There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc.
2. Table of Contents
2
Cloud Technology
Types of Cloud Services
Advantages of Cloud Technology
The Best Practices for Cloud
Security
The Main Cloud Security Threats
Data Breaches
Account Hijacking
Lack of Cloud Security
Architecture and Strategy
Insider Threats
Misconfiguration and
Inadequate Change Control
Insecure Interfaces and APIs
(Application Programming
Interface)
Weak Control Plane
Limited Visibility regarding
Cloud Usage
Criminal Use of Cloud
Services
Metastructure Failures
Inadequate Credential,
Identity, Access, and Key
Management
3. Cloud technology involves on-demand IT resources’ delivery over the Internet. These resources have
to do with data storage, servers, databases, networking, and software. Cloud computing enables one to
access technology services (computing power, databases and storage) as per one’s need from a cloud
service provider instead of owning, buying and maintaining data centers and servers. It usually involves
pay-as-you-go pricing.
A remote cloud computing server that is hosted in a data center and is managed by a third party is
used to provide cloud services. Cloud services are scalable and in it the users make use of the Internet
to access computing services. With the aid of cloud technology any device with an active Internet
connection can be used to access files from any location.
One example of cloud servers’ usage is in cloud hosting, which is a type of web hosting. Web hosting is
the service that enables websites to be accessible over the Internet. The most reliable web hosting
companies are usually known as the “Best Windows Hosting Company”, the “Best Web Hosting
Company”, the “Top Cloud Hosting Company” etc.
3
CloudTechnology
4. There are different types of cloud service models, which are mentioned below.
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
Function as a Service (FaaS)
4
Types of Cloud Services
5. The main benefits of cloud technology are as follows-
Mobility
Cost savings
Scalability
Security
Enhanced quality control
Flexibility regarding work practices
Better collaboration
5
Advantages of CloudTechnology
Disaster recovery
Data loss prevention
Competitive edge
Sustainability
Automatic software updates
7. The best practices that need to be followed in order to take care of cloud security are mentioned below, in
no particular order.
Regular monitoring of cloud environment for security threats
Performing routine penetration tests
Adequate management of access control
Following cloud data deletion policies
Clarity about the shared responsibilities of the cloud vendor and that of the user
Data encryption in the cloud
7
The Best Practices for Cloud Security
8. The main threats to the security of the cloud are caused by data breaches, account hijacking, a lack of
cloud security architecture and strategy, insider threats, misconfiguration and inadequate change
control, insecure interfaces and APIs (Application Programming Interface), weak control plane, limited
visibility with regard to cloud usage, criminal use of cloud services, metastructure failures and
inadequate credential, identity, access and key management.
Each of these will be discussed briefly in the following slides.
8
The Main Cloud SecurityThreats
9. Data breaches are a threat to cloud security as these can cause financial and reputational damage, loss
of intellectual property (IP) and often legal liabilities.
9
Data Breaches
10. As a threat to cloud security, account hijacking enables an attacker to gain access to privileged
accounts. When an attacker enters a system using a legitimate account, he is able to cause a lot of
damage which can include data theft, deletion of important data, disruption of service delivery along
with carrying out financial fraud etc.
10
Account Hijacking
11. A lack of cloud security architecture and strategy is another major threat to cloud security. This occurs
when a user is in a hurry to minimize the time that is needed to migrate data and systems to the cloud.
Hence, the user becomes operational in the cloud, using strategies and security infrastructure that are
not adequate or haven’t been designed for the cloud.
11
Lack of Cloud Security Architecture and Strategy
12. An insider threat can be caused by a business’ former or current employees, contractors etc. Such
threats can arise from anyone who has access to a business’ systems. Any damage caused by an insider
threat can be either intentional or unintentional. When unintentional, an insider threat results from the
negligence of employees and/or contractors and includes storage of sensitive data on a personal device,
misconfigured cloud servers etc.
12
InsiderThreats
13. Inefficient change control practices cause most of the misconfiguration errors. This threat can not only
result in the loss of data for cloud users but also resources’ deletion or modification.
13
Misconfiguration and Inadequate Change Control
14. Insecure interfaces and APIs (Application Programming Interfaces) present another threat to cloud
security. API vulnerabilities enable attackers to steal user credentials. Since APIs and user interfaces are
usually the most exposed parts of a system, their security needs to be a top priority.
14
Insecure Interfaces and APIs (Application Programming
Interface)
15. A weak control plane results from not having full control over the logic of the data infrastructure,
verification and security. A failure to understand the security configuration and the architectural
weaknesses can result in data leakage, data corruption, unavailability of data etc.
15
Weak Control Plane
16. Limited visibility with regard to cloud usage can be caused by any unsanctioned app’s use or by the
misuse of any sanctioned app. It is yet another cloud security threat.
16
LimitedVisibility regarding Cloud Usage
17. Legitimate cloud services are often used by attackers in order to carry out their malicious activities. A
cloud service might be used by attackers for hosting disguised malware on websites, distribution of
phishing emails, launching DDoS attacks, executing automated click fraud, carrying out brute-force
attacks etc.
17
Criminal Use of Cloud Services
18. The metastructure of a cloud service provider contains security information which is disclosed
through API calls. A metastructure can give attackers data access as well as enables them to disrupt
cloud customers. Such a vulnerability is usually caused by poor API implementation.
18
Metastructure Failures
19. Cloud security threats can arise from inadequate access and key management along with inadequate
control with regard to data, systems, server rooms etc. Businesses need to change their practices with
regard to identity and access management in order to enhance their cloud security.
19
Inadequate Credential, Identity,Access and Key
Management