Thought leadership. threat analysis, news and alerts.
Top 5 Cloud Computing Security Concerns
A Birmingham, Alabama-based healthcare company publicly acknowledged that it was a victim of a recent security breach.
According to the healthcare company, its cloud hosting and server management provider suffered a security breach at its facility. Information which may have been accessed as a result of the security breach at the cloud provider’s facility includes patient's name, address, telephone number, email address, Social Security number, medical record number, patient ID, physician name and health plan/insurance number.
This recent security breach at a cloud provider’s facility shows the vulnerability of some cloud providers.
According to Gartner, Inc., the worldwide cloud services market is projected to grow by 18% in 2017 to total $246.8 billion, from $209.2 billion in 2016.
"While some organizations are still figuring out where cloud actually fits in their overall IT strategy, an effort to cost optimize and bring forth the path to transformation holds strong promise and results for IT outsourcing (ITO) buyers,” Sid Nag, research director at Gartner, said. Nag added that cloud adoption strategies will influence more than 50% of IT outsourcing deals through 2020.
The 2016 Global Cloud Data Security Study conducted by the Ponemon Institute found that 73% of IT professionals said cloud computing applications and platform solutions are important or very important to business operations today. The IT professionals surveyed by Ponemon Institute estimated that 36% of their organizations’ total IT and data processing needs are met by cloud resources.
According to Cloud Security Alliance (PDF), beyond the handful large cloud providers, the reality is that there are tens of thousands of unique cloud providers. Cloud Security Alliance (CSA) is a nonprofit organization that promotes best practices for securing cloud computing.
A January 2016 CSA survey found that only 65% of the survey respondents were confident that the cloud had greater or equal security than internal IT systems. “Cloud provider security is uneven overall, with some providers having excellent security programs and others leaving much to be desired,” the CSA said in its 2016 state of cloud security report.
Here are the top 5 security concerns for cloud-based services:
1. Data Security Breach
The recent data breach at the cloud hosting and server management provider’s facility and the resulting unauthorized access of sensitive data of the Birmingham, Alabama-based healthcare company shows the security vulnerability of cloud providers.
Based on the Ponemon Institute study, the data that organizations move to the cloud is also the information that’s most at risk. Sixty percent of the Ponemon Institute’s 2016 global cloud data security study said it’s more difficult to protect confidential or sensitive information in the cloud.
2. Cloud Account Hijacking
Cloud hijacking refers to the breaking or taking over of a cloud account of an individual or organization. In 2010, Amazon encountered a cross-site scripting bug that allowed attackers to steal user login credentials. In 2014, the cloud hijacking threat called “Man in the Cloud” (PDF) enables an attacker to access synchronization services (such as GoogleDrive and Dropbox) account without compromising the victim’s user name or password.
3. Insider Threat
A malicious insider is defined by the CERT Insider Threat Center as a “current or former employee, contractor, or other business partner who has or had authorized access to an organizations network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organizations information or information systems”.
In the study "Insider Threats to Cloud Computing: Directions for New Research Challenges", Carnegie Mellon University researchers named 3 types of cloud-related insider threats:
A. Cloud Insider as a Rogue Administrator
According to the Carnegie Mellon University researchers, the threat of rogue administrators is layered differently for a cloud platform compared to a standard enterprise environment, with at least four levels of administrators to consider in the cloud, including hosting company administrators, virtual image administrators, system administrators and application administrators.
B. Insider Who Exploits a Cloud-Related Vulnerability to Steal Information from a Cloud System
According to the Carnegie Mellon University researchers, this second type of cloud-related insider threat refers to an insider within the organization who exploits, whether malicious or accidental, vulnerabilities exposed by the use of cloud services to gain unauthorized access to organization systems or data. An example of this second type of cloud-related insider threat is when an employee of the victim organization is tricked by a malicious outsider into opening a document infected with malicious software.
C. Insider Who Uses Cloud Systems to Carry Out an Attack on an Employer’s Local Resources
This third type of cloud-related insider, according to the Carnegie Mellon University researchers, is different from the previous type of insider as this “third type of insider uses the cloud as the tool to carry out the attack on systems or data targeted that are not necessarily associated with cloud-based systems”. An example of this third type of insider is when an insider who plans to leave the company leverages cloud storage to steal sensitive information to take to a new job with a competitor.
4. Denial of Service Attacks
Another attack path that has been used to adversely affect cloud services is the distributed denial of service (DDoS) attack. A DNS amplification attack is an example of DDoS tactic in which the attacker delivers traffic to a victim and reflects it off to a third party to conceal the origin of the attack.
According to Microsoft, even a small DDoS attack – the size of 30 Mbps – if left unchecked could affect the availability of the cloud service. “Even if the service itself remains available for users, the bandwidth users rely on to get to the service can be starved, resulting in slow, intermittent, or unreliable service, or rendering the service unreachable,” Microsoft said.
5. Malware Injection
In the study “Security Threats on Cloud Computing Vulnerabilities”, East Carolina University researchers found that an attacker can create malicious software and inject it to target cloud service models. “Once the injection is completed, the malicious module is executed as one of the valid instances running in the cloud; then, the hacker can do whatever s/he desires such as eavesdropping, data manipulation, and data theft,” the East Carolina University researchers said.
Steve E. Driz