CSA’s Top Cloud Security Risks: Part 2
In part one of our coverage on the Cloud Security Alliance’s Notorious 9 Cloud Security threats; we discussed data breaches, data loss, account hijacking and insecure APIs. Part two of this series digs deeper into security vulnerabilities found in cloud infrastructures.
Denial of Service Attacks
Perhaps you have heard of the term DDoS attack? A distributed denial of service attack floods a host with so many requests that the target host becomes unresponsive. This isn’t the only type of attack. A denial of service of DoS attack can disable a host’s ability to respond using small batches of data, sometimes as small as 100 bytes. Cloud services exist that will help shield your cloud and divert DoS attacks away from your cloud but as always, it important to ensure you are up to date on patches and the latest security bulletins that relate to your platform.
Inside Jobs
Perhaps you have granted access to a contractor or there is a disgruntled employee in your organization. What can you do to prevent this person from performing malicious activities? The first thing you should do is use cloud products that have a clear audit trail. You should then setup a system of alerts that sounds the alarms when a malicious operation happens in your environment. If you have an HR department, ensure that your HR department is in sync with the rest of your organization. Sometimes rogue HR employees will terminate an employee without letting the rest of the organization know. Cloud HR apps exist to take care of these problems so that when an employee is terminated, all access is disabled immediately.
When Cloud Services get Abused
While clouds can be setup for productive business functions, black clouds can be setup to serve nefarious purposes. Those who abuse cloud services may setup a cloud to distribute malware, execute DDoS attacks or store illegal materials. Someone who once needed an army of personal computers to crack difficult encryption keys could theoretically use a cloud to crack the key instead. If you are a cloud engineer or a cloud provider, it is important to keep an eye on your dashboard in order to monitor your services. Hackers will try to penetrate cloud infrastructures so that they can setup black clouds on your dime to serve out their unethical or illegal purposes.
Part three of this series will discuss the remaining “Notorious 9” cloud security threats as suggested by the Cloud Security Alliance.
