Cloud technology turned cybersecurity on its head. The availability and scope of data, and its interconnectedness, also made it extremely vulnerable from many threats. And it took a while for companies to take this issue seriously.
The transition to the cloud has brought new security challenges. Since cloud computing services are available online, this means anyone with the right credentials can access it. The availability of enterprise data attracts many hackers who attempt to study the systems, find flaws in them, and exploit them for their benefit.
Image source: Businesswire
One of the main problems that come with assessing the security risks of cloud computing is understanding the consequences of letting these things happen within your system.
In this article, we will look at six major cloud security threats, and also explain how to minimize risks and avoid them.
What are the main cloud computing security issues?
1. Poor Access Management
Access management is one of the most common cloud computing security risks. Point of access is the key to everything. That’s why hackers are targeting it so much.
In 2016 LinkedIn experienced a massive breach of user data, including account credentials (approximately 164 million).
Image source: Fortune
The reasons were:
- insufficient crisis management;
- ineffective information campaign;
- the cunningness of the hackers.
As a result, some of the accounts were hijacked, and this caused quite a hunt for their system admins in the coming months.
Here’s another example of cloud security threats. A couple of months ago, the news broke that Facebook and Google stored user passwords in plaintext. While there were no leaks, this practice is almost begging to cause some.
These are just a few of the many examples.
So how to handle this issue?
- Multi-factor authentication is the critical security component on the user’s side. It adds a layer to system access. In addition to a regular password, the user gets a disposable key on a private device. The account is locked down, and the user is sent a notification in case of an attempted break-in.
Image source: Centrify
- Distinct layout for access management on the service side. This layout means determining the availability of information for different types of users. For example, the marketing department doesn’t need to have access to the quality assurance department protocols and vice versa.
Image source: Codeproject
2. Data Breach and Data Leak - the main cloud security concerns
The cloud security risk of a data breach is a cause and effect thing. If the data breach happens - this means the company had neglected some of the cloud security flaws, and this caused a natural consequence.
What is a data breach?
It is an accident in which the information is accessed and extracted without authorization. This event usually results in a data leak (aka data located where it is not supposed to be).
Confidential information can be open to the public, but usually, it is sold on the black market or held for ransom.
While the extent of the consequences depends on the crisis management skills of the particular company, the event itself is a blemish on a company's reputation.
How data breaches occur?
The information in the cloud storage is under multiple levels of access. You can't just stumble upon it under normal circumstances. However, it is available from various devices and accounts with cryptographic keys. In other words, a hacker can get into it if he knows someone who has access to it.
Here's how a data breach operation can go down:
- It all starts with a hacker studying the company's structure for weaknesses (aka exploits). This process includes both people and technology.
- Upon identifying a victim, the hacker finds a way to approach a targeted individual. This operation includes identifying social media accounts, interests, and possible flaws of the individual.
- After that, the victim is tricked into giving access to the company's network. There are two ways of doing that:
- Technological, via malware sneakily installed on a victim's computer;
- Social engineering, by gaining trust and persuading someone to give out their login credentials;
That's how a cybercriminal exploits a security threat in cloud computing, gets access to the system, and extracts the data.
The most prominent recent data breach is the one that happened in Equifax in 2017. It resulted in a leak of personal data of over 143 million consumers. Why? Equifax’s developers hadn’t updated their software to fix the reported vulnerability. Hackers took advantage of this and the breach happened.
How to avoid data breaches from happening?
A cloud security system must have a multi-layered approach that checks and covers the whole extent of user activity every step of the way. This practice includes:
- Multi-factor Authentication - user must present more than evidence of his identity and access credentials. For example, typing a password and then receiving a notification on a mobile phone with a randomly-generated single-use string of numbers active for a short period. This has become one of cloud security's standards nowadays.
Image source: NP Information Systems
- Data-at-Rest Encryption. Data-at-rest is a type of data that is stored in the system but not actively used on different devices. This process includes logs, databases, datasets, etc.
Image source: Cloudera
- Perimeter firewall between a private and public network that controls in and out traffic in the system;
- Internal firewall to monitor authorized traffic and detect anomalies;
3. Data Loss
If a data breach wasn’t bad enough, there is an even worse cloud security threat - it can get irreversibly lost like tears in the rain. Data loss is one of the cloud security risks that are hard to predict, and even harder to handle.
Let’s look at three of the most common reasons for data loss:
- Data alteration - when information is in some way changed, and cannot be reverted to the previous state. This issue may happen with dynamic databases.
- Unreliable storage medium outage - when data gets lost due to problems on the cloud provider’s side.
- Data deletion - i.e., accidental or wrongful erasure of information from the system with no backups to restore. The reason is usually a human error, messy database structure, system glitch, or malicious intent.
- Loss of access - when information is still in the system but unavailable due to lack of encryption keys and other credentials (for example, personal account data)
How to prevent data loss from happening?
- Frequent data backups are the most effective way of avoiding data loss in the majority of its forms. You need a schedule for the operation and clear delineation of what kind of data is eligible for backups and what is not. Use data loss prevention software to automate the process.
- Geodiversity - i.e., when the physical location of the cloud servers in data centers is scattered and not dependent on a particular spot. This feature helps in dealing with the aftermath of natural disasters and power outages.
One of the most infamous examples of data loss is the recent MySpace debacle.
