Taking advantage of the possibilities offered by the cloud can result in substantial cost savings for businesses. Reductions in equipment and personnel make moving some or all of your computing infrastructure to cloud providers an attractive proposition. There are, however, certain security aspects that need to be considered when moving to the cloud.
Data in the cloud is subject to emerging risks from hacker groups, industrial espionage efforts, and rogue governments. We are going to look at some of the specific ways the cloud impacts the security of your data and look at a few examples of the nefarious ways that unscrupulous individuals are attempting to compromise it.
Security Risks of the Cloud
In 2016, the Cloud Security Alliance published a report titled the “Treacherous Twelve” which discussed the security issues specifically related to the on-demand and shared nature of cloud computing. Here are some of the major risks identified.
- Weak identity, credential, and access management
- Shared technology issues
- Account highjacking
- Data loss and data breaches
- Insecure APIs
- Malware and ransomware
- System and application vulnerabilities
- Denial of service attacks
A successful cyber-attack on a large cloud provider can have financial ramifications that rival those of a major natural disaster, according to zdnet.com. The economic fallout resulting from an attack on a cloud provider could exceed $100 billion.
Government agencies are not sufficiently equipped to handle a major cyber-attack. In the U.S., there is a FEMA team designated for cyber-attacks, but it is smaller than other departments in the agency. There is no real international consensus on how to best deal with cybersecurity, further complicating cloud security initiatives.
Recent Cloud-Based Cyber-Attacks
Cyber-attacks on cloud services are increasing in frequency as more important data is being stored with cloud providers. Major providers have been affected as can be seen in these examples of recent attacks.
Microsoft
The user accounts in the company’s cloud infrastructure have experienced a 300% increase in the number of attacks from 2016 to 2017, according to Microsoft. Attacks on their Azure cloud offering that are designed to weaponize virtual machines are being launched from around the world with the majority of culprits located in China and the U.S.
Anthem’s Data Breach
Compromised login credentials led to a data breach resulting in the unauthorized access of the personal information of 80 million customers. According to cloudsecurityalliance.org, the data was uploaded to a commercial cloud storage service, making the intrusion harder to detect.
National Electoral Institute of Mexico
In April of 2016, the Institute was impacted by a data breach that resulted in 93 million voter registration records being compromised. The breach was traced back to a misconfigured database that was housed on an insecure and illegally hosted Amazon cloud server located outside of the country.
Cyber-attacks on cloud providers will only increase as more corporations use the cloud to store confidential information. Awareness of this fact can help spur a greater emphasis on the enhanced security demanded by the cloud computing paradigm.