The Silver Lining In Your Cloud TM

Fighting the Top 12 Threats to Cloud Cyber Security: Threats 10-12

Here are the final three threats to cyber security on the cloud from the CSA’s “Treacherous 12” list, and how you can combat them:

Threat #10: Abuse and Nefarious Use of Cloud Services

In a way, this threat is similar to the malicious insider threat from before. However, rather than referring to an authorized user from your own organization launching an attack on your cloud environment, this threat refers to hackers abusing poorly-secured clouds, free service trials, and fraudulent account creation to launch attacks from the cloud.

In this case, a hacker or group of hackers might use cloud resources to launch Distributed Denial of Service (DDoS) attacks against your cloud, or use your cloud to do this to others.

When hackers hijack your cloud provider’s resources to launch attacks against others, the resources the provider has on hand to process your needs may be reduced while they respond to this malicious use.

Additionally, when hackers use fraudulent payments to acquire cloud services, the provider’s costs go up. These costs typically get forwarded to the cloud service provider’s other customers—in other words, you.

Fighting Abuse and Nefarious Use of Cloud Services

There’s not really very much that individual companies can do to fight the abuse of cloud services. The best plan for keeping your company safe from being inconvenienced by hackers abusing cloud services is to use a highly secure cloud service provider that actively works to prevent the misuse of their services.

Ideally, a cloud provider should:

  • Have strong IDS/IPS
  • Use firewalls that inspect both incoming and outgoing traffic
  • Use per-tenant firewalls to isolate users on the same cloud
  • Have cloud workload monitoring and balancing tools
  • Have strong fraud prevention for payment services

These measures can help reduce the risk of a hacker being able to hijack a cloud provider’s environment for nefarious purposes.

Threat #11: Denial of Service

The previous threat briefly mentioned DDoS, a variant of the Denial of Service (DoS) attack. DoS attacks are, simply put, attacks designed to prevent the users of an online service from being able to access data, apps, and other elements of that service.

DoS attacks typically seek to overload a service provider’s finite resources in some way, limiting the speed and stability of the service so that others cannot legitimately use it. The CSA’s “Treacherous 12” list likens a DoS attack to “being caught in rush-hour traffic gridlock: there is no way to get to your destination, and there is nothing you can do about it except sit and wait.”

The effects of a DoS attack can vary, but common effects include disruption of service, added costs for compute cycles and disk space use (if your provider bills you based on total use), inability to meet SLAs, and customer frustration/bad press.

Mitigating DoS Attacks on the Cloud

DoS attacks can use a variety of strategies to overload a system’s processing capabilities and bring services down, making them extremely difficult to prevent. From brute-force attacks that originate from multiple attackers, to attacks that capitalize on flaws in a system’s applications, determined hackers have no shortage of tactics they can leverage to bring a service down.

That being said, cloud service providers are usually in a much better position to mitigate the impact of a DoS attack than the IT departments of all but the biggest Fortune 500 companies.

Cloud service providers can employ many different security measures to mitigate DoS attacks, including:

  • Advanced IDS. The first step in mitigating a DoS attack is spotting it. Anomalous traffic detection can provide an early warning of an attack in progress, but does not stop such attacks by itself.
  • Firewalls with Traffic Type Inspection. Normal firewalls don’t do much to stop DoS attacks, since they typically just check source and destination for traffic. Stable packet inspection and traffic-type inspection makes firewalls better at sorting “good” traffic from “bad” traffic during a DoS attack.
  • Source Rate Limiting. By tracking threat IP addresses, cloud providers can deny these IP addresses access, reducing their ability to consume bandwidth.

These are just a few of the strategies that a cloud provider might use to mitigate the severity of a DoS attack. Even so, these attacks are very hard to stop completely, as cases such as the Sony PlayStation Network DoS attack prove.

Threat #12: Shared Technology Vulnerabilities

This is a threat that might sound familiar if you’ve already read threat #4 of this series: system vulnerabilities. However, this threat deals mostly with the threat of having multiple tenants using different services all on the same hardware.

The concern here is that a single vulnerability on a cloud service providers infrastructure can open up the whole environment to becoming compromised, leading to data loss, breaches, and loss of service.

Controlling Shared Technology Vulnerability Risks

To limit the risks of having shared cloud hardware and environments, cloud service providers need to enact strict security at every level of their infrastructure, software, and platform-as-a-service offerings.

Cloud environments need perimeter, host-based, and per-tenant firewalls to isolate traffic for each tenant on the cloud. This creates a compartmentalized structure that prevents a breach or attack on (or from) one cloud tenant from being able to affect other tenants.

All data on a cloud server needs to use data-at-rest encryption so that hackers that manage to breach a cloud cannot use that sensitive information right away.

Intrusion detection systems are a must for identifying the source of a breach so that any vulnerabilities exposed can be fixed.

Multi-factor authentication services for cloud users can further help to reduce the risk of a breach by making it harder to spoof/steal authentic access credentials.

By installing strict security at every level of the cloud for every user on that environment, cloud service providers such as can massively reduce the risk of using a shared technology environment, protecting customers from many of the biggest cyber security threats on the cloud.

To read previous installments of this series, please click the following links: