What challenges occur cloud security
Answers
1. Data Breaches
Cloud computing and services are relatively new, yet data breaches in all forms have existed for years. The question remains: “With sensitive data being stored online rather than on premise, is the cloud inherently less safe?”
A study conducted by the Ponemon Institute entitled “Man In Cloud Attack” reports that over 50 percent of the IT and security professionals surveyed believed their organization’s security measures to protect data on cloud services are low. This study used nine scenarios, where a data breach had occurred, to determine if that belief was founded in fact.
After evaluating each scenario, the report concluded that overall data breaching was three times more likely to occur for businesses that utilize the cloud than those that don’t. The simple conclusion is that the cloud comes with a unique set of characteristics that make it more vulnerable.
2. Hijacking of Accounts
The growth and implementation of the cloud in many organizations has opened a whole new set of issues in account hijacking.
Attackers now have the ability to use your (or your employees’) login information to remotely access sensitive data stored on the cloud; additionally, attackers can falsify and manipulate information through hijacked credentials.
Other methods of hijacking include scripting bugs and reused passwords, which allow attackers to easily and often without detection steal credentials. In April 2010 Amazon faced a cross-site scripting bug that targeted customer credentials as well. Phishing, keylogging, and buffer overflow all present similar threats. However, the most notable new threat – known as the Man In Cloud Attack – involves the theft of user tokens which cloud platforms use to verify individual devices without requiring logins during each update and sync.
3. Insider Threat
An attack from inside your organization may seem unlikely, but the insider threat does exist. Employees can use their authorized access to an organization’s cloud-based services to misuse or access information such as customer accounts, financial forms, and other sensitive information.
Additionally, these insiders don’t even need to have malicious intentions.
A study by Imperva, “Inside Track on Insider Threats” found that an insider threat was the misuse of information through malicious intent, accidents or malware. The study also examined four best practices companies could follow to implement a secure strategy, such as business partnerships, prioritizing initiatives, controling access, and implementing technology.
4. Malware Injection
Malware injections are scripts or code embedded into cloud services that act as “valid instances” and run as SaaS to cloud servers. This means that malicious code can be injected into cloud services and viewed as part of the software or service that is running within the cloud servers themselves.
Once an injection is executed and the cloud begins operating in tandem with it, attackers can eavesdrop, compromise the integrity of sensitive information, and steal data. Security Threats On Cloud Computing Vulnerabilities, a report by the East Carolina University, reviews the threats of malware injections on cloud computing and states that “malware injection attack has become a major security concern in cloud computing systems.”
5. Abuse of Cloud Services
The expansion of cloud-based services has made it possible for both small and enterprise-level organizations to host vast amounts of data easily. However, the cloud’s unprecedented storage capacity has also allowed both hackers and authorized users to easily host and spread malware, illegal software, and other digital properties.
In some cases this practice affects both the cloud service provider and its client. For example, privileged users can directly or indirectly increase the security risks and as a result infringe upon the terms of use provided by the service provider.
These risks include the sharing of pirated software, videos, music, or books, and can result in legal consequences in the forms of fines and settlements with the U.S. Copyright Law reaching up to $250,000. Depending on the damage, these fines can be even more cost prohibitive. You can reduce your exposure to risk by monitoring usage and setting guidelines for what your employees host in the cloud. Service providers and legal entities, such as CSA have defined what is abusive or inappropriate behavior along with methods of detecting such behaviors.
Answer:
Common problems include failure to strategize, meeting organizational needs, hiring and retaining good employees, staying current and integrating all your technologies.
Lack of Strategy. ...
Meeting Organizational Needs. ...
Attracting and Retaining Top Talent. ...
Keeping Up with Change. ...