Data breaches that resulted from cloud misconfigurations cost businesses nearly $3.18 trillion in 2019, according to DivvyCloud heres what to know to protect your business
The Covid-19 pandemic is having huge effects on the economy, our social lives, and the ways in which we work. With many staff around the world now being required to work from home, the crisis has focused attention on cloud security and the resilience of its infrastructure to stand up to cloud security threats.
The cybersecurity vulnerabilities inherent to cloud storage are nothing new. Many companies were still in the process of improving their cloud security when the pandemic hit, but have now been forced to accelerate their plans.
This move includes a renewed push to encrypt cloud storage using AES and an increased consciousness of the risk of phishing attacks in cloud environments. Experts also reckon that improved cloud security can save businesses up to $1.4 million per cyber-attack.
In this article, well look at the top 5 cloud security threats and will show you how to mitigate the cloud vulnerabilities that are associated with them.
Lets hash it out.
The cloud is here to stay. Flexeras 2020 State of the Cloud Report (formerly the Rightscale State of the Cloud Report) shows that, for the first time since the first edition of its report was published, every survey respondent indicated that they had cloud strategy plans or already used cloud in one form or another. In fact, 93% of their respondents indicated that their organizations have multi-cloud strategies.
The widespread use of cloud by organizations of all sizes serves to further underscore the importance of mitigating cloud security threats by eliminating existing cloud vulnerabilities.
Here are the five most common cloud security threats and what your organization can do to mitigate them:
One of the primary threats to cloud storage systems is not a feature of these systems themselves, but rather a result of the way that companies use them. The growing number of cloud providers with large free service plans drives down costs and encourages even small companies to move all of their data to the cloud. In many cases, this is done without carefully thinking through access policies.
Access management includes two fundamental elements. One is a rigorous access policy, and the other is a set of authentication and identity verification tools.
Lets look at access policies first. There is a simple principle when it comes to designing access policies for cloud storage: If an employee doesnt need access to particular files or systems in order to do their job, then they shouldnt have it. You should conduct regular audits of the level of access your employees have to your cloud systems and remove any unnecessary privileges.
This is particularly true when employees leave your company. A number of high-profile recent data breaches have been caused by disgruntled employees who have found that they still have access to their corporate accounts even long after leaving the company. IT administrators, therefore, need to liaise closely with HR departments to ensure that theres a process for removing privileges for departing employees as soon as possible.
Alongside this policy, you should deploy the most secure authentication and identity verification tools that are feasible for your cloud environment. Many cloud vendors now offer multi-factor authentication (MFA) systems as part of their standard packages. In these systems, users must have access to a second device typically a smartphone in order to log in to your systems. This makes access to your cloud storage dramatically more secure.
If youre looking to improve your cloud security still further, you can implement a separation of duties (SoD) model. This model separates the tasks that can be performed within your cloud environment so that no one user is able to totally control it. This means that tasks that might be damaging to your company such as deleting certain files require more than one person to execute.
SoD models afford you with a greater level of security because they mean that even if an administrative account is hacked, the attacker will not gain a level of access to your cloud environment that will allow them to cause significant levels of damage.
Data breaches and leaks are more of a threat in cloud systems than in those managed in-house. This is simply due to the large amounts of data flowing between employees and cloud systems, which can be intercepted by hackers looking for weaknesses in your systems. This is what happened to Equifax in 2017 when the personal data of more than 148 million Americans was stolen and published by hackers.
In the Equifax breach, the attackers were able to take advantage of an expired digital certificate. This is what helped the breach to remain undetected for more than a month and a half a total of 76 days..
Dont Get Breached
91% of cyber attacks start with an email, which can leave your business open to devastating data breaches. Not securing your email is like leaving the front door open for hackers.
One of the best ways to mitigate this threat is to secure your data using in-transit and at-rest data security. This would include the use of encryption both for your email server and for the messages themselves.This would include the use of digital certificates such as SSL/TLS website certificates and S/MIME (secure/multipurpose internet mail extension) certificates.
You should also ensure that all of your staff can access your cloud securely from anywhere, while at the same time youre using a reputable virtual private network to encrypt data that is in transit between Wi-Fi access points and your companys network. What is considered reputable? You neednt invest in an enterprise VPN, which can cost hundreds of dollars per month per user. However, it is important to do your research to ensure that the VPN service youre investing in is genuinely secure.
This is particularly true if you are looking for cost-effective VPN services. As weve pointed out in our recent article on free VPNs, some of these services are not as secure as they claim to be. Some free or ostensibly free VPN services i.e., those that do not keep log files and are AES-encrypted are fine. Others will log all of your activity in order to sell on this information, or will use less secure encryption schemes. Both of these practices are a potential source of risk, and if youre investing in a security tool it really shouldnt expose you to more risk.
