Cloud security’s seven deadly sins


Data Loss/Leakage

Data Loss/Leakage

There isn’t currently an acceptable level of security controls surrounding data in the cloud. Some applications could be leaking data as a result of weak API access control and key generation, storage and management. And, data destruction policies may also be absent.


Shared Technology Vulnerabilities

Shared Technology Vulnerabilities

In the cloud, a single misconfiguration can be duplicated across an environment where many virtual servers share the same configuration. Enforce service level agreements (SLAs) for patch management and best practices for network and server configuration.


Malicious Insiders

Malicious Insiders

The level of background checks that cloud providers perform on staff may differ compared to how enterprises would prefer to control data centre access. Many providers may do a good job but it’s largely uneven. Perform a supplier assessment and outline a level of employee screening.


Account, Service & Traffic Hijacking

Account, Service & Traffic Hijacking

A lot of data, applications and resources are concentrated in the cloud where, with weak authentication, an intruder can access a single user account and ultimately get at that customer’s virtual machines. Proactive monitoring of threats and two-factor authentication is advised.


Insecure Application Programming Interfaces

Insecure Application Programming Interfaces

It’s important to perceive the cloud as a new platform and not merely as outsourcing when it comes to developing applications. There ought to be a vetting process surrounding application lifecycles, where the developer understands and applies certain guidelines regarding authentication, access controls and encryption.


Abuse and Nefarious Use of Cloud Computing

Abuse and Nefarious Use of Cloud Computing

The bad guys are probably more progressive than the good guys in how they use technology. Hackers are seen very quickly applying new threats combined with the ability to easily scale up and down in the cloud. All it takes is a single credit card to open up the floodgates.


Unknown Risk Profile

Unknown Risk Profile

Transparency issues continue to persist concerning cloud providers. Account users only interact with the front-end interface and really don’t know what goes on in the backend. Who knows which platforms or patch levels the provider is employing?



Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Slideshows

Top Tech News