Friday, February 2, 2018

Notorious-Nine Threats of Cloud Computing: Cloud Security Alliance

Notorious-Nine Threats of Cloud Computing: Cloud Security Alliance


1. Data Breaches

Sensitive data falls into hands of unauthorized individuals
Controls:
  •  Retention Policy
  •  Secure Disposal
  •  Risk Assessment
  •  Encryption

2. Data Loss

Customers/Business losing data permenantly
Controls:
  •   Retention Policy
  •   Risk Assessment
  •   Environment Risks

3. Account or Service Hijacking

Attack methods like Phishing, Fraud, exploitation can cause account to used by attackers
Controls:
  •   User Access Policy/ID management
  •   User Access Revocation
  •   Multi-factor authentication
  •   Audit logging

4. Insecure Interface and APIs

Software APIs or interfaces must be designed carefully
Controls:
  •   User Access restriction/Authorixation
  •   Data Security/Integrity
  •   Application Security

5. Denial of Service

DDos attacks cause system slowdown, unavailable
Controls:
  •   Capacity and Resource Planning
  •   Application Security
  •   Perimeter security

6. Malicious Insiders

A current or former empolyee gains privileged access to the system
Controls:
  •   Third Party Audits
  •   Information leakage
  •   Policy Enforcement

7. Abuse of Cloud Services

Attacker may crack encryption key and use cloud for own purposes
Controls:

  •   Define acceptable use
  •   Audit the access

8. Insufficient Due diligence

Proper understanding of cloud needed before migration
Controls:

  •   Risk Assessments
  •   Security Architecture

9. Shared Technology Vulnerabilities

Systems should be designed with strong isolation in mind: CPU caches, GPUs
Controls:
  •   Segregation of duties
  •   Encryption
  •   Shared Networks


Detailed Notes:

Cloud provide quick infrastructure for businesses but at the same time there is risk associated with data migrated to cloud, the number of attack vectors increase by manifold compared to traditional in-premise software solutions. An important source of attacks is insiders in cloud ecosystem as cloud infrastructure is shared between multiple entities there is risk associated.

  • Threat-1: Abuse and Nefarious use of Cloud Computing: IaaS and PaaS: providers offer unlimited compute, network, storage and infrastructure to consumers. These can be abused with relative anonymity of users using cloud services. Incidents like IaaS offering Zeus botnet, InfoStealer Trojan horses. As defensive measure entire blocks of IaaS network address have been publicly blacklisted. Remediation measures include stricter initial registration, enhanced credit card fraud monitoring and coordination, Comprehensive inspection and of customer network traffic, monitoring public blacklists.
  • Threat-2: Insecure Interfaces and API: Cloud service providers and third parties provide application programming interfaces for customers to enable cloud integration, accessibility. While these provide an automated way to access cloud the security is dependent on implementation by the providers. As a remediation the cryptographic schemes for authentication and authorization, should be carefully diagnosed for possible security breaches.
  • Threat-3: Malicious Insiders: The threat from insiders of organization gets complicated in cloud context. A single malicious insider can create problem all cloud tenants and it cane huge loss to cloud provider in terms of finance and reputation. Unlike traditional businesses the cloud services require extra checks for access restrictions and personnel hiring practices.
  • Threat-4: Shared Technology Issues: The cloud vendors IaaS, PaaS provide various services by sharing infrastructure. The hardware, software, networks even GPU resources are shared between businesses. Any vulnerability within the technology can create huge problem to the businesses. A strong defense in depth strategy is recommended to remediate this problem and strong compartmentalization is needed between tenants. Ensure latest software is used in host machines with security patches.
  • Threat-5: Data Loss or Leakage: The data residing in cloud may be deleted or altered due to unforeseen events like machine failures and software crash. The data leakage by internal or external personnel can happen due to weak authentication systems. The data needs to be encrypted when it is moved from one point to another and when it is persisted and encryption keys need to be stored.
  • Threat-6: Account or Service Hijacking: Usually attackers use mechanism like phishing, request forgery to lure users to malicious websites. In cloud context the problem is magnified due to large user base. To remediate this stop users sharing information with other, educate them on possible hazards and monitor SLAs.
  • Threat-7: Unknown Risk Profile: The public cloud hosts multiple businesses within same data center or premise. Lots of sensitive data traverses within the cloud network pertaining to business operation which are captured by intermediate devices like proxy servers, firewalls, load-balancers and gateways. The sensitive data like network telemetry, audit-trail logs should be carefully preserved from unauthorized access. Disclosure of such information can create a huge loss to business operations.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)