breach” – information falling into wrong hands. According to Wikipedia, “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so”. Examples of cloud data breaches include the Dropbox episode in 2012, Twitter episode in 2009 to name a few.
  2. Data loss : Data loss is the permanent loss of data thereby crippling organizations and bringing them to a standstill. Reusing passwords for multiple websites is one of the primary reasons that this might happen.
    Data loss may happen when malicious attackers gain access to one account and gain control of other accounts (gmail, Twitter) and obliterate all information contained therein. Attackers are not the only reason why data loss occurs – natural calamities are another reason and it is always a good idea to backup. 
  3. Account or service hijackingAccount or service hijacking again happens due to reuse of same password for multiple websites. Once an attacker gains access to your cloud account he/she can manipulate the data and redirect all your traffic to other mischievous sites.
  4. Malicious insiders : Having given control of an entire organization’s private data to the CSP or the ‘cloud service provider’, there is always the risk of a malicious insider tampering the data. 
  5. Denial of service attacks : These types of attacks prevent legitimate users from accessing services on the cloud thereby frustrating them and causing more financial and mental hardships.

We discussed cloud security in the post – we will discuss the countermeasures to deal with cloud threats in yet another post.

Bibliography

The Notorious Nine – Cloud Computing Top Threats in 2013. (n.d.). Retrieved from cloudsecurityalliance.com:

https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

 

About Sparsh Goyal

A passionate IT professional, Sparsh Goyal boasts of 4.3+ years of experience. He has worked for various projects under AWS, Google Cloud Platform, Spring Boot, Python, Microservices, RESTful, RESTFUL APIs/SOAP, Scripting, Shell and JAVA. He is also working towards gaining proficiency in Oracle Cloud PaaS, DevOps, SaaS and Docker/Kubernetes. His primary and secondary skills validate his relentless pursuits of expanding his horizon and developing more as an IT person. He boasts of the following certifications: *Google Professional Cloud Security Engineer. *AWS Cloud Solutions Architect Associate. *Oracle certified JAVA programmer.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top