Twelve cloud security threats
No.1: Data leakage
Many of the threats faced by the cloud environment are the same as those faced by traditional enterprise networks. However, since a large amount of data is stored on the cloud server, the cloud provider has become a favorite target of hackers. In case of attack, the severity of potential damage depends on the sensitivity of the leaked data. Personal financial information leakage may make headlines, but data leakage involving health information, trade secrets and intellectual property rights may be a more devastating blow.
Threat No. 2: The certificate is stolen and the authentication is false
Data leakage and other attacks are usually the result of lax authentication, weak passwords, and loose key or credential management. When companies try to assign appropriate permissions according to user roles, they often fall into the mire of identity management. What's worse, they sometimes forget to revoke the authority of related users when their job functions change or users leave.
Threat No.4: System vulnerability exploitation
System vulnerabilities, or exploitable vulnerabilities in programs, are nothing new. However, with the emergence of multiple tenants in cloud computing, these vulnerabilities become more problematic. Companies and enterprises share memory, databases and other resources, giving rise to new attack methods.
Fortunately, attacks against system vulnerabilities can be mitigated with "basic IT processes". Best practices include regular vulnerability scanning, timely patch management, and closely following system threat reporting.
The CSA report shows that the cost of fixing system vulnerabilities is less than other IT expenditures. The cost of deploying IT processes to discover and repair vulnerabilities is less than the potential damage of vulnerability attacks. Regulatory industries (such as national defense, aerospace) need to patch as soon as possible, preferably as part of automated processes and cycle operations. The control process of change handling emergency repair shall ensure that the repair activities are properly recorded and reviewed by the technical team.
Threat No. 5: account hijacking
Phishing, fraud and software vulnerability exploitation are still very successful attacks. The emergence of cloud services adds a new dimension to such threats. Because attackers can use cloud services to eavesdrop on user activities, manipulate transactions, and modify data. It is also possible to launch other attacks using cloud applications.
Common deep protection strategies can control the damage caused by data leakage. Companies and enterprises should prohibit sharing account credentials between users and services, and should also enable multi factor authentication schemes where available. User accounts, even service accounts, should be monitored so that every transaction can be traced to an actual person. The key is to avoid account voucher theft.
Threat No. 6: malicious insiders
Insider threats have many masks: current or former employees, system administrators, contractors, business partners... Malicious acts can range from simple data theft to revenge on the company. In a cloud environment, malicious insiders can destroy the entire infrastructure or manipulate and tamper with data. Security depends entirely on the cloud service provider's system, such as the encryption system, which is the most risky.
CSA suggests that companies and enterprises control the encryption process and key, separate responsibilities, and minimize user rights. Effective logging, monitoring, and auditing of administrator activities is also very important.
However, then again, some poor daily operations can easily be misunderstood as "malicious" insider behavior. A typical example is that the administrator accidentally copies the database of sensitive customers to a publicly accessible server. In view of the greater potential exposure risk, appropriate training and management are more important to prevent such low-level errors in the cloud environment.
Threat No. 7: APT (Advanced Persistent Threat) Parasite
The CSA's comparison of Advanced Persistent Threat (APT) to a "parasitic" form of attack is too graphic. APT infiltrates into the system, builds a bridgehead, and then steals data and intellectual property continuously and quietly for a long time. It's no different from parasites.
Threat No. 8: permanent data loss
With the maturity of cloud services, permanent data loss caused by provider errors has become rare. However, malicious hackers have harmed companies and enterprises by permanently deleting cloud data, and cloud data centers, like any other facilities, are powerless against natural disasters.
Threat No. 9: insufficient investigation
If a company invests in cloud services without fully understanding the cloud environment and its related risks, it will face numerous commercial, financial, technical, legal and compliance risks. Whether the company moves to the cloud environment or cooperates with another company in the cloud requires due diligence. Companies that fail to carefully review contracts may not notice the provider's liability clauses in the event of data loss or disclosure.
When deploying an app to a specific cloud, if the company's development team lacks understanding of cloud technology, operational and architectural problems will also arise. CSA reminds companies and enterprises that every time they subscribe to any cloud service, they must conduct comprehensive and detailed due diligence to understand the risks they bear.
Threat No.10: Cloud service abuse
Cloud services may be used to support illegal activities, such as using cloud computing resources to crack keys, launching distributed denial of service (DDoS) attacks, sending spam and phishing emails, hosting malicious content, etc.
Providers should be able to identify types of abuse, such as DDoS attacks by checking traffic, and also provide customers with tools to monitor their cloud environment health. The customer should ensure that the provider has an abuse reporting mechanism. Although customers may not be the direct prey of malicious activities, cloud service abuse may still cause service availability problems and data loss problems.
Threat No.11: Denial of Service (DoS) attack
DoS attacks have a history of many years, but due to cloud computing, these attacks are dead and dry - because they usually affect availability, the system response will be significantly delayed or even directly timed out, which can bring good attack effects to attackers. Being attacked by denial of service is like experiencing traffic jams on and off duty; There is only one way to reach the destination, but you have no choice but to sit and wait.
DoS attacks consume a lot of processing power, and customers will ultimately pay for them. Although high traffic DDoS attacks are more common today, companies and enterprises still need to pay attention to asymmetric, application level DoS attacks to protect their Web servers and databases.
In dealing with DoS attacks, cloud service providers are generally more experienced and prepared than customers. The key is to have a mitigation plan before the attack, so that administrators can access these resources when needed.
Threat No.12: sharing technology and danger
Vulnerabilities in sharing technologies pose a considerable threat to cloud computing. Cloud service providers share infrastructure, platforms and applications, and everyone will be affected if vulnerabilities occur at any of these levels. A vulnerability or misconfiguration can lead to the destruction of the entire provider's cloud environment.
If an internal component is broken, such as a management program, a shared platform component, or an application, the entire environment will face potential downtime or data leakage risks. CSA recommends adopting a defense in depth strategy, including applying multi factor authentication on all managed hosts, enabling host based and network-based intrusion detection systems, applying the concepts of minimum privilege and network segmentation, and implementing shared resource patch strategies.
