The cloud has been in the tech spotlight for quite some time now. A number of people understand its underlying advantages and the mode of its operation, but few are aware of security threats that face the cloud.
Just recently, part of Amazon’s cloud computing service crashed, crippling Instagram and Netflix, together with millions of users. Clearly, even the cloud is at threat just like all other computer systems.
Here are 6 of the most common security threats that most cloud systems face:
Contrary to the tight security measures that organisations put in place for their cloud systems, there are actually a number of loopholes that experienced hackers can exploit in a cloud that isn’t so well-protected. A virtual machine in a cloud, for instance, can be used to obtain cryptographic keys that are being used by another virtual machine on the same server. As such, a hacker’s job would be relatively easy. Additionally, if a cloud database isn’t properly designed, a flaw in a client’s application can allow a hacker to gain access to all other clients’ data in the database.
While organisations are striving to constantly protect their data from unauthorized access by using encryption, there are still a number of things that can compromise the cloud. In data encryption, losing an encryption key, is no different than losing all your data. However, it is shocking that only 36% of the organisations are confident that they won’t lose their data due to loss of the encryption key. Moreover, 26% of the organizations in the U.S. alone do not use encryption to protect their sensitive data, making it easier for attackers to access their cloud.
Despite high levels of data encryption and proper storage of encryption keys, eavesdropping also poses as a great threat to cloud computing. CSA believes that if someone gains unauthorized access to your credentials, he/she can easily eavesdrop on all your activities. Once he/she has gained access, it will be slightly easier to attack more accounts on the cloud system. However, traffic hijacking is relatively easy to curb. Organisations should only ensure that account credentials are never shared.
A cloud system may be totally perfect when it comes to security, but whenever a human being is involved in the operation of any perfect computer system, several loopholes begin to surface. Former employees,
rival companies, or contractors can gain access to a poorly designed cloud systems while impersonating some of the current employees in an organisation. Additionally, if the encryption keys are stored in an easily accessible area, it becomes even easier for an attacker to gain access into the company’s cloud.
Complexity of a Cloud
The larger the cloud, the more difficult it becomes to manage it. This makes it more difficult for even the most competent system analysts to fish out all the loopholes and block them. In fact, this is one of the reasons why most big companies are constantly being attacked by hackers. In 2011, the PlayStation network, for instance, was hacked into and over 70 million accounts were compromised. In general, a simple, light, and easy to use interface is much preferred to complex cloud systems.
While the cloud is still relatively new, not everyone knows exactly how it operates and what constitutes a cloud environment. As such, some organisations embrace the cloud technology without clearly understanding what the cloud is. These organizations should instead ensure that they have sufficient resources which will enable them to carry out extensive due diligence before fully relying on the cloud system.
All in all, there are numerous threats that the cloud faces. However, it is evident that many of these threats revolve around the people who operate the cloud regardless of how many dedicated servers a cloud has.
Article inspired by Ninefold
We, at Microsoft, provide ‘Talking Business’ to help entrepreneurs and business owners’ succeed. We believe in your ability to innovate and in the ability of technology to help, so to support ‘Talking Business’ we have many resources available for businesses like you. We have an informative newsletter, blog posts by people in the industry, and a community looking to help small business succeed.
Follow us on twitter - @MicrosoftSB, or use the hashtag #TalkingBusiness to find out more information