Explore 10 critical cloud security threats: data breaches, human error, data loss, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws.
With an estimated 70% of all organizations using the cloud, cloud security threats should be a concern for every business. A 2017 study by CGI and Oxford Economics gauged the costs resulting from data breaches in the last five years at more than $50 billion, according to a Fortune article.
The cloud, whether public, private, or a hybrid of the two, provides a flexible model for simplified IT management, remote access, mobility, and cost-efficiency. But as more mission-critical applications migrate to the cloud, data privacy and software security are growing concerns.
Moving web applications to the cloud does not make them inherently more secure. While your organization should embrace the benefits of the cloud infrastructure, you must also ensure you address all the security risks.
Cloud computing provides many advantages, such as speed and efficiency via dynamic scaling. But it also raises a host of concerns about security threats, such as data breaches, human error, malicious insiders, account hijacking, and DDoS attacks. In fact, a Ponemon Institute study indicated that a data breach overall data breaching was three times more likely to occur for businesses that use the cloud than those that don’t.
Here’s the big picture of the 10 most critical cloud security threats you face, as well as the steps you should take when choosing cloud technologies.
10 critical cloud security threats in 2018 and beyond
- Data breaches. The risk of a data breach is not unique to cloud computing, but it consistently ranks as a top concern for cloud customers.
- Human error. According to Jay Heiser, research vice president at Gartner, “Through 2020, 95% of cloud security failures will be the customer’s fault.”
- Data loss with no backup. An accident or catastrophe can lead to the permanent loss of customer data unless there are measures in place to back up that data.
- Insider threats. A recent research report noted, “53% of organizations surveyed confirmed insider attacks against their organization.”
- DDoS attacks. Distributed denial-of-service attacks pose significant risks to cloud customers and providers, including lengthy service outages, reputational damage, and exposure of customer data.
- Insecure APIs. As the public “front door” to your application, an API is likely to be the initial entry point for attackers. Use pen testing to uncover security weaknesses in the APIs you use.
- Exploits. The multitenancy nature of the cloud (where customers share computing resources) means shared memory and resources may create new attack surfaces for malicious actors.
- Account hijacking. Using stolen credentials, attackers may gain access to critical areas of cloud computing services, compromising the confidentiality, integrity, and availability of those services.
- Advanced persistent threats. Many advanced persistent threat groups not only target cloud environments but use public cloud services to conduct their attacks.
- Spectre & Meltdown. Attackers can exploit Meltdown to view data on virtual servers hosted on the same hardware, potentially disastrous for cloud computing hosts. Spectre is even worse—harder to exploit, but harder to fix too.
Next step: Develop a cloud provider due diligence checklist
Develop a good roadmap for due diligence when choosing cloud technologies and providers. Put a special emphasis on disaster recovery and security, including penetration testing, patch and system updates, disaster recovery plans, and mean time to recovery.