Search
  • CyPro

Keep your data and services secured in the Cloud

Challenges to Cloud

  • Lack of control over resources: Concerns related to lack of physical control, data and applications.

  • Less security visibility and control capabilities: The IT is not able to dictate things such as version control, patch frequency and code reviews. Therefore they will be forced to update their development, QA, administration and operations processes.

  • Internet dependency - performance and availability: Cloud computing services relies fully on the availability, speed, quality and performance of the internet.

  • Difficult to migrate: It is not very easy to move the applications from an enterprise to cloud computing environment or even within different cloud computing platforms.

Critical Threats to Cloud Security

Cloud Security Alliance (CSA) has identified 8 critical threats to cloud security:

  1. Enterprise cloud services are not enterprise-ready: 95% of cloud services used in the average enterprise are not enterprise-ready from a security standpoint.

  2. Data breaches: Due to the huge amount of data stored on cloud servers, providers are an increasingly attractive target to cyber criminals.

  3. Lack of encryption: Encryption is one of the most basic methods for securing data, but many enterprises make the mistake of failing to encrypt sensitive data in the cloud.

  4. Weak authentication and identity management: A lack of proper authentication and identity management is responsible for data breaches within organizations. Cloud provider are usually support 2FA/MFA mechanisms but unfortunately, clients are not making use of it.

  5. Insider threat: An insider (a former employee, system administrator, contractor, or business partner) could destroy infrastructure or permanently delete data. Systems that depend entirely on cloud service providers for security are at greatest risk.

  6. Account Hijacking: Techniques like phishing and fraud are well known cyber threats, but cloud adds a new dimension to these threats as successful attackers are able to eavesdrop on activities and modify data.

  7. Lacking due diligence: Due diligence is the process of evaluating cloud vendors to ensure that best practices are in place. Part of this process includes verifying whether the cloud provider can offer adequate cloud security controls and meet the level of service expected by an enterprise.

  8. DDoS attacks: DDoS attacks often affect availability and for enterprises that run critical infrastructure in the cloud, this can be debilitating and systems may slow or simply time out.

  9. DDoS attacks also consume large amounts of processing power: a bill that the cloud customer (you) will have to pay.

Remediation

In order to reduce the risk of using cloud services, the following should be considered:

  • Use of encryption to protect data at rest as well as in transit.

  • Manage encryption key via HSM system.

  • Use MFA for accessing cloud resources.

  • Disable cloud root account and create a dedicates admin accounts.

  • Create and enforce dedicate security policy for cloud usage.

  • Monitor cloud accounts to make sure that every transaction can be traced back to a human owner.

  • Review accreditation's and standards gained by cloud providers, including ISO 9001, DCS, PCI and HIPAA.

  • Use dedicated security systems such as IPS, WAF and DDoS protection to protect against external attacks.

  • Conduct security assessments and vulnerability scans on a regular basis.


Wants to learn more about cloud risks and mitigation? contact our experts today and they will be glad to assist you with any needs.

https://www.cypro.co.il/contact


Baruch Menahem

CEO, Cyber Security Expert

CyPro Consulting

36 views0 comments