Cloud Security Threats: The Onyx Infamous Five
The Sun and The Sunday Times hack by the Syrian Electronic Army; the British Gas twitter account hack and the Mumsnet data breach were some of the high profile cyber security incidents in the UK last year.
While there’s no clear link between these cases and security in the cloud, these concerns continue to be a major inhibitor to cloud adoption. However, by understanding the risks, you’ll be in much a stronger position to make a successful transition to the cloud and mitigate the threats once you’re there. This is the first of two blogs on cloud security, identifying the Onyx Group infamous five security threats.
1. Data Breaches
Data breaches can originate from many sources including malicious hackers and fierce competitors. Often viewed as a CIO’s worst nightmare, they may involve financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), corporate trade secrets or IP.
While the UK ranks a distant second behind the US for data breaches, according to Gemalto’s Breach Level Index (BLI), board members can no longer ignore the drastic impact a data breach can have on company reputation. As a result, the topic is one of the highest priorities facing businesses in 2015.
2. Data Loss
Hard drive failure, accidental deletions or modifications from attackers all represent potential ways of losing data. Losing data is easy to do and hard to recover from.
While interruptions and business continuity can be expensive in terms of lost productivity, the key may be your reputation and the perception of your customers. Not only could data loss cause them to lose faith in your brand and take their business somewhere else; it could also have serious legal implications.
3. Account or Service Traffic Hijacking
Phishing, fraud and exploitation of software vulnerabilities can cause your credentials to be stolen. With stolen credentials, attackers can often access areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services.
They can eavesdrop on transactions, manipulate data, provide false and business-damaging responses to customers, and redirect customers to a competitor’s site or inappropriate sites.
4. Insecure APIs
As those in security have improved at hardening infrastructure and systems, the attackers have moved their focus to softer targets. A trend over recent years is to target applications and websites running at the top of the application stack, as reflected in the nature of the headline-grabbing compromises.
Since application programming interfaces (APIs are often accessible from anywhere on the Internet), malicious attackers can obtain a customers’ API key. This may be used to manipulate data, rack up fees or compromise confidentiality.
5. Denial Of Service
Among diverse online attacks hampering IT security, Denial of Service (DoS) has some of the most devastating effects. A barrage of millions of automated requests for service have to be detected and screened out before they disrupt operations. An attack may be carried out in a virtualised cloud environment by using all its CPU, RAM, disk space or network bandwidth.
Securing Your Network in the Cloud
Working alongside a trusted partner such as Onyx, due diligence can be carried out so that you can understand the full scope of your cloud environment and its protections. We’ll create a strategy that ensures you have everything you need for a resilient, reliable and secure network.
Book Your Security Assessment
Contact Onyx security on 0800 970 9292 consultants for an assessment on to find out just how secure your network is or download our white paper at www.onyx.net/media to hear how we keep networks like yours always secure.