Notorious nine threats to Cloud Computing

Cloud computing has revolutionised the way many businesses manage their day to day IT activities, from reducing the management of server infrastructure, allowing for more flexible access to company data and in some cases lowering IT expense. However, a recent report from the Cloud Security Alliance is questioning whether Cloud is all it lives up to be. The Notorious Nine: Cloud Computing Threats of 2013 explains the top security risks Cloud is facing and aims to make sure companies have the latest information about the technology. CEO of IFB (Internet For Business), Graeme Gordon, discusses how businesses can ensure their Cloud service is not falling victim to the threats.

  • Monday, 18th November 2013 Posted 10 years ago in by Phil Alsop

According to the report, there is a design flaw with Cloud which could lead to a major data breach. What would you advise companies to do to protecting their system from a breach?
For any Cloud provider, customers’ data should be the top priority. Significant time, effort and capital must be invested to ensure the most secure, safe and resilient platform is available. Using industry leading server and storage infrastructure with virtualisation environment management software plus having a backup and recovery system can all help to make sure a robust Cloud system is in place.
When seeking a Cloud provider, businesses must be satisfied that the provider has put in place the necessary data security measures to keep their data safe.


CSA has stated that data loss is the second major threat to Cloud computing services. To ensure a company does not lose its data, what actions would you suggest they take?
Any organisation that generates digital data must have a backup and recovery solution to ensure the data generated is backed up and stored regularly and securely, in addition to complying with UK data legislations. As part of a cloud infrastructure, it is important to have a resilient backup and recovery system to perform real time replication of data, plus daily back ups of all data generated, to minimise the threat of data loss.
To miminise data loss, a resilient cloud platform will have multiple sites, with diverse infrastructure. In the circumstances that a cloud platform is to fail, for reasons such as power failure, all data is automatically replicated onto the failover site.


Service traffic hijacking is becoming an issue for Cloud, with attackers manipulating data, returning falsified information and redirecting clients to illegitimate sites. How can a company ensure their credentials remain safe and secure?
Again, it goes back to ensuring businesses have a robust IT system in place with secure networks, resilient backup services and safe data storage management. Whether this is on or off-site, companies must take responsibility in the security of their data.
The key to defending against service traffic hijacking is to protect company credentials from being stolen. It can be valuable for companies to prohibit the sharing of account credentials between users and services.


According to CSA, businesses mainly suffer from security attacks due to weak interfaces and untrusted Application Programming Interface’s (API’s) for Cloud. What would you suggest to companies do to avoid security attacks?
Weak interfaces and API’s can lead to a company being exposed to security issues concerning confidentiality and accountability. To avoid these security attacks, companies must have the right IT infrastructure in place to manage and monitor these issues.


Since the launch of Cloud, Denial of Service attacks have gained more significance. What can a company do to prevent this type of threat?
Denial of Service (DoS) attacks have been an Internet threat for many years. Virtualisation adoption and other key drivers such as BYOD (Bring Your Own Devise) in the workplace has increased the potential risk on attack. Having the right Cloud infrastructure in place to ensure all known data loss and security attack issues have been mitigated will help to ensure a company does not suffer a DoS attack.


Within a Cloud computing infrastructure, ‘malicious insiders’ are able to have various levels of access within a company. How can a company safeguard its systems and applications from this form of attack?
Most organisations are aware of the IT security threats posed by outsiders. Measures such as firewalls and antivirus software are a sufficient safeguard against the majority of security threats. However, do little to defy an even greater threat - malicious insiders within the company. To minimise these risks it is vital that businesses have suitable internal data security policies in place.


Cloud abuse is a way of attack where the attacker uses the Cloud service itself to decode an encryption key. What is the best means for a company to defend itself from Cloud abuse?
Before moving to the Cloud, it is vital to ask the provider what security measures they have in place to ensure the safety of the data. The challenge with Cloud providers is to identify what constitutes abuse and then decide the best process for identifying it. This type of abuse can vary from the malicious hacking of a Cloud server and launching a Distributed Denial of Service (DDos) attack or sharing pirated software. Having robust security measures in place will ensure all activity in the Cloud platform is monitored effectively and cloud abuse threats are mitigated.


It is said that many companies are fully embracing Cloud technology with little or no knowledge about its environment and security needs. What advice would you give to companies considering cloud technology for the first time?
Primarily, business must decide whether or not Cloud is the best service to meet their needs. Find similar businesses who have taken the transition to the cloud and find out now it has worked for them. Cloud is not the right solution for all businesses and all types of data, it is important to seek external and internal advice as to what the best IT infrastructure to fulfil these needs.


CSA has stated that there are shared technology vulnerabilities with Cloud computing. What advice would you give to companies regarding these vulnerabilities?
There are always going to be vulnerabilities with shared technology. Hackers are increasing their attacks in these areas in an effort to interrupt the operations of other cloud customers and gain unauthorised access to data. In 2010, 4 million accounts and records were compromised across the UK; this number rose to 174 million in 2011.* However, this must be put into context with the colossal rate data generation is growing. Figures show that 90% of the world’s data has been created in the last 2 years alone. This statistic highlights the massive opportunity hackers now have with the increase in volume, velocity, variety and value of data we are now seeing. Companies should invest some time in looking at data management strategies which include compute, storage and network security enforcement and monitoring.
IFB, founded in 1996, is a leading Internet Service Provider (ISP) and provides ICT infrastructure for businesses across the UK. IFB are hosting an event to discuss Cloud Security later this year. For further information about this event, contact 01224 333 386 or email geton@ifb.net. More about the company can be found at www.ifb.net.