Cloud computing is much more popular today than in the past. Along with this growth in popularity a growing number of security risks too. Unfortunately, these risks are growing more common today. As such, you need to know what to watch for so you can protect your business.
Why Security Threats are a Major Issue Today
In just 5 years the cloud computing network has grown by $5 billion – going from $91 billion to $191 billion. According to Host Review, there are several reasons for this, including the fact that they:
- Are inexpensive to use
- Allow for faster time to market
- Help make your employees more productive because they can be more efficient
- Offer greater flexibility
- Update automatically
- Help increase collaboration
- Give you the freedom to work from anywhere
While these benefits sound great, they don’t do away with concerns about security. These security concerns are somewhat holding the growth of “bring your own cloud” (BYOC) back today. After all, the cloud stores all of your passwords so all a cyber criminal needs is to get these passwords and they can critically attack your company’s infrastructure.
In this regard, CSO Online reported about how there are many new security threats and challenges occurring today as the cloud continues transforming how organizations use, store, and share data, applications, and workloads. Since this is happening so quickly today, it’s inevitable that more sensitive information will be at risk. This is especially true since there’s some confusion about who’s responsible for protecting corporate data. While you’d think this would be the responsibility of the cloud service provider, it’s actually the responsibility of the cloud customer. For this reason, the Cloud Security Alliance (CSA) is working to educate businesses about cloud adoption strategies by creating the “Treacherous 12 Top Threats to Cloud Computing Plus” report.
12 General Security Threats
In a report that was written in 2013 there were only 9 security threats that every business should pay attention to. These “Notorious Nine: Cloud Computing Threats” were outlined by the Information Systems Security Association CISO Forum, an organization that was formed in 2008 by Jim Reavis – a well-known security researcher and author.
This is living proof that cyber security threats are continuing to grow. According to Information Week today there are actually 12 security threats which include:
- Data breaches occur when private information is released to the public. Obviously, this risk isn’t unique to cloud computing but it should still be one of your top concerns as a cloud user.
- Insufficient identity, credentials, and access management allow cyber criminals to masquerade as real users. In doing so they can access and manipulate your data.
- Insecure interfaces and application programming interfaces (APIs) that are used by your customers for providing, managing and monitoring data in the cloud are “dangerous.” You need to make sure that they’re designed to protect against accidental and malicious attempts to get around policies.
- Account hijacking occurs when an attacker uses your system’s vulnerabilities to infiltrate it and disrupt your business’ operations. This places your information at risk, especially if you’re working in near other organizations in the cloud. When this happens you don’t only need to look out for your own company’s safety but you must also watch those around you.
- Malicious insiders can access your company’s sensitive information. This is why you shouldn’t rely solely on cloud service providers to keep your business safe.
- Advanced persistent threats (APTs) are parasitic. These infiltrate your system and create a foothold in the IT infrastructure from where they can then steal your sensitive information.
- Insufficient due diligence in creating business strategies happens when you don’t consider your service providers.
- Abuse and nefarious use of cloud services (e.g. poor security, using free trials, people trying to fraudulently sign up for accounts) will also open your business up to malicious attacks.
- Denial of service (DoS) attacks force the cloud to consume a lot of its finite resources. This stops you from accessing your data because the system shuts down stopping legitimate users from gaining access to it.
Security Threats Regarding Video Conferencing
Many firms such as UberConference use video conferencing as part of their daily business routine. They appreciate the fact that people from around the world, living in different time zones, can communicate with each other in real-time. This saves them time and money but there are some inherent risks here as well. These risks come from how the program interacts with other systems in your network. The best way of protecting your business here is through encryption with SSL security. A few of the other things that you can also do here include:
- Password protect your video conference so that only those whom you invite to attend can actually access or record the conference. While it takes time to create a master list of participants, you can rest assured that there weren’t any cyber hackers in attendance.
- Always have a “session border controller” in place instead of a firewall. Since it’s specially designed for filtering and managing media flow between your business and the outside world, it’s safer.
- Use a PKI (public key infrastructure) at any end-points and servers.
- Use SIP/TLS encryption of signaling for control channels.
- Use SRTP media encryption to protect your conferences from being spied on.
- Make sure your SIP trunk ends in a SIP proxy (e.g. sub-band coding) so that all devices have to mutually authenticate themselves.
As cloud computing continues transforming how organizations use, store, and share data, applications, and workloads it’s also bringing about new security threats and challenges. With so much data going into the cloud today it’s no surprise that these resources are becoming natural targets for bad actors. This is especially true when public cloud services are being used. For this reason, it’s important for every business to properly educate all their employees on how to stay safe while using the cloud today.