Not all threats to cyber security on the cloud are alike. Companies need a comprehensive set of protections to keep their data safe on any infrastructure.
Here are threats 7-9 of the top 12 threats to cyber security on the cloud, and how to fight them:
Threat #7: Advanced Persistent Threats
When most people think of a data breach or hack attempt, they think that the worst of the damage is done immediately and that’s the end of it. However, IT security breaches aren’t always spotted right away, and some threats are persistent in nature, continuously leaching data off of the system and transmitting it to hackers month after month.
Rather than being a quick “smash and grab” approach to stealing data, advanced persistent threats (APTs) try to stealthily create a foothold for hackers to keep sneaking sensitive data out of your cloud environment right from under your nose.
The consequences of an advanced persistent threat penetrating your security are similar to a large-scale data breach, because that is exactly what they cause. The longer it takes to spot and eliminate the threat, the more damage it can do.
Fighting Advanced Persistent Threats
APTs can be particularly tough to find and fight, because they’re designed to be stealthy. To minimize risks and damage from an APT, companies need to:
- Prevent the Introduction of APTs to the Infrastructure. The best way to fight APTs is to make sure that they never get on the system in the first place. This means tightly controlling access to your business infrastructure with firewalls and antivirus, as well as making sure that all workers with access follow strict protocols to prevent account hijacking.
- Use Strong Internal Firewalls for Different Applications and Databases. Another solid strategy for limiting the damage that an APT can cause is to ensure that there is strong internal separation of your cloud environment. Putting different databases and apps behind individual firewalls helps limit the access of an advanced persistent threat on the system, reducing overall damage.
- Monitor Both Incoming and Outgoing Data Traffic. Keeping an eye out for unusual data access requests and tracking database activity can help your IT security team spot a potential breach from an APT. For example, if data is suddenly being moved from a secure server to a less secure one, it could be a symptom of an APT on the network.
Threat #8: Data Loss
In terms of cloud computing, data loss means the loss of access to data stored in the cloud. This particular threat can be especially serious in the medical industry, where access to current data on patients (allergies, medication doses, etc.) can literally mean the difference between life and death.
However, unlike many other threats, data loss isn’t always the result of a malicious attack. There are many situations that can cause a loss of access to information, such as:
- Natural disasters
- Power outages
- Interruptions of internet access
- Loss of encryption key to access encrypted data
- Physical destruction of storage media
- Corruption of stored data
- Wiping of data from storage drive
Preventing Data Loss on the Cloud
Many of the issues listed above have nothing to do with malicious attacks by hackers, but random events of nature. A hurricane, earthquake, or severe electrical storm could bring down a data center and destroy the hardware that runs your cloud environment.
To avoid a loss of data in these situations, it’s often best to use cloud-based services that offer geodiversity. Keeping your data backed up in geographically diverse locations helps to ensure that if one data center is taken out, your organization can still draw on a backup of that data from another location.
Threat #9: Insufficient Due Diligence
Who’s responsible for the security in your cloud environment setup? How about the integration of cloud services with your company’s infrastructure? The creation of a clear and complete cloud implementation and management strategy is a basic element of due diligence.
Unfortunately, many companies that rush to adopt the cloud fail to perform due diligence in strategizing for the cloud and adapting to the challenges of using cloud computing. This creates openings for attacks by hackers and malicious insiders, compromising cloud security.
Meeting Due Diligence Needs When Adopting Cloud Services
Unlike many of the other threats on the list, insufficient due diligence is almost wholly within the control of the company implementing the cloud.
To avoid the risks of insufficient due diligence, it’s important for companies moving to the cloud to:
- Thoroughly research their cloud partners
- Establish who is responsible for what security measures on the cloud
- Check compliance requirements for their industry
- Create a strategy for implementing the cloud
- Ensure that employees are aware of cyber security practices and standards
The best way to limit the risk of insufficient due diligence is to take the time to create a thorough strategy for the cloud that addresses security issues, implementation of cloud in the company, and contingencies for events such as data breaches or data loss.
Keeping data secure can be tough on any infrastructure, local or cloud-based. However, with some due diligence in creating sound security plans, and the right cloud service provider, companies can protect their data while improving business operations.
…This series will continue with threats 10-12 that include: Abuse and Nefarious Use of Cloud Services, Denial of Service, and Shared Technology Vulnerabilities
To read about threats 1-3, Click Here.
To read about threats 4-6, Click Here.