Panoply Blog: Data Management, Warehousing & Data Analysis

Top Cloud Data Security Risks, Threats, and Concerns

Written by Cheryl Adams | Sep 27, 2017 11:36:25 PM

There are many risks involved with data security. Storing data in the cloud might seem like a safe bet, and for most users it is. But risks will always exist. Below we have identified some serious security threats in cloud computing.

1. Data Breaches


Cloud data storage and cloud computing, in general, have forced cyber-criminals to invent new ways to circumvent security technology so they can administer their new methods of attack.

It's every CIO's worst nightmare: standing in front of an endless row of cameras and provide an embarrassing assessment of the situation. Along with the legal requirements, comes full disclosure and potential lawsuits, similar to the recent incident with Equifax.

Although cloud storage providers implement rigorous security measures, the same threats that impact traditional storage networks also threaten the cloud world. A data breach can expose sensitive customer information, intellectual property, and trade secrets, all of which can lead to serious consequences. For example, companies could face lawsuits and hefty fines as well as damage to the brand image that could last for years.

It's possible for a user on one virtual machine to listen for activity that signals the arrival of an encryption key on another VM on the same host. It's called the "side channel timing exposure," resulting in the organization's sensitive internal data falls into the hands of their competitors.

Reputable cloud services usually have several security protocols in place to protect confidential information. However, it's up to your organization to implement a plan for protecting your data in the cloud. The most efficient method is to use encryption and multi-factor authentication.

If sensitive or regulated data is put in the cloud and a breach occurs, the company may be required to disclose the breach and send notifications to potential victims. Certain regulations such as HIPAA and HITECH in the healthcare industry and the EU Data Protection Directive require these disclosures. Following legally-mandated breach disclosures, regulators can levy fines against a company, and it’s not uncommon for consumers whose data was compromised to file lawsuits.

2. Data Loss

A data breach is the result of a malicious and probably intrusive action. Data loss may occur when a disk drive dies without its owner having created a backup. Data loss happens when the owner of encrypted data loses the key that unlocks it. Small amounts of data were lost for some Amazon Web Service customers as its EC2 cloud suffered " a re-mirroring storm" due to human operator error on Easter weekend in 2011. And a data loss could occur intentionally in the event of a malicious attack.

Although the chances of losing all your data in the cloud are minimal, there have been some reports of hackers gaining access to cloud data centers and wiping all the data clean. That's why it's important to distribute your applications across several zones and backup your data using off-site storage when possible.

You also need to be aware of compliance policies that govern what you can and can't do with collected data. Understanding these rules will protect you in the event of a data breach and keep you away from trouble.

Items one and two usually lead to a loss of customer confidence. When the public does not trust how you handle data, they take their business elsewhere resulting in lower revenue.

3. Hijacked Accounts - Compromised Credentials

Account hijacking sounds too elementary to be a concern in the cloud, but Cloud Security Alliance says it is a problem. Phishing, exploitation of software vulnerabilities such as buffer overflow attacks, and loss of passwords and credentials can all lead to the loss of control over a user account. An intruder with control over a user account can eavesdrop on transactions, manipulate data, provide false and business-damaging responses to customers, and redirect customers to a competitor's site or inappropriate sites. Even worse, if the compromised account is connected to other accounts, you can quickly lose control of multiple accounts.

You'd be surprised how many security threats can be prevented by just choosing a secure, unique password per account. Remembering these passwords can be a challenge, so use a trusted password manager. Companies that don't stress the importance of secure credentials are at a greater risk of being compromised. In addition to using strong passwords, companies can also protect themselves by setting the right user roles and creating processes for identifying critical changes made by other users.

4. Hacked Interfaces and Insecure APIs

The cloud era has brought about the contradiction of trying to make services available to millions while limiting any damage all these mostly anonymous users might do to the service. The answer has been a public facing application programming interface, or API, that defines how a third party connects an application to the service.

Most cloud services and applications use APIs to communicate with other cloud services. As a result, the security of the APIs themselves has a direct effect on the security of the cloud services. The chance of getting hacked increases when companies grant third parties access to the APIs. In a worst-case scenario, this could cause the business to lose confidential information related to their customers and other parties.

According to the CSA, the best way to protect yourself from API hacks is to implement threat modeling applications and systems into the development lifecycle. It's also recommended that you perform thorough code reviews to ensure that there aren't any gaps in your security.

5. Distributed Denial Of Service (DDoS) and Denial of Service (DoS) Attacks

DDoS attacks are nothing new but can be especially crippling when targeted at your organization’s public cloud. DDoS attacks often affect the availability and for enterprises that run critical infrastructure in the cloud. This type of attack can be debilitating, and systems may slow or time out.

