Meta: Although popular with Internet users, the undeniable convenience of cloud storage services also comes with risks. So what are the risks when using cloud computing?
The nature of cloud computing is data sharing, so the risk of security is high so when businesses want to apply cloud computing to their business model, according to CSA, always be careful with security. Because these services default to users bypassing the general security policies of the business and setting up employee’s own account with the service. Therefore, businesses may have to revise and supplement new security policies to suit cloud computing. Small and medium-sized businesses today do not know whether to bring their applications and data to the cloud. If posted, what are the possible security risks?
The cloud environment has the same security risks as conventional enterprise networks, but because there is so much data stored on cloud servers, the provider becomes an attractive target for bad guys. The level of risk depends on the sensitivity of the data. Perhaps the information about personal finance has the highest level of sensitivity, but maybe it is also information about health, trade secrets, intellectual property… and they are also extremely destructive if leaking.
The cloud environment has the same security risks as conventional enterprise networks/Ph.paranetsolutions
When an incident occurs, businesses are often fined, or faced with accusations. Investigations in data leakage and customer compensation can leave businesses empty. Unappealing side effects can be brand damage, loss of partnership and business impact for many years to come.
Cloud service providers certainly have their own specific measures to ensure customer data security, but it is the enterprise that is primarily responsible for protecting the data itself yourself in the clouds. CSA recommends that businesses use multiple authentication steps when employees want to retrieve data and need data encryption in case of theft.
Data leaks and other types of attacks often target login credentials, such as passwords, authentication keys, or other certificates. Businesses often have difficulty managing user identifiers to identify the right people and the right jobs when accessing cloud data. More importantly, businesses often forget to remove user access when they finish work or end projects.
Businesses can be lost password/Ph.GTP
Multi-layer authentication systems such as each login are a new password, phone authentication and smartcard protect cloud services because they make it very difficult for bad guys to get data even if there is Get a user password. A leak from Anthem Medical Insurance in 2014 revealed more than 80 million login data of customers. Anthem doesn’t deploy multi-step authentication, so once the attacker gets the login data, everything falls apart.
Many developers make the mistake of embedding their input and encryption keys right into the source code, and pushing the code onto popular source repositories like GitHub. These keys should also be properly secured, including public keys. CSA also thinks that these keys need to be changed periodically so that it is difficult for an attacker to gain login privileges.
Businesses planning to collaborate with a cloud service provider need to understand the security measures the provider uses to protect their platform. Centralizing authentication in a solution has its own risks. Businesses need to consider the convenience of that centralization and risk if the solution becomes the target of the bad guys.
Interface and API are hacked
The reality is that almost every cloud service or application has its own API (application program interface). The IT team uses this interface and APIs to manage and interact with cloud services, including functions such as cloud management, synchronization, and monitoring.
If the interface and API have poor security, it will reveal gaps related to data integrity/Ph.Tcloudsproject
The security and data availability of cloud services, from authentication, access management to encryption and operational monitoring, depending on the security of the API. The higher the security risk if there is a third party involved, the harder it is for the enterprise to refuse to allow partners to collaborate on cloud data. Therefore, if the interface and API have poor security, it will reveal gaps related to data integrity, availability, security and reliability.
APIs and interfaces tend to be the most “exposed” components in a system because they are often publicly available on the Internet. CSA proposes that enterprises take management measures, and consider it as the first defense step. CSA also recommends that businesses should focus on assessing and testing their own system to regularly detect security errors.
These holes were discovered
System vulnerabilities, program bugs are not new, but they will become a much bigger problem if the business is looking to the cloud. Enterprises that share memory, databases and other resources almost seamlessly across the cloud, should create new exposed points.
Fortunately, security holes discovered by experts are classified as “basic” processes in the industry. For a long time, the best way to handle vulnerabilities was to scan the system, update patches and monitor security bulletin.
According to CSA, the cost of fixing security holes in the business is not high compared to other costs. This amount of money for the IT department in the business is not much compared to having to pay compensation for data losses. The holes need to be patched as quickly as possible, as soon as they have been discovered, like an automated process.
Cloud computing can bring many benefits to you, but it will also contribute to the risk of being compromised to your work. So when using the cloud you need the most effective prevention methods.