Four Cloud Computing Security Issues Every CIO Should Know
September 20, 2017
It’s no secret that cloud computing has become one of the fastest-growing segments of the IT industry in recent times. According to a report by Gartner, the worldwide public cloud services market is expected to grow by 18 percent in 2017, totaling $246.8 billion and is expected to rise up to $383.5 billion by 2020.
Where are you in the cloud?
However, Rightscale’s annual State of the Cloud survey reveals that the level of cloud adoption varies among the organizations.
Roughly a third (33 percent) are heavily using cloud infrastructure, while 25 percent have multiple projects or applications already deployed in the cloud. Meanwhile, 22 percent are new to cloud computing and are working on initial cloud projects. This leaves about 20 percent that are still in the planning stage or have no plans altogether.
Hesitation to adopt cloud environments could be attributed to issues surrounding the cloud. Among the cloud-related challenges faced by organizations, security was cited as one of the top challenges in 2017. Knowing which security concern organizations are likely to face can help them develop your cloud adoption. Here are four cloud computing security concerns every CIO should know.
Data breaches and leakages
Data breaches are a common threat for traditional corporate networks, but the volume of data stored on cloud servers makes them an especially prime target for data breaches.
Data breaches alone can be any organization’s worst nightmare. But often times, a breach is immediately followed by the exposure of stolen data. The severity of these leakages can vary, depending on the sensitivity of the stolen data. For example, leaked classified information or trade secrets will be deemed more severe than login credentials to an online gaming site.
Preventing data breaches requires a multi-layered approach. Employees must be educated in identifying suspicious emails or site links that can potentially allow attackers to breach their defense. Vulnerability management and patching are critical in ensuring that the network is secured from exploits. Encryption should be enforced upon sensitive and critical data.
Denial-of-Service (DoS) Attacks
Denial-of-service attacks are meant to prevent organizations from accessing their data and applications. DoS attacks consume unconscionable system resources such as the processing power, memory capacity, disk space and network bandwidth that can slow down cloud services. For instance, a malicious attacker can send enormous volumes of connection requests that can overwhelm the cloud server.
There are several step that can help mitigate DoS attacks. Increasing bandwidth can help ease any disruption as attackers will have to clog more bandwidth in order to successfully launch an attack. IT professionals should can also invest in DoS attack identification techniques to differentiate between legitimate or malicious traffic. Selecting the right type of hardware can handle these types of attacks; there are commercially available network and security hardware that designed to handle and even help address DoS attacks.
Account Traffic Hijacking
Cloud attack techniques such as fraud, phishing, and even exploitation of software vulnerabilities are not new. Malicious attackers can gain access to cloud credentials and eavesdrop on transactions. Such attackers can maliciously manipulate corporate data and redirect clients to illegal websites.
It is important that organizations that offer cloud services employ and enforce security practices that can help prevent intrusion of attackers. Patching vulnerable software lessens the possibility of exploit attacks. Email protection software—coupled with a strong employee education—can mitigate the threat of fraud and phishing.
Cloud computing firms provide APIs—or simply software interfaces—to allow clients to manage and interact with their cloud services. Even though APIs simplifies interaction between customers and the cloud services, their security and availability are essential. Beginning with the authentication, access controls, encryption and activity monitoring, the APIs have to be developed to protect against malicious attempts which can circumvent the cloud security.
Organizations can ask cloud computing firms to provide documentation on their APIs. The documents can include any application assessment results, security practice reports, and audit results. Customers should ask cloud providers to allow penetration testing and vulnerability assessments to be performed against APIs, so the customer can evaluate if the security practices are set in place.
The responsibility of security
Cloud services are meant to improve efficiency and help to cut down on operational expenditures in an organization. But this does not mean the responsibility of security should fall solely on cloud providers. IT professionals would know their organizations better and are equipped to identify which measures are needed to protect your data, processes and the like. They, too, would be the best people to identify which company assets would require additional layers of protection or security. In order to reap the full benefits of the cloud, IT professionals must also do their part in securing their journey to the cloud.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Posted in Virtualization & Cloud, Cloud Computing