Data loss is another issue that plagues cloud systems. After moving your business processes to the cloud, the amount of data you store remotely can quickly grow to an unmanageable size, which makes backups both difficult and costly. Because of this, research has found that an average of 51% of organizations have publicly exposed at least one cloud storage service, and 84% of organizations have said that traditional security solutions dont work in cloud environments.
Not performing regular, thorough backups is a major threat because of the rise of ransomware attacks, in which a hacker will encrypt your cloud storage and demand payment for returning data to you.
If you wait until something goes wrong, its too late. Preventing this kind of attack means designing and implementing a rigorous and stable backup system now. Ideally, this should be a distributed system, in which data is backed up in multiple systems and locations, in order to avoid data loss from individual storage area network (SAN) systems crippling your business.
Application user interfaces (APIs) are the primary tools that enable interaction with cloud storage systems. Normally, APIs are used by (at least) two distinct sets of employees:
Unfortunately, many APIs still have security vulnerabilities, most often giving cloud storage providers undue levels of access to your data. It emerged a few months ago, for instance, that both Facebook and Google stored user passwords in plaintext, and that these could, therefore, be read by staff within those organizations.
Considering that the 2019 Online Security Survey by Google and Harris Poll shows that more than two-thirds of respondents reuse their passwords across multiple accounts, thats particularly worrisome.
Mitigating the threat presented by insecure APIs means choosing a cloud storage vendor carefully. A quality vendor will adhere to OWASP API security guidelines, and also be able to provide you with data on the number of attacks they have seen, and the number they have defeated.
DivvyCloud recently highlighted another common threat in cloud systems: misconfiguration, which can lead to data being left unsecured. Some companies dont change the default security settings on their cloud storage; others allow their data to be stored in large and confusing structures in which it is easy to leave particular files unprotected. A good example of the dangers of misconfigured cloud storage is the National Security Agencys (NSA) mishap, a mistake that made a number of top secret documents available to everyone via an external browser.
Such cloud vulnerabilities are exacerbated by the sheer number of systems that are now connected to cloud storage. Most companies will now use the cloud for all of their operational processes from certificate management and email outreach and marketing automation to small business phone and messaging systems. Managing data flowing to the cloud from multiple endpoints can be a challenge for even the most experienced admins.
For most companies, ensuring that your cloud storage is configured correctly will be a question of speaking to your cloud storage vendor, and seeking assurances (and potentially legal assurances) that these have been set up correctly. You should ensure that you have an understanding not only of your cloud storage system, but also of all the systems that you use alongside it that could compromise its security.
A quality cloud storage provider will take the time to assess how you use your cloud storage, and the other systems you use alongside it, and highlight any potential risks and cloud vulnerabilities that this gives rise to.
The present moment with the world battling a global pandemic might seem like a strange time to reassess your cloud security. But, in reality, this is a necessary step, and theres no better time than the present.
None of the cloud security threats above are new, but theyre more important than ever as employees are forced to work from home. As a result, encryption is essential to defend against as are regular audits of who has access to your cloud storage and choosing a high-quality cloud provider.
Ultimately, by using this opportunity to improve your cloud security, you will also be protecting your data, staff, and customers in the long term. This will set you and your organization up for a successful future.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store authored by Gary Stevens. Read the original post at: https://www.thesslstore.com/blog/cloud-security-5-serious-emerging-cloud-computing-threats-to-avoid/
Read the original here:
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid - Security Boulevard
- How Do You Define Cloud Computing? - Data Center Knowledge [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- RCom arm in tie-up for cloud computing - Moneycontrol.com [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Roundup Of Cloud Computing Forecasts, 2017 - Forbes [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Cloud Computing Continues to Influence HPC - insideHPC [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- 5 Cloud Computing Stocks to Buy - TheStreet.com [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Adobe bets big on cloud computing for marketing, creative professionals - Livemint [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Red Hat's New Products Centered Around Cloud Computing, Containers - Virtualization Review [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Verizon sells cloud services to IBM in 'unique cooperation between ... - Cloud Tech [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Hospital CIOs see benefits of healthcare cloud computing - TechTarget [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- How Cloud Computing Is Turning the Tide on Heart Attacks - Fortune [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- What is Cloud Computing Technology?: Cloud Definition ... [Last Updated On: May 3rd, 2017] [Originally Added On: May 3rd, 2017]
