11 cloud security vulnerabilities that trouble businesses

Researchers in a survey point out that there are a lot of pressing issues today, especially in companies' privacy and security.

As cloud computing services increasingly evolve, many companies' applications, data and processes are also heavily used by this technology. According to a recent survey of 241 security experts, 11 serious cloud security issues are directly affecting businesses.

1. Data breach

Data is becoming the main target of network attacks. Determining the value of data and the impact of data loss are essential and important for organizations that own or process the data. In addition, encryption techniques can help protect data, but they will negatively impact the system performance while making applications less user-friendly.

2. Wrong configuration and incomplete change control

Cloud-based resources are complex and constantly changing, making it difficult for system administrators to configure. Traditional methods of control are an ineffective change management in the cloud. Companies should use automation and technologies to continuously scan misconfigured resources and troubleshoot problems in real time.

3. Lack of security architecture and strategy of cloud computing

What businesses must do is ensure the security architecture is aligned with the company's business goals. At the same time, develop and deploy that security architecture.


4. Lack of identification, credentials, access and key management

A secure account includes two-factor authentication and restrictions on the use of system accounts. Besides, businesses also need to practice strict identity control and access control for users and identifiers in the cloud.

5. Account hijacking

This is a serious threat that must be eliminated. Intensive control and controlling access to system resources are key in minimizing account hijacking.

6. Internal threats

Taking measures to minimize user negligence in the company can help mitigate the consequences of internal threats. Organizing training for company employees on security as well as configuring and monitoring computer systems, networks, mobile devices, storage devices are the right things to do at this moment.


7. Unsafe interface and APIs

Regular maintenance of APIs (application interfaces), including thorough monitoring of items such as inventory, inspection, auditing, protection, detecting unusual activities is needed in this case.

8. Weak control plane

Weak control plane means the responsible person do not have complete control over the logic, security, and verification of the data infrastructure. A weak control plane can lead to data loss, theft or corruption.

9. Infrastructural and structural gaps

Cloud service vendors must provide visibility and mitigation measures to combat the inherent lack of cloud transparency for service users.

10. Limited cloud usage visibility

Minimizing risk begins with the development of a complete top-down cloud display effort. It is imperative to train all company employees on cloud usage policies. All unapproved cloud services must be reviewed and managed by the cloud security architect or managed by a third party.

11. Abuse and illegal use of cloud services

Businesses should monitor their employees in the cloud, because traditional mechanisms cannot minimize the risk of using cloud services.



By: Paul Stevens