12 Cloud Security Threats in 2018

Be Careful To Secure Your Data To Through This Guide

Cloud computing is constantly changing the way organizations use, store, and share data, applications, and workloads. The cloud has also introduced a number of new security threats and challenges. If a large amount of data is stored in the cloud, especially the public cloud service, it will naturally become the main attack target of attackers.

“As the use of public clouds grows rapidly, the size of potentially dangerous sensitive data will inevitably increase,” said Jay Hei, vice president of cloud security at Gartner.

Unlike many people’s thoughts, the main responsibility for protecting corporate data in the cloud lies with cloud customers, not service providers. “Now the focus of cloud security is shifting from a vendor to a customer,” he says. “Companies spend a lot of time figuring out if a particular cloud service provider is” safe ” “He said.

The Cloud Security Alliance (CSA) has created the latest version of the key threat to cloud computing: Industry Insight Reports to help organizations gain a better understanding of cloud security so that they can make informed decisions in their cloud adoption strategy. did.

This report reflects current consensus among CSA community security experts on the cloud’s most critical security issues. CSA says there are a lot of security concerns in the cloud today, but the list focuses on twelve concerns related to sharing and on-demand properties of cloud computing.

CSA conducted a survey of industry experts to gather expert opinions on the biggest security issues in cloud computing to identify key concerns. The following are the most important cloud security issues (in order of severity according to the survey results).

1. Data leakage: Data leakage is the primary goal of target attacks, but may also be the result of mere human error, application vulnerabilities, or incorrect security practices. Leaked data includes all kinds of information, including personal health information, financial information, personally identifiable information, trade secrets, and intellectual property. Your organization’s cloud-based data is valuable to many people for a variety of reasons. The risk of data leakage is not limited to cloud computing, but it is consistently the biggest concern from a cloud customer perspective.
2. Inadequate identity, authentication information, and access rights management: An attacker who masquerades as a legitimate user, operator, or developer can read, modify, and delete data, issue control and management functions, peek into the data being transferred, It is possible to distribute malicious software by pretending. As a result, insufficient identity, authentication information, or key management can allow unauthorized access to data and cause serious harm to an organization or end user.
3. Insecure interfaces and APIs: Cloud vendors expose a set of software user interfaces (UIs) or APIs that customers use to manage and manipulate cloud services. Provisioning, management, and monitoring are all done using this interface, and the security and availability of common cloud services depends on the security of the API. Therefore, APIs should be designed to prevent accidental or malicious attempts to circumvent policy.
4. System Vulnerability A: System vulnerability is an exploitable bug in the program that allows an attacker to penetrate the system and steal data, take control of the system, or shut down the service. CSA pointed out that vulnerabilities within operating system components pose a greater risk to the security of all services and data. With the spread of multi-tenants in the cloud, systems from diverse organizations are located close together and are granted access to shared memory and resources, which creates new attack surfaces.
5. Account hijacking: Account or service hijacking is not new, but cloud services add new threats. Once an attacker obtains a user’s credentials, they can peek into activities and transactions, manipulate data, return falsified information, and turn clients into illegal sites. The account or service instance becomes a new operation base for the attacker. An attacker can use stolen credentials to access critical areas of cloud computing services, compromising the confidentiality, integrity, and availability of those services.
6. Malicious Insider :The level of malicious insider threats is controversial, but there is no question that insider threats are real. If a system administrator is a malicious insider, sensitive information can be accessed and a higher level of access to more important systems, ultimately data. Systems that entrust security entirely to cloud service providers are at greater risk.
7. APT (Advanced Persistent Threats): APT is a parasitic cyber attack that penetrates the system and steals data by establishing an activity base within the target organization’s IT infrastructure. APT is often seeking to pursue goals over a long period of time, adapting itself to security measures to block APT. Once located, APT can move laterally within the data center network and achieve goals by blending into normal network traffic gaps.
8. Data loss Data: Stored in the cloud can be lost for reasons other than malicious attacks. If cloud providers or consumers do not have sufficient data backup measures in accordance with business continuity and disaster recovery best practices, accidental deletion by cloud service providers or physical disasters such as fires or earthquakes can lead to permanent loss of customer data have
9. Insufficient due diligence:Executives should consider cloud technology and service providers when setting up business strategies. To increase the likelihood of success, it is essential to create an effective roadmap and checklist for due diligence when evaluating suppliers. Organizations that adopt cloud technology quickly and choose suppliers without due diligence are exposed to a variety of risks.
10. Cloud service misuse and exploitation: Cloud services with poor security, free cloud service trials, and fraudulent account registration through payment method fraud expose the cloud computing model to malicious attacks. Attackers can leverage cloud computing resources to target users, organizations, or other cloud vendors. Examples of cloud-based resource exploits include distributed denial-of-service attacks, email spam, and phishing scams.
11. Denial of service (DoS): DoS attacks prevent access to data or applications by service users. An attacker can cause the attacked cloud service to consume a limited amount of system resources such as processor power, memory, disk space, or network bandwidth, causing a system slowdown and blocking access for all legitimate service users.
12. Shared Technology Vulnerability: Cloud service providers provide service scalability by sharing infrastructure, platforms or applications. Cloud technology shares “as-a-service” products without significantly changing existing hardware / software, often at the cost of security. In some cases, the infrastructure components of the infrastructure that support the cloud service are not designed to have strong isolation properties for multi-tenant architectures or multi-customer applications. This leads to a shared technology vulnerability that could be exploited by all of the provisioning models.