- Daily Report: Cloud Computing Asserts Itself - New York Times [Last Updated On: May 4th, 2017] [Originally Added On: May 4th, 2017]
- Verizon sells cloud services to IBM in 'unique cooperation between two tech leaders' - Cloud Tech [Last Updated On: May 4th, 2017] [Originally Added On: May 4th, 2017]
- CIOs embrace the value of cloud computing in healthcare - TechTarget [Last Updated On: May 4th, 2017] [Originally Added On: May 4th, 2017]
- Heptio's Joe Beda: Before embracing cloud computing, make sure your culture is ready - GeekWire [Last Updated On: May 4th, 2017] [Originally Added On: May 4th, 2017]
- CLOUD COMPUTING Cisco Expands Cloud IoT Services with $610M Viptela Acquisition - CIO Today [Last Updated On: May 6th, 2017] [Originally Added On: May 6th, 2017]
- A prepaid wallet that helps start-ups access cloud-computing services - The Hindu [Last Updated On: May 6th, 2017] [Originally Added On: May 6th, 2017]
- Google: No to Price War Over Cloud Computing - Investopedia [Last Updated On: May 6th, 2017] [Originally Added On: May 6th, 2017]
- 3 things to know about the cloud v. data center decision - ZDNet [Last Updated On: May 8th, 2017] [Originally Added On: May 8th, 2017]
- OpenStack Foundation cites 'capabilities, compliance and cost' as Summit kicks off - Cloud Tech [Last Updated On: May 9th, 2017] [Originally Added On: May 9th, 2017]
- Profit From Cloud Computing Boom With This ETF - Seeking Alpha [Last Updated On: May 9th, 2017] [Originally Added On: May 9th, 2017]
- Autonomous Driving Market Focuses on Artificial Intelligence and ... - PR Newswire (press release) [Last Updated On: May 9th, 2017] [Originally Added On: May 9th, 2017]
- The cloud computing tidal wave - BetaNews [Last Updated On: May 9th, 2017] [Originally Added On: May 9th, 2017]
- Aruba predicts a hybrid future for edge and cloud computing - The Internet of Business (blog) [Last Updated On: May 9th, 2017] [Originally Added On: May 9th, 2017]
- China Says Draft Rules on Cloud Computing Have Been Misunderstood - Wall Street Journal (subscription) [Last Updated On: May 9th, 2017] [Originally Added On: May 9th, 2017]
- Oracle launches cloud computing service for India | Business Line - Hindu Business Line [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- Microsoft is on the edge: Windows, Office? Naah. Let's talk about cloud, AI - The Register [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- IBM touts its cloud platform as quickest for AI with benchmark tests - Cloud Tech [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- Enterprise-owned data centres still 'essential' despite cloud growth, research notes - Cloud Tech [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- You really should know what the Andrew File System is - Network World [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- Microsoft launches Android app to manage its Azure cloud computing platform - Android Police [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- 3 Cloud Computing Stocks To Buy Right Now - May 10, 2017 ... - Zacks.com [Last Updated On: May 11th, 2017] [Originally Added On: May 11th, 2017]
- Virtustream Adds Enterprise Cloud to Global Dell EMC Partner Program - Cloud Computing Intelligence (registration) (blog) [Last Updated On: May 13th, 2017] [Originally Added On: May 13th, 2017]
- Trump signs cybersecurity executive order, mandating a move to cloud computing - GeekWire [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- Cloud Computing, Term of Art Complete Preakness Works - BloodHorse.com (press release) (registration) (blog) [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- IBM Announces The Defense Calculator And A Cloud Computing Service - Forbes [Last Updated On: May 14th, 2017] [Originally Added On: May 14th, 2017]
- Achieving compliance in the cloud - CSO Online [Last Updated On: May 17th, 2017] [Originally Added On: May 17th, 2017]
- Boston schools CIO Mark Racine takes hybrid approach to cloud computing - EdScoop News (press release) (registration) (blog) [Last Updated On: May 17th, 2017] [Originally Added On: May 17th, 2017]
- Benefit-risk 'tipping point' for cloud computing now passed, says ... - Out-Law.com [Last Updated On: May 17th, 2017] [Originally Added On: May 17th, 2017]
- Cloud Computing puts in work for Preakness before deluge - Daily Racing Form [Last Updated On: May 17th, 2017] [Originally Added On: May 17th, 2017]
- How telecom is shifting its strategy to support cloud computing - SiliconANGLE (blog) [Last Updated On: May 17th, 2017] [Originally Added On: May 17th, 2017]
- Cloud computing - Simple English Wikipedia, the free encyclopedia [Last Updated On: May 17th, 2017] [Originally Added On: May 17th, 2017]