DDoS attacks also consume significant amounts of processing power – a bill that the cloud customer (you) will have to pay.

Denial of service attacks are an old tactic of online operations, but they remain a threat nevertheless. The assault by hundreds of thousands or millions of automated requests for service has to be detected and screened out before it ties up operations, but attackers have improvised increasingly sophisticated and distributed ways of conducting the assault, making it harder to detect which parts of the incoming traffic are the bad actors versus legitimate usersa modern day bot net attack.

For cloud customers, "experiencing a denial-of-service attack is like being caught in rush-hour traffic gridlock: there's no way to get to your destination, and nothing you can do about it except sit and wait," according to the report. When a denial of service attacks a customer's service in the cloud, it may impair service without shutting it down, in which case the customer will be billed by his cloud service for all the resources consumed during the attack.

Persistent denial of service attacks may make it "too expensive for you to run [your service] and you'll be forced to take it down yourself," the report said.

DoS attacks have threatened computer networks for several years. However, cloud computing has made them more prevalent. These attacks tie up large amounts of processing power and affect cloud availability and speed. The worst part is that there's nothing you can do once it happens except to sit and wait. Of course, you'll also have to pay for the additional load brought on by the attack, which, depending on the severity of the attack, could lead to significant financial losses.

Most cloud services have systems in place to protect against DoS attacks. However, the best way to ensure you remain unaffected is to prevent the attack from happening in the first place. This usually involves using a Content Delivery Network (CDN), Web Application Firewall (WAF), and sharing critical resources with administrators while performing regular security audits to identify vulnerabilities.

6. Malicious Insiders

With the Edward Snowden case and NSA revelations in the headlines, malicious insiders might seem to be a common threat. If one exists inside a giant cloud organization, the hazards are magnified. One tactic cloud customers should use to protect themselves is to keep their encryption keys on the premises, not in the cloud.

"If the keys are not kept with the customer and are only available at data-usage time, the system is still vulnerable to a malicious insider attack." Systems that depend "solely on the cloud service provider for security are at great risk" from a malicious insider, the report said.

7. Abusing Cloud ServicesEspecially Infrastructure

Cloud computing brings large-scale, elastic services to enterprise users and hackers alike. The lower cost of deploying infrastructure means that carrying out an attack is trivial, from a cost perspective. "It might take an attacker years to crack an encryption key using a limited hardware. But using an array of cloud servers, he might be able to compromise it in minutes," the report noted. Or hackers might use cloud servers to serve malware, launch DDoS attacks, or distribute pirated software.

Responsibility for the use of cloud services rests with service providers, but how will they detect inappropriate uses? Do they have clear definitions of what constitutes abuse? How will it be prevented in the future if it occurs once? The report left resolution of the issue up in the air. Cloud customers will need to assess service provider behavior to see how effectively they respond.

8. Lacking or Insufficient Due Diligence

Due diligence is the process of evaluating cloud vendors to ensure that best practices are in place. Part of this process includes verifying whether the cloud provider can offer adequate cloud security controls and meet the level of service expected by an enterprise.

"Too many enterprises jump into the cloud without understanding the full scope of the undertaking," said the report. Without an understanding of the service providers' environment and protections, customers don't know what to expect in the way of incident response, encryption use, and security monitoring. Not knowing these factors means "organizations are taking on unknown levels of risk in ways they may not even comprehend, but that are a far departure from their current risks," wrote the authors.

Chances are, expectations will be misaligned between customer and service. What are the contractual obligations for each party? How will liability be divided? How much transparency can a customer expect from the provider in the face of an incident?

Enterprises may push applications that have both internal on-premises network security controls and in the cloud, when network security controls fail and don't work. If enterprise architects don't understand the cloud environment, their application designs may not function with appropriately.

9. Weak Authentication and Identity Management

A lack of proper authentication and identity management is responsible for data breaches within organizations. Businesses often struggle with identity management as they try to allocate permissions appropriate to every user’s job role. For example, the Anthem Inc. data breach resulted in cyber-criminals accessing 80 million records containing personal and medical information. This hack was the result of stolen user credentials; Anthem had failed to deploy multi-factor authentication.

Poor identity management can leave gaping holes in enterprise cyber-security. Two-factor/Multi-factor authentication systems, like one-time passwords and phone-based authentication, protect cloud services by making it harder for attackers to log in using stolen passwords. This is a preventative discussion that every business that has an online presence should have to ensure the safety of its customers.