3 Critical Vulnerabilities of Cloud Computing and How to Fix It

Concerns over security are creating a barrier for businesses to deploy cloud computing technology. Netskope and Ponemon Institute report, in their study titled Data Breach: The Cloud Multiplier Effect, that increased adoption of the cloud can triple a firm’s chances of incurring a data breach valued at $20 million.

cyber

Photo: Gualtiero Boffi / Shutterstock

The survey participants (IT professionals and organizations) expect data breach vulnerabilities as they move their apps to the cloud.

The report pulls the figure from the Cost of a Data Breach study published in May 2014 by the Ponemon Institute; it highlights that the cost of a stolen or lost customer record can cost up to $201.18, so a data beach compromising 100,000 or more customer records could go over $20 million.

Such news indicates that organizations have to consider cyber vulnerabilities very seriously before inserting all their chips into the center of the cloud computing table.

For all the benefits of adopting the cloud computing environment, cyber vulnerabilities are a menace stopping cloud delivery models in their tracks.

But as the drumbeat of data breaches continues to intensify, cloud computing adopters have more to worry about – the cloud is open to the rest of the world and users don’t have control over the stack, which means the cloud is insecure to most cyber vulnerabilities. Some of the top cloud computing weaknesses include:

Stolen & cracked passwords

Cloud computing could upset the long held assumptions about password security. A commercial cloud-computing adoption is fast to provision, and a password breach could make entire customer databases available to hackers, making such breach attempts a low-cost option than trying to breach a single network for customer records.

The recent Apple iCloud password breach is reminiscent of the statement. Apple confirmed in a statement that hackers breached individual accounts after managing to obtain user passwords.

DDoS (Distributed Denial of Service outages)

Distributed Denial of Service attacks have been a common cyber threat for years, but it’s becoming problematic in the era of cloud computing as organizations depend on the 24/7 availability of cloud services. Distributed Denial of Service outages can become costly for cloud customers who are billed according to computing cycles. Hackers may also cause the cloud to consume too much processing time, which forces the user to take it down.

Just recently, three major cloud-based services were knocked offline with a series of co-ordinated DDoS attacks. Deezer, Feedly and Evernote all suffered attacks from criminals wanting to extort money to make the attacks stop.

“We’re actively working to neutralize a denial-of-service attack,” Evernote tweeted last Wednesday.

Malicious Insiders

These insiders could comprise of former employees, a business partner, or a contractor gaining access to the network or data for malicious purposes. The risk is even greater when the encryption keys are not provided to the customers until data-usage time; this means the cloud service provider has the sole responsibility for securing the network.

Cloudtweak lists the type of malicious insiders that could cause havoc in cloud computing networks. The source recommends cloud adopters to work hard to secure such vulnerabilities and know insiders beforehand.

At the end of the day, organizations hosting their data and systems on the cloud should place greater emphasis on these vulnerabilities and become proactive in finding solutions to mitigate such weaknesses.