A cloud computing (cloud computing) continues to transform the way companies use, store, and share data, applications, and workloads. The solution, however, has also introduced a number of new threats and security challenges. With so much information entering the cloud — especially in public cloud services — these resources become natural targets for cybercriminals.
To provide organizations with an updated understanding of cloud security concerns, the Cloud Security Alliance published a report outlining the 11 top threatsidentified by experts:
1. Data Breach
Data breaches continue to be one of the top concerns in cloud security, as these threats can cause significant financial damage and harm to a company's reputation. They can also result in the loss of intellectual property and significant legal liabilities.
2. Misconfigurations
This is a new but not surprising threat, as there are numerous examples of companies accidentally exposing data through the cloud. One such example is Exactis, which left a database containing personal information of 230 million U.S. consumers due to improper configurations.
3. Lack of Security Architecture and Strategy
This problem is as old as the cloud itself. The desire to minimize the time required to migrate systems and data to the cloud often takes precedence over security. As a result, the company ends up using infrastructure and security strategies that were not designed for the cloud environment.
4. Insufficient Identity, Credential, and Access Management
Another threat is the inadequate management and control of access to data, systems, and other resources. The report states that the cloud requires organizations to change their identity and access management practices. Otherwise, they may experience security incidents and breaches due to failures in credentials, passwords, authentication, among others.
5. Account Takeovers
Account hijacking continues to be one of the main threats to the cloud. As phishing attempts become more effective and targeted, the risks of an attacker gaining access to privileged accounts are significant. It is worth noting that phishing is not the only way a cybercriminal can obtain credentials. They can also acquire them by compromising the cloud service itself.
6. Insider Threats
The threats from trusted users are as serious in the cloud as they are in on-premises systems. These individuals can be current or former employees, contractors, or a trusted business partner: anyone who does not need to breach the company's defenses to access its systems.on-premises (locais). Esses indivíduos podem ser funcionários atuais ou antigos, contratados ou um parceiro de negócios confiável: qualquer pessoa que não precise violar as defesas da empresa para acessar seus sistemas.
A user does not need to have malicious intent to cause harm. Recent studies show that in 2018, 64% of all reported incidents were caused by employee or contractor negligence. This negligence can include misconfigured servers, storing sensitive data on personal devices, or phishing attacks.phishing.
7. Insecure Interfaces and APIs
Insecure interfaces and APIs are a common attack vector, as Facebook well knows. In 2018, the social network suffered a breach that affected over 50 million accounts. Especially when associated with user interfaces, API vulnerabilities can provide attackers with a simple path to steal user or employee credentials.
8. Weak Control Plan
A control plan encompasses processes for data duplication, migration, and storage. According to the report, it can be considered weak if the person responsible for the processes does not have full control over the logic, security, and verification of the data infrastructure. Stakeholders in control need to understand the security configurations, how data flows, and its weak points. Not having this practice can result in information leaks, data unavailability, or information corruption.stakeholders no controle precisam entender as configurações de segurança, como os dados fluem e seus pontos fracos. Não ter essa prática pode resultar em vazamentos de informação, indisponibilidade de dados ou corrupção de informações.
9. Structural Failures
The meta-structure of a cloud service provider maintains security information about how it protects its systems — and discloses this information through API calls. APIs help customers detect unauthorized access, but they also contain highly sensitive information, such as logs or data from auditing systems.
This line is also a potential point of failure, allowing attackers to access data. Poor API implementation is often the cause of vulnerabilities.
Customers, on the other hand, may not know how to implement applications in the cloud. This issue is particularly true when connecting applications that were not designed for cloud environments.
10. Limited Visibility
A common complaint among security professionals is that a cloud environment makes them blind to most of the data needed to detect and prevent suspicious activities. Experts divide this challenge into two categories: unauthorized use of applications and misuse of sanctioned applications.
Any application that does not meet corporate security guidelines represents an unknown risk to the team. Misuse involves the use of approved applications by authorized individuals or by cybercriminals with stolen credentials. In this scenario, security teams must know the difference between users by detecting abnormal behaviors.
11. Abuse
Cybercriminals are increasingly using legitimate cloud services to support their activities. For example, they may use a cloud service to hostmalwaredisguised, launch DDoS attacks, send phishingemails,mine virtual currencies, or conduct attacks to steal credentials.
For experts, cloud service providers must take steps to mitigate risks and detect abuses, such as fraud in payment tools or misuse of services. It is also important for providers to have an incident response framework to allow customers to report issues.