11 cloud security vulnerabilities that trouble businesses
- ConsenSys and AMD develop blockchain-based cloud computing infrastructure
- Google Drive, Apple iCloud and Dropbox: Which is the best cloud storage?
- Benefits of ERP technology in cloud computing
- 5 reasons why enterprises should use cloud computing
- The combination of cloud computing and virtual private network
- Microsoft arrangements to utilize ARM chips for cloud computing
- Cloud computing - A simple explanation
- Adobe earns big on 'the cloud'
- New Window Server: Breakthrough on cloud security (Part 2)
- New Window Server: Breakthrough on cloud security (Part 1)
As cloud computing services increasingly evolve, many companies' applications, data and processes are also heavily used by this technology. According to a recent survey of 241 security experts, 11 serious cloud security issues are directly affecting businesses.
1. Data breach
Data is becoming the main target of network attacks. Determining the value of data and the impact of data loss are essential and important for organizations that own or process the data. In addition, encryption techniques can help protect data, but they will negatively impact the system performance while making applications less user-friendly.
2. Wrong configuration and incomplete change control
Cloud-based resources are complex and constantly changing, making it difficult for system administrators to configure. Traditional methods of control are an ineffective change management in the cloud. Companies should use automation and technologies to continuously scan misconfigured resources and troubleshoot problems in real time.
3. Lack of security architecture and strategy of cloud computing
What businesses must do is ensure the security architecture is aligned with the company's business goals. At the same time, develop and deploy that security architecture.
4. Lack of identification, credentials, access and key management
A secure account includes two-factor authentication and restrictions on the use of system accounts. Besides, businesses also need to practice strict identity control and access control for users and identifiers in the cloud.
5. Account hijacking
This is a serious threat that must be eliminated. Intensive control and controlling access to system resources are key in minimizing account hijacking.
6. Internal threats
Taking measures to minimize user negligence in the company can help mitigate the consequences of internal threats. Organizing training for company employees on security as well as configuring and monitoring computer systems, networks, mobile devices, storage devices are the right things to do at this moment.
7. Unsafe interface and APIs
Regular maintenance of APIs (application interfaces), including thorough monitoring of items such as inventory, inspection, auditing, protection, detecting unusual activities is needed in this case.
8. Weak control plane
Weak control plane means the responsible person do not have complete control over the logic, security, and verification of the data infrastructure. A weak control plane can lead to data loss, theft or corruption.
9. Infrastructural and structural gaps
Cloud service vendors must provide visibility and mitigation measures to combat the inherent lack of cloud transparency for service users.
10. Limited cloud usage visibility
Minimizing risk begins with the development of a complete top-down cloud display effort. It is imperative to train all company employees on cloud usage policies. All unapproved cloud services must be reviewed and managed by the cloud security architect or managed by a third party.
11. Abuse and illegal use of cloud services
Businesses should monitor their employees in the cloud, because traditional mechanisms cannot minimize the risk of using cloud services.
By: Paul Stevens