• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Security  /  Security Threats in Cloud Computing
Security in Cloud Computing
11 June 2017

Security Threats in Cloud Computing

Written by Seqrite
Seqrite
Security
Estimated reading time: 4 minutes

Security Threats in Cloud Computing

More and more organizations are moving to cloud-based computing. Not only data, but even software and systems are being hosted on cloud. With the rise of remote working and ‘Bring Your Own Device’ culture, cloud computing has become the need of the hour. But cloud computing attracts unique security risks as data and application necessarily are hosted outside the organization with third-party cloud provider. This feature inherently makes systems vulnerable to attacks, downtime and other issues such as loss of Governance, lapses in authentication and authorization, isolation failures, failures in application and data protection, and malicious activities to name a few.

Threats in Cloud Environment

Here are some of the most common types of cyber threats in the cloud environment:

1. Data breaches

Cloud environment faces threats that are similar to those faced by an enterprise environment. However, as a cloud service provider is accountable for storing large amounts of data belonging to multiple enterprises, the threats are magnified by significant proportions. The severity of damage depends upon the kind of data that is breached. Data such as health records, trade secrets, and intellectual property carry the same risk of getting stolen that financial data does. When a data breach occurs, companies may incur fines, and face lawsuits and criminal charges. More than monetary impact, reputation loss can affect organizations for years.

What should be done?

It is important to adopt DLP tools as a part of your cybersecurity plan as it will help your IT department monitor and control the data sharing activity across endpoints and get alerts of any suspicious data movement.

2. Compromised credentials and broken authentication

Lax authentication policies, poor key and certification management are some of the major reasons of security breach in cloud services. Many organizations struggle with identity management. They assign unnecessary data privileges to anyone and everyone just to ease the access management. Organizations also forget to remove user access when an employee’s job function changes or they leave the organization.

What should be done?

Organizations should use multi-factor authentication, phone-based authentication, and smart cards (digital tokens) to protect the access to cloud services as these provide a barrier against attackers prying on log in ID and passwords.

3. Hacked interfaces and APIs

Almost all cloud services now provide APIs (Application Programming Interface). APIs are required by organizations to manage and interact with the cloud service they are using. Therefore, the security of the cloud service largely depends on the security of APIs. These are the most vulnerable part of the system as they are directly exposed and are accessible via the Internet.

What should be done?

Threat modelling of systems, their architecture and data flows are critical to control the risk of inadvertent access to data using APIs.

4. Account hijack

Cloud services are turning out to be a new hunting ground for phishing attacks, online scams and fraudsters. Attackers can eavesdrop on user activities, steal their personal information, misuse the stolen data or sell them on the online black market. They can also use breached applications to launch other attacks within the cloud.

What should be done?

Organizations should prohibit sharing of account credentials between users and services. Every transaction should be monitored so that it can be traced back to a human owner.

5. Malicious Insiders

An insider threat could be a current or a former
employee who is responsible for a security breach in an organization. 90% of security incidents in businesses happen due to insiders (Verizon 2015 Data Breach Investigation Report).

What should be done?

System access given to users should be restricted only to data and application that are required by a particular user to perform their job. The data responsibilities should be segregated and both the responsibilities and system access should be frequently audited.  Effective logging, monitoring, and audit administration are critical for effective security of the cloud computing system.

6. Inadequate diligence

Many organizations are embracing the cloud technology without fully understanding its environment and the myriad risks associated with it. Business owners often overestimate their need to be on cloud and in selecting the right partner for their cloud computing needs. Many times, they fail to scrutinize the contract made with their cloud partner and are not aware of the provider’s liability in case of a data breach.

What should be done?

Organizations need to be diligent with:

  • Understanding their requirements from cloud computing service.
  • Selecting the right cloud service provider.
  • Review of their contract to understand the responsibilities and liabilities.

7. Shared technology, shared dangers

Cloud computing is based on the concept of shared technology. The concept multi-tenancy comes with a danger that if vulnerability arises for one user, it arises for all. A single vulnerability or misconfiguration can lead to a security incident across the complete cloud infrastructure.

What should be done?

Organizations must not only need to place a private encryption system for their own data but also need to look at concepts such as least privilege access, network segmentation and host-based and network-based intrusion system, provided by the cloud service provider.

Cloud computing provides many benefits to organizations both large and small. However, organizations need to understand that security of a cloud infrastructure is a joint responsibility. The cloud service provider will have their own security mechanism in place but that needs to be analyzed and understood to meet the organization’s requirement. At the same time, organizations need to implement their own security on top of what is provided by cloud service provider. They need to implement data loss prevention tools which are in their control to manage not only the encryption for protection of data but also the user access control and monitoring of data and devices accessing that data.

Seqrite helps businesses simplify IT security and maximize business performance. To know more about our products and services visit our website. 

 Previous PostAligning Cybersecurity with Business Objectives
Next Post  Dealing with Insider Threats: A Brief Guide for CISOs
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020
  • APT harbingers are using Honey Traps to attack Indian Defence.

    Operation ‘Honey Trap’: APT36 Targets Defence Organizations in India

    July 8, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.