Posted by aionol | 28 JAN 2018

Taking A Closer Look At the ‘Treacherous 12’ Top Security Threats in The Cloud (Part II)

Security concerns are a major barrier to digital transformation. Many businesses refrain from taking advantage of all the benefits the cloud has to offer, because they are worried about the security of their infrastructure, data and applications. These fears are reflected in a study by the Cloud Security Alliance. They have identified the ‘Treacherous 12’ – […]

Security concerns are a major barrier to digital transformation. Many businesses refrain from taking advantage of all the benefits the cloud has to offer, because they are worried about the security of their infrastructure, data and applications.

These fears are reflected in a study by the Cloud Security Alliance. They have identified the ‘Treacherous 12’ – the 12 top cloud computing security concerns. And security has made the top 5.

We have previously discussed the first 3, including data breaches, insufficient identity management, and insecure interfaces and API.

Let’s move on to Number 4-6:

4. System Vulnerabilities

System vulnerabilities usually come in the form of exploitable bugs in applications and programs. Whilst they have always been a concern, the vulnerability is increasing in the age of cloud computing. New surfaces prone to attack are created where organisation share data, workloads and other resources in close proximity. The CTA therefore recommends to include best practices into basic IT processes, such as regular vulnerability scanning, emergency patching and immediate follow up on identified system threats.

The 12 Treacherous Security Threats in The Cloud

The 12 Treacherous Security Threats in The Cloud

5. Account Hijacking

Cloud computing is adding another level to threats coming from fraud, software exploits and phishing. In the online space, attackers are able to take advantages of opportunities to eavesdrop on workloads and activities, modify data and manipulate transactions. Once they have entered the system, they can use it as a base to launch other attacks. Setting up multifactor authentication, avoiding the sharing of account details, as well as defense-in-depth protection strategies should protect businesses against these attacks, according to the CSA.

6. Malicious Insiders

People leaving the company or moving positions, a temporary business partner, a contractor. Some people react maliciously if they feel like they have been wronged, and sometimes revert to strategies such as data theft to hurt the business. If intruders has access to the cloud, they can incur serious damage. The CSA recommends:

  • The proper training of staff and management to avoid mistakes that could look like malicious account hijacking.
  • Being in control of the encryption process and effectively logging and keeping track of administrator activities.

Read Part III here

Security in the cloud is of utmost important. Iono Inc specialises in efficient and secure cloud computing solutions. Get in contact with us today.

Leave a Reply

Your email address will not be published. Required fields are marked *