It resulted in 12 years of user activity and uploaded content getting lost. Here’s what happened. During a cloud migration process in 2015, it turned out that a significant amount of user data, (including media uploads like images and music), got lost due to data corruption. Since MySpace wasn’t doing backups - there was no way to restore it. When users started asking questions, customer support said that the company is working on the issue, and a couple of months later, the truth came out. This incident is considered to be another nail in the coffin of an already dying social network.
Don’t be like MySpace, do backups.
4. Insecure API
Application User Interface (aka API) is the primary instrument used to operate the system within the cloud infrastructure.
This process includes internal use by the company’s employee and external use by consumers via products like mobile or web applications. The external side is critical due to all data transmission enabling the service and, in return, providing all sorts of analytics. The availability of API makes it a significant cloud security risk. In addition to that, API are involved in gathering data from edge computing devices.
Authentication and encryption are two significant factors that keep the system regulated and safe from harm.
However, sometimes the configuration of the API is not up to requirements and contains severe flaws that can compromise its integrity. The most common problems that occur are:
- Anonymous access (i.e., access without Authentication)
- Lack of access monitoring (may also occur due to negligence)
- Reusable tokens and passwords (frequently used in brute force attacks)
- Clear-text Authentication (when you can see input on the screen)
The most prominent example of insecure API in action is the Cambridge Analytica scandal. Facebook API had deep access to user data and Cambridge Analytica used it for its own benefit.
How to avoid problems with API?
There are several ways:
- Penetration testing that emulates an external attack targeting specific API endpoints, and attempting to break the security and gain access to the company’s internal information
- General system security audits
- Secure Socket Layer / Transport Layer Security encryption for data transmission
- Multi-factor Authentication to prevent unauthorized access due to security compromises.
5. Misconfigured Cloud Storage
Misconfigured Cloud Storage is a continuation of an insecure API cloud security threat. For the most part, security issues with cloud computing happen due to an oversight and subsequent superficial audits.
Here’s what happens.
- Cloud misconfiguration is a setting for cloud servers (for storage or computing purposes) that makes it vulnerable to breaches.
The most common types of misconfiguration include:
- default cloud security settings of the server with standard access management and availability of data;
- mismatched access management - when an unauthorized person unintentionally gets access to sensitive data;
- mangled data access - when confidential data is left out in the open and requires no authorization.
A good example of cloud misconfiguration is the National Security Agency’s recent mishap. A stash of secure documents was available to screen from an external browser.
Here’s how to avoid it.
- Double-check cloud security configurations upon setting up a particular cloud server. While it seems obvious, it gets passed by for the sake of more important things like putting stuff into storage without second thoughts regarding its safety.
- Use specialized tools to check security configurations. There are third-party tools like CloudSploit and Dome9 that can check the state of security configurations on a schedule and identify possible problems before it is too late.
6. DoS Attack - Denial-of-service attack
Scalability is one of the significant benefits of transitioning to the cloud. The system can carry a considerable workload.
But that doesn’t mean it can handle more unexpectedly. It can overload and stop working. That’s a significant cloud security threat.
Sometimes, the goal is not to get into the system but to make it unusable for customers. That’s called a denial-of-service attack. In essence, DoS is an old-fashioned system overload with a rocket pack on the back.
The purpose of the denial-of-service attack is to prevent users from accessing the applications or disrupting its workflow.
DoS is a way of messing with the service-level agreement (SLA) between the company and the customer. This intervention results in damaging the credibility of the company. The thing is - one of the SLA requirements is the quality of the service and its availability.
Denial-of-Service puts an end to that.
There are two major types of DoS attack:
- Brute force attack from multiple sources (classic DDoS),
- More elaborate attacks targeted at specific system exploits (like image rendering, feed streaming, or content delivery)
During a DoS attack, the system resources are stretched thin. Lack of resources to scale causes multiple speed and stability issues across the board. Sometimes it means an app works slow or it simply cannot load properly. For users, it seems like getting stuck in a traffic jam. For the company, it is a quest to identify and neuter the sources of the disruption, and also increased spending on the increased use of resources.
2014 Sony PlayStation Network attack is one of the most prominent examples of denial-of-service attacks. It is aimed at frustrating consumers by crashing the system by both brute forces and being kept down for almost a day.
How to avoid a DoS attack?
- Up-to-date Intrusion Detection System. The system needs to be able to identify anomalous traffic and provide an early warning based on credentials and behavioral factors. It is a cloud security break-in alarm.
- Firewall Traffic Type Inspection features to check the source and destination of incoming traffic, and also assess its possible nature by IDS tools. This feature helps to sort out good and bad traffic and swiftly cut out the bad.
- Source Rate Limiting - one of the critical goals of DoS is to consume bandwidth. Blocking of the IP addresses, that are considered to be a source of an attack, helps to keep the situation under control.
The adoption of cloud technology was a game-changer both for companies and hackers. It brought a whole new set of security risks for cloud computing and created numerous cloud security issues.
The shift to cloud technology gave companies much-needed scalability and flexibility to remain competitive and innovative in the ever-changing business environment. At the same time, it made enterprise data vulnerable to leaks and losses due to a variety of factors.
Following the standards of cloud security is the best way to protect your company from reputational and monetary losses.
Have concerns about your cloud security?