Every business faces innumerable threats to the safety of their data.
Protecting against these threats on the cloud requires not only an advanced set of security tools, it requires an understanding of the different security issues on the cloud and how to best counter them.
With this in mind, here is a list of three cloud security issues every IT manager should know about:
1: System Vulnerabilities and Exploits
Computer bugs are an ever-present problem on any advanced computing platform. Any new computing system or software application is bound to have a few vulnerabilities. However, new bugs aren’t the biggest threat.
As noted in Verizon’s 2016 Data Breach Investigations Report, the biggest threats are “really old CVEs which still get exploited… Hackers use what works and what works doesn’t seem to change all that often.” Some of these exploits that get used are more than a year old.
The best counter to common vulnerabilities and exploits is to keep all elements of your infrastructure up-to-date with the latest security patches. Using a cloud environment can make this easier, as the cloud provider can help manage patches for CVEs.
2: Employee Actions
It’s an unfortunate fact that employee actions rank among the biggest risks to any company’s cyber security efforts. It was noted in a previous blog that “all told, whether accidental or intentional, employee actions accounted for 18.7% of all data breaches.”
Accidental employee actions that can result in a data breach include:
- Erroneously transmitting sensitive data to the wrong parties.
- Falling for phishing scams that give hackers the employee’s account credentials.
- Sharing account credentials with a third party (family, friends, etc.)
- Loss of mobile device with account credentials and security tokens (laptops, tablets, smartphones, etc.)
Worse are the breaches caused by intentional misuse of account access by an employee. These tend to be especially severe, as the employee often knows where to find the most critical data.
Reducing the risk of this particular cloud security issue can be difficult, and no system will be 100% foolproof. A few general tips include:
- Limiting Account Access to Bare Minimum Required for Work. The less access an account has, the less damage there will be if that account gets misused.
- Enforcing Strong Cyber Security Practices. Using strong passwords, training employees to recognize phishing attempts, and enforcing strict guidelines for sharing data can help reduce the risk of accidental data breaches.
- Deleting User Accounts Once Employees Are Terminated. Whether an employee leaves on good terms or bad, deleting an employee’s access credentials once they’re gone can help prevent a massive data breach.
3: Insecure APIs
The express purpose of application program interfaces, or APIs, is to expose a company for public adoption/consumption. These program interfaces provide a smooth user-friendly interface. However, vulnerabilities in an API can be a major security issue for companies on the cloud.
As noted in a report by the Cloud Security Alliance, “APIs and UIs are generally the most exposed part of a system, perhaps the only asset with an IP address available outside the trusted organizational boundary.”
Here, IT managers should treat any cloud-based APIs as the first line of defense for their organization, even before the perimeter firewall used for the cloud environment. Using threat modeling applications is an important part of following this philosophy.
Technologies such as IdP, OAuth Toolkit, and JSON Identity Suite can be very useful for securing this exposed system without defeating the purpose of providing a smooth user interface.
These are just three of the major cloud security issues that IT managers need to know about. For more information on keeping your infrastructure secure, check out some of WHOA.com’s other resources for secure cloud.