How to Combat the “Treacherous 12” of Cloud Computing

9/19/2017

cloud computer recoveryAs more and more small to mid-size businesses (SMBs) adopt cloud computing, they face greater and greater threats to their cybersecurity. In a recent slideshow, Information Management magazine shared the Cloud Security Alliance’s list of “The Treacherous 12: Cloud Computing Top Threats in 2016.” Although the below list is intimidating, with all the diverse items varying in depth of technical complexity and breadth of financial exposure, a relatively simple means of responding to all these cyber threats is to work with an IT Managed Services Provider (MSP.)

Here’s a synopsis of the CSA’s list:

  1. Data Breaches – “Cloud providers are highly accessible and the vast amount of data they host makes them an attractive target.”
  2. Weak identity, credential, and access management – “Malicious actors masquerading as legitimate users, operators or developers can read/exfiltrate, modify and delete data.”
  3. Insecure interfaces & APIs – “APIs and UIs are generally the most exposed part of a system, perhaps the only asset with an IP address available outside the trusted organizational boundary.”
  4. System & application vulnerability – Multitenancy in cloud computing means systems from various organizations operate in close virtual proximity to each other and may share memory and other resources. This situation creates what’s called a broader “attack surface” for hackers and cyber crooks.
  5. Account hijacking – “If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information and redirect your clients to illegitimate sites.”
  6. Malicious insiders – “Systems that depend solely on the cloud service provider (CSP) for security are at greater risk here.”
  7. Advanced persistent threats (APTs) -- Attackers with substantial means, organization and motivation can carry out a sustained assault against a high-value target like a business. “Advanced security controls, process management, incident response plans and IT staff training” are needed to thwart or, in the least, mitigate them.
  8. Data loss -- “Cloud consumers should review the contracted data loss provisions, ask about the redundancy of a provider’s solution, and understand which entity is responsible for data loss and under what conditions.”
  9. Insufficient due diligence – Choosing CSPs without thorough due diligence exposes an SMB to a “myriad of commercial, financial, technical, legal and compliance risks that jeopardize its success.”
  10. Abuse and nefarious use of cloud services – “Poorly secured cloud service deployments, free cloud service trials and fraudulent account sign-ups via payment instrument fraud expose cloud computing models… to malicious attacks.”
  11. Denial of service (DoS) – “DoS attacks take advantage of vulnerabilities in web servers, databases or other cloud resources, allowing a malicious individual to take out an application with a single extremely small attack payload.”
  12. Shared technology issues – “The key is that a single vulnerability or misconfiguration can lead to a compromise across an entire provider’s cloud.”
An IT MSP specializing in cloud services can support consistent security “by assisting your organization with secure authentication, data encryption, access control, auditing and validating that cloud apps under consideration can support existing security policies.” And the benefits aren’t limited to help with the cloud: “MSPs can function like your corporate IT department by proxy, helping apply cloud services that open access to new markets, broaden operational capabilities and take the performance of your business to new heights.”