School of Information Systems

CLOUD SECURITY AWARENESS

As cloud computing has involved in most businesses, so cloud security awareness has become imperative to prevent cyber attacks and data breaches. Most of us use cloud computing services regularly. For instance, businesses use web-based email systems, such as Yahoo and Google to exchange messages; social networking sites like Facebook, LinkedIn, and Twitter to share information and stay in touch with friends; on-demand subscription services, such as Netflix and Hulu to enjoy TV shows and movies; cloud storages, like Humyo, ZumoDrive, and Dropbox to save any type of data online; collaboration tools, like Google docs to work in real time with many people on the same document; and online backup tools, like JungleDisk, Carbonite, and Mozy to backup our data to cloud servers.

Cloud computing has also been involved in enterprises; businesses rent services from cloud computing vendors to minimize operational costs and increase cash flow. For instance, the social news website, Reddit, rents Amazon Elastic Compute Cloud for their bulletin board service. SmugMug, the digital photo sharing website, rents Amazon Simple Storage Service for their photo hosting service.

The leading automaker, Mazda USA, uses Rackspace for their marketing advertisements. The HRLocker is the software company that rents Windows Azure for their human resources software service.

There is clear that the ease and low charges of cloud computing services have changed the way we deliver services, but the security risks related to cloud computing make us prone to cybercrimes that occur every day. Hackers deploy different techniques to gain cloud access without legal authorization or interrupt services on clouds to achieve specific objectives. Hackers could trick a cloud into treating their illegal activity as a right instance, therefore, achieving unauthorized access to the data in the cloud.

This article maps out about various cloud security threats that businesses are likely to face during theircloud journey.

ACCOUNT HACKING

Account hijacking is a security attack that involves the stealing of an individual’s account related to a service or computing device. During an account hijacking, an attacker tricks the victim to get personal information or confidential data. Generally, this type of attack is performed using phishing, guessing passwords, spoofed emails, and exploitation of software vulnerabilities. There are many cases where an email account is associated with other online services and those get undermined as well. The use of passwords again increases the impact of the cyber attack.

Cloud applications amplify the risk because if an attacker gets access to an account, he can track transactions and can even manipulate data. The attacked cloud service account becomes a base for the attacker, and the implications of an attack can be tough on an enterprise. Stolen credentials can help an attacker to easily get access to critical areas of cloud computing services undermining their availability, integrity, and confidentiality. Advanced Security strategies are required to deal with such attacks and to control the damage that data breaches cause. Two-factor authentication is the best solution to minimize the risk of account hijacking. Businesses should also implement a restrictive user access policy and restrict the sharing of account credentials between the different services.

… Continued..

https://allcloud.io/blog/cloud-security-awareness-starts-here/

Danish Wadhwa