- How Alphabet Views the Cloud Computing Price Wars - Market Realist [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Keying Longshot Cloud Computing in the Preakness - America's Best Racing [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Microsoft Extends Cloud-Computing Arms Race to Africa - Fox Business [Last Updated On: May 18th, 2017] [Originally Added On: May 18th, 2017]
- Firms Face Decelerating Cloud Spending: Analyst - Investopedia [Last Updated On: May 20th, 2017] [Originally Added On: May 20th, 2017]
- Is edge computing set to blow away the cloud? - Cloud Tech [Last Updated On: May 20th, 2017] [Originally Added On: May 20th, 2017]
- Microsoft Extends Cloud-Computing Arms Race to Africa - Wall Street Journal (subscription) [Last Updated On: May 20th, 2017] [Originally Added On: May 20th, 2017]
- Rested and ready: 13-1 shot Cloud Computing wins Preakness - Fairfield Daily Republic [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Watch Cloud Computing's thrilling come-from-behind finish at the Preakness Stakes - For The Win [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Cloud Computing wins the 142nd Preakness Stakes in front of a record crowd [Photos] - Baltimore Business Journal [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- 13-1 shot Cloud Computing edges Classic Empire, springs upset in Preakness - News3LV [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Cloud Computing Wins Preakness Stakes, and Techies Are Stoked - Fortune [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Cloud Computing wins Preakness Stakes, dashing Always ... [Last Updated On: May 22nd, 2017] [Originally Added On: May 22nd, 2017]
- Cloud computing, Galeria Inno and change at Deka - Delano.lu [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Roundup Of Cloud Computing Forecasts, 2017 - Enterprise Irregulars (blog) [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Cloud Computing Does Not Need Help From Washington - Cramer's ... - Seeking Alpha [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- CTOvision Assessment on The Megatrend of Cloud Computing - CTOvision (blog) [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Cloud Computing's Trainer Wins One for His Mentor at Preakness - New York Times [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Make sense of edge computing vs. cloud computing | InfoWorld - InfoWorld [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Cloud Computing Takes the Preakness - RFD-TV [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Cloud Computing takes Preakness - CNN.com [Last Updated On: May 23rd, 2017] [Originally Added On: May 23rd, 2017]
- Make Sense of Edge Computing vs. Cloud Computing - Linux.com (blog) [Last Updated On: May 26th, 2017] [Originally Added On: May 26th, 2017]
- How will cloud computing and analytics affect Citrix shops? - TechTarget [Last Updated On: May 26th, 2017] [Originally Added On: May 26th, 2017]
- Red Hat to acquire cloud computing firm - Triangle Business Journal [Last Updated On: May 26th, 2017] [Originally Added On: May 26th, 2017]
- Cloud computing streamlines oil field monitoring - Williston Daily Herald [Last Updated On: May 26th, 2017] [Originally Added On: May 26th, 2017]
- Fans should appreciate Cloud Computing's Preakness win - ESPN [Last Updated On: May 26th, 2017] [Originally Added On: May 26th, 2017]
- Cray Takes the Plunge into Cloud Computing - TOP500 News [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Baidu to leverage cloud computing, artificial intelligence, in effort to ramp up behavioural analysis - South China Morning Post [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Cloud computing will change the nature of hospital IT shops - Healthcare IT News [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Microsoft's weapon in high-stakes cloud-computing battle with Amazon? Freebies - The Seattle Times [Last Updated On: May 28th, 2017] [Originally Added On: May 28th, 2017]
- Amazon Shares Hit $1000, Showing Dominance of E-Commerce, Cloud - The VAR Guy [Last Updated On: May 30th, 2017] [Originally Added On: May 30th, 2017]
- Oracle set to expand cloud reach with Tencent alliance - South China Morning Post [Last Updated On: May 30th, 2017] [Originally Added On: May 30th, 2017]
- Cloud Computing to Skip Belmont as Field Comes into Focus - America's Best Racing [Last Updated On: May 30th, 2017] [Originally Added On: May 30th, 2017]
- Movers: Amazon's Stock Price Hits $1000 - New York Times [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Mary Meeker: Healthcare technology is booming thanks to cloud computing and wearables - SiliconANGLE (blog) [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Will Amazon's Web Services Business Get Hurt by Cloud Computing Commodification? - HuffPost [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Box CEO Aaron Levie: Artificial intelligence to revolutionize cloud computing - MarketWatch [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- Cloud computing takes off as top new discipline on campus - Education Dive [Last Updated On: June 1st, 2017] [Originally Added On: June 1st, 2017]
- CIOs and factors overlooked when changing your cloud - Cloud Tech [Last Updated On: June 3rd, 2017] [Originally Added On: June 3rd, 2017]