An overwhelming part of the organizations has migrated in the last few years to cloud services. As we already mentioned in our previous article, companies embrace cloud because it offers some undebatable advantages, including for web applications.
But moving your web applications to cloud does not make them automatically more secure. Actually, a Ponemon Institute study indicates that a data breach is three times more likely to occur to businesses that use cloud than to those who don’t use it.
In this article you will find out what security risks you may want to consider when migrate to cloud and what specific measures you have to take to secure your web applications.
What is specific for cloud computing services? Data is stored within a third-party provider and accessed and shared over internet. Well, this particular future generates unique security risks as the internet is constantly evolving and not just in the good way – the security risks generated by the use of internet are growing in number and complexity.
But what makes the cloud security risks even more challenging is the fact that the part of the responsibility for protecting the data is moved from the provider to the cloud customer. This aspect changes the entire perception over cloud security and forces the companies to become involved, to be informed and to take the necessary measures to secure their data.
The most critical cloud security threats are centered around data and access. Therefore, the company should pay a special attention on what data they store within the cloud, who can access it and what level of protection is implemented.
Let’s analyse together some of the most critical cloud security threats:
1. Insecure APIs (Application Programming Interface)
The Application Programming Interface is one of the main security concerns of cloud solutions. APIs is one of the core elements of cloud services, having a major role in project management, storage, making the platform extensible, ensure successful integration of other applications. APIs may be seen as a gateway used by the company’s employees to connect applications with the cloud, to integrate databases, messaging systems, portals, but it may be also used by the external users via mobile or web applications. Taking into consideration the cloud system’s fully dependence on the internet and APIs characteristic to be the “front door” to the application, it is compulsory to have a secure API.
The flaws in API may bring some serious secure problems, such as: anonymous access, lack of access monitoring, reusable login credentials.
Constant penetration tests and security audits are efficient measures to secure APIs.
2. Data breach
As we already mentioned in our previous article, cloud storage has multiple layers of security. The easiest way to get unauthorised access to the information is to obtain the account of someone how has access to it. For this purpose, a hacker shall scan the company’s weaknesses, meaning both people and technology. Once the victim is found, the hacker shall trick it to give out its login credentials (whether by malware or by social engineering – persuasion).
The reason why data breaches are constantly ranked as a top concern is that at least 21% of the data stored to cloud is sensitive data and the hackers generally use the obtained information to sell it on the black market, open to the public or to keep as ransom. Moreover, 95% of the security failures are due to human error, therefore the success rate of data breaches increases considerably.
The most appropriate solutions to avoid data breaches are:
- multi factor authentication – the login credential should be doubled by a notification received on the mobile;
- encryption of the data-at-rest (data that is stored and is not actively used on other devices;
- internal firewall to monitor the authorized access.
3. Advanced threats and attacks
Due to the fact that cloud system may grant access to the company’s data and processes, being in the same time the gate to large assets, it often become the focus of many attackers. Also, the public cloud services are used by the hackers to conduct their attacks.
In case of cloud attacks, the hacker aims to interfere with the communication between the cloud users and the application by acting as a malicious insider, stealing login credentials, exploiting vulnerabilities, etc.
The advanced persistent attacks are characterised by the fact that the sensitive data is stolen continuously without the legitimate users to observe the unauthorised activity. Because these attacks involve a certain duration, the hackers develop the ability to adapt to the changes in the security measures.
Hackers use many tools to achieve an advanced persistent attack and other short-term goals, such as:
- malware injection attacks
- DoS attacks and Denial of Service attacks
- man-in-the-cloud attacks
- account or service hijacking, etc.
It is crucial to check the security measures of your cloud provider.
4. Data loss
This security risk implies several scenarios/possibilities:
- alteration of data – when data is irreversible change. This is more likely to occur within dynamic cloud (when applications use only the resources they need at a given moment in time);
- loss of data due to the provider’s problems;
- loss of data access – when information still exists in cloud but it cannot be access anymore due to lack of login credential or encryption key;
- erase of the data without any backup. The erase may by the consequence of an accident or malicious action.
Constant backups are compulsory to avoid data loss.
5. Poor identity management
As we mentioned in the beginning of the article, the security of cloud environment centers around access. Generally, an identity and access management is a solution that defines and manages the identity and access privileges of the users. This include checking all appropriate checklists before granting access, handling the circumstances in which the privileges are denied to users, monitoring the user’s activity (what data is accessed, by whom, when).
What makes the cloud identity management different? it has all the functions and benefits of a traditional identity and access management, but, in addition it:
- is optimised for integration across devices, applications, operating systems;
- connects the cloud servers to the AD or LDAP user store;
- manages servers irrespective of location;
- manages users’ access to Wi-Fi networks;
- uses multi-factor authentication;
- monitors the access to cloud databases and assets, tracking which users are accessing what and when and which information is vital for the security system and regulatory compliance.
The cloud identity management is an essential support, ensuring a balance between the security level and the user’s experience.
Poor identity management or lack of it and weak authentication generates gap holes in cybersecurity and facilitate data breaches.
Due diligence over the cloud provider security
If you consider cloud-based services you should fulfil some prior steps before choosing your provider:
- establish your goals regarding the cloud services;
- define acceptable use cases;
- understanding the associated risks
- perform a due diligence over the cloud provider security.
The due diligence procedure should not omit aspects such as: disaster recovery plans, implementation of system updates, monitoring policies, the option to provide the users with instructions to avoid malware attacks and phishing, the risk control processes that are used, the qualification of the coders, operators, policymakers, the level of testing that has been performed to identify unanticipated vulnerabilities.