200 likes | 213 Vues
There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
 
                
                E N D
Table of Contents • Cloud Technology • Types of Cloud Services • Advantages of Cloud Technology • The Best Practices for Cloud Security • The Main Cloud Security Threats • Data Breaches • Account Hijacking • Lack of Cloud Security Architecture and Strategy • Insider Threats • Misconfiguration and Inadequate Change Control • Insecure Interfaces and APIs (Application Programming Interface) • Weak Control Plane • Limited Visibility regarding Cloud Usage • Criminal Use of Cloud Services • Metastructure Failures • Inadequate Credential, Identity, Access, and Key Management
Cloud Technology • Cloud technology involves on-demand IT resources’ delivery over the Internet. These resources have to do with data storage, servers, databases, networking, and software. Cloud computing enables one to access technology services (computing power, databases and storage) as per one’s need from a cloud service provider instead of owning, buying and maintaining data centers and servers. It usually involves pay-as-you-go pricing. • A remote cloud computing server that is hosted in a data center and is managed by a third party is used to provide cloud services. Cloud services are scalable and in it the users make use of the Internet to access computing services. With the aid of cloud technology any device with an active Internet connection can be used to access files from any location. • One example of cloud servers’ usage is in cloud hosting, which is a type of web hosting. Web hosting is the service that enables websites to be accessible over the Internet. The most reliable web hosting companies are usually known as the “Best Windows Hosting Company”, the “Best Web Hosting Company”, the “Top Cloud Hosting Company” etc.
Types of Cloud Services There are different types of cloud service models, which are mentioned below. • Infrastructure as a Service (IaaS) • Platform as a Service (PaaS) • Software as a Service (SaaS) • Function as a Service (FaaS)
Advantages of Cloud Technology • Disaster recovery • Data loss prevention • Competitive edge • Sustainability • Automatic software updates The main benefits of cloud technology are as follows- • Mobility • Cost savings • Scalability • Security • Enhanced quality control • Flexibility regarding work practices • Better collaboration
1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?
The Best Practices for Cloud Security The best practices that need to be followed in order to take care of cloud security are mentioned below, in no particular order. • Regular monitoring of cloud environment for security threats • Performing routine penetration tests • Adequate management of access control • Following cloud data deletion policies • Clarity about the shared responsibilities of the cloud vendor and that of the user • Data encryption in the cloud
The Main Cloud Security Threats • The main threats to the security of the cloud are caused by data breaches, account hijacking, a lack of cloud security architecture and strategy, insider threats, misconfiguration and inadequate change control, insecure interfaces and APIs (Application Programming Interface), weak control plane, limited visibility with regard to cloud usage, criminal use of cloud services, metastructure failures and inadequate credential, identity, access and key management. • Each of these will be discussed briefly in the following slides.
Data Breaches • Data breaches are a threat to cloud security as these can cause financial and reputational damage, loss of intellectual property (IP) and often legal liabilities.
Account Hijacking • As a threat to cloud security, account hijacking enables an attacker to gain access to privileged accounts. When an attacker enters a system using a legitimate account, he is able to cause a lot of damage which can include data theft, deletion of important data, disruption of service delivery along with carrying out financial fraud etc.
Lack of Cloud Security Architecture and Strategy • A lack of cloud security architecture and strategy is another major threat to cloud security. This occurs when a user is in a hurry to minimize the time that is needed to migrate data and systems to the cloud. Hence, the user becomes operational in the cloud, using strategies and security infrastructure that are not adequate or haven’t been designed for the cloud.
Insider Threats • An insider threat can be caused by a business’ former or current employees, contractors etc. Such threats can arise from anyone who has access to a business’ systems. Any damage caused by an insider threat can be either intentional or unintentional. When unintentional, an insider threat results from the negligence of employees and/or contractors and includes storage of sensitive data on a personal device, misconfigured cloud servers etc.
Misconfiguration and Inadequate Change Control • Inefficient change control practices cause most of the misconfiguration errors. This threat can not only result in the loss of data for cloud users but also resources’ deletion or modification.
Insecure Interfaces and APIs (Application Programming Interface) • Insecure interfaces and APIs (Application Programming Interfaces) present another threat to cloud security. API vulnerabilities enable attackers to steal user credentials. Since APIs and user interfaces are usually the most exposed parts of a system, their security needs to be a top priority.
Weak Control Plane • A weak control plane results from not having full control over the logic of the data infrastructure, verification and security. A failure to understand the security configuration and the architectural weaknesses can result in data leakage, data corruption, unavailability of data etc.
Limited Visibility regarding Cloud Usage • Limited visibility with regard to cloud usage can be caused by any unsanctioned app’s use or by the misuse of any sanctioned app. It is yet another cloud security threat.
Criminal Use of Cloud Services • Legitimate cloud services are often used by attackers in order to carry out their malicious activities. A cloud service might be used by attackers for hosting disguised malware on websites, distribution of phishing emails, launching DDoS attacks, executing automated click fraud, carrying out brute-force attacks etc.
Metastructure Failures • The metastructure of a cloud service provider contains security information which is disclosed through API calls. A metastructure can give attackers data access as well as enables them to disrupt cloud customers. Such a vulnerability is usually caused by poor API implementation.
Inadequate Credential, Identity, Access and Key Management • Cloud security threats can arise from inadequate access and key management along with inadequate control with regard to data, systems, server rooms etc. Businesses need to change their practices with regard to identity and access management in order to enhance their cloud security.
Thanks! ANY QUESTIONS? www.htshosting.org