Saturday, September 21, 2019
Security Threats In Cloud Computing
Security Threats In Cloud Computing What is cloud computing? To explain Cloud computing in simple words, lets just say it is Internet computing, if we observe closely the internet is basically the collection of cloud; thus, the cloud computing word can be elaborated as using the internet, to its full potential, to provide organization and people, technology enabled oriented services. Cloud computing let consumers access, by the help of the internet, resources online from any corner of the world without the need to worry about physical/technical maintenance and management issues of the real original resources. What is cloud computing security? To keep it in simple words, cloud security actually points out to a broad set of rules/regulation or policies, maybe set of technologies, or controls deployed solely for the sake of, to protect application data, and the linked infrastructure of cloud computing from the malicious intruder. If all seems good how come security threat became an issue? The cloud computing technology is on the verge of peak. Its really a wonderful news for enterprises and organization who want to get things done with more quickness and easiness as compared to past times but one need to keep their vision open to the possibility of data hijack. The famous Company IBM lies on top of companies providing cloud security with many options in hand to reduce risk. The 9 biggest threats right now according to a report that was released, on 29 February, from the Cloud Security Alliance are: Security Breach in terms of data The companies providing cloud environment face more commonly the same threat i.e. traditional corporate, yet due to the huge amount of data stored on their private servers, they are more vulnerable to the eyes of hackers or intruders. The information being leaked from their servers or exposed becomes headline showing the drawback of the security area. Disaster occur when information such as trade secret, health information or intellectual property data are breached If such event occurs in which hacker or intruder outrun the security checks of cloud environment and data breach occur, then the organization providing the facility may end being washed up on the shore just like a broken ship because they may be filed or sued by the potential customers. To protect their environment, normally cloud owners, deploy security protocols in their services field but in the cloud organizations are responsible for protecting their own data Broken authentication Compromised credentials The most common reasons for data breach are weak passwords, poor key lax authentication or certificate management. Companies often strive with identity management, as they try to give or deny permissions as defined to the users job role. More important, keeping in view, they sometimes dont or forget to remove access of user when a job function changes or when a user leaves the environment of organization. The ways of multifactor authentication systems such as phone-based authentication, one-time passwords smartcards tends to protect cloud services because this make it quite harder for attackers, hacker to log or go in to access with stolen passwords. Many developers dont realize the danger of embedding credentials in source code and make such mistake and upload the source code on famous site where source code is easily accessible such as GitHub and bit bucket. APIs Hacked interfaces Normally every cloud application and service now gives APIs access to its users. IT teams use APIs and interfaces to organize and connect with cloud pool, including those that offer cloud management, provisioning, monitoring, and orchestration. The availability and security of cloud services from authentication to encryption and access control and activity monitoring depend on the security level of that particular API. Risk level increases with commonly third parties that tends to rely on APIs and build an infrastructure on these interfaces, as organizations may feel the need to expose or portray more credentials or service, the CSA warned. Weak APIs and interfaces expose company to security concerns related to integrity, confidentiality, accountability, and availability. APIs and interfaces are the most exposed and weak part of a system because theyre usually accessible and easily gained access from the open Internet. Misuse system vulnerabilities Exploitable bugs, or system vulnerabilities in application and programs, are not new, but theyve become rapidly a huge problem with the inclusion of multitenancy in cloud computing services. Organizations handshake databases, memory and other resources in close range to one another, giving chance to new possible attack surfaces. Hijacking of Account Software exploits, fraud and phishing are still the most successful way for intruders for back door gain access. Above all that, cloud services add a whole new level of dimension to the possibilities of threat because hackers can eavesdrop on various activities, modify data and manipulate transactions. Not only that, hackers may also use cloud application for their advantage to launch various other attacks. Cloud service provider should prohibit user from sharing of account security credentials between services and users Malicious insiders The threat from inside has many faces: a former or current employee, a contractor, system administrator, business partner or a contractor. In a cloud system scenario, a malicious insider can destroy or burn the whole infrastructures to ground or manipulate system data. Systems that solely depend on the various cloud service provider for security implementation, such as data or key encryption, are at huge risk. The parasite Advantage persistent threat (APT) APTs normally and blend in normal traffic move through the network, so it becomes difficult to detect. The major cloud service providers make sure to apply advanced encryption techniques to prevent threat such as APTs from infiltrating or entering their building infrastructure. Common points of entering in the system include direct attacks, spear phishing, USB or pen drives loaded with malware injection, and third-party compromised software networks. Totally Permanent loss of data With the day to day enhancement and cloud services of getting matured, reports of permanent loss of data due to error from provider have vanished into thin air. But intruders or malicious hackers are famous to white wash cloud data just to harm businesses and bring the service provider to ground, and cloud data provider centers are at risk to natural disasters as any common facility. Cloud service providers advice or recommend their user to distribute their data and applications across various multiple layers of zones for much more added protection. Abuse of cloud service power The disaster that can occur from the misuse of cloud service power can never be mapped of any graph scale. It has the tendency to supportÃâÃ various criminal activities such as using the resources of cloud technology to break in to gain encryption key in order to launch various attack such as sending phishing email, messages or filling mailbox with spam mails, launching famous DDoS attack to shut down server or hosting malicious content.