Automation and Digitization are the current buzz words unanimously across all business verticals. It is also the practical way forward. Having said that, this time we are pushed face to face to look at business processes and services that were for long off the digital hook. While companies rework their IT strategy to automate all aspects of their services, cloud based solution-ing is finding its leg room. They are easier to deploy, maintain and expand. So why not ?
The only hiccup in this plan of action are the operational and security challenges that come with it. In this blog, we focus on the information security challenges that come with cloud based solution-ing.
Access Management: This is one of the most sought-after security vulnerabilities that hackers try to enumerate and then exploit. Strict access management schemes are the must-have options to safeguard data. The infamous LinkedIn hack of 2016 is one of the worst attacks that happened because of poor access management mechanisms. As a result, approx. 164 million user data including credentials were compromised.
What can we do to tackle this?
Meet the new kid on the block - Multi-Factor Authentication (MFA). MFA for logging into user accounts is the best mechanism to reduce the probability of hackers getting unauthorized access to user accounts. Also, making use of ‘Need to Know’ principle is a very good preventive measure to secure data from unauthorized personnel.
Data Breach (Cloud Storage): Data breaches occur due to 2 main factors – Humans and Humans. Yes, you heard it right. Humans are the primary reason for any data breach but by humans I mean malicious human a.k.a hackers along with their accomplice (can be inside the organization where data breach has occurred) and those who are tricked by the malicious human to make the breach happen in the first place. Most Data breaches occur due to human negligence (like being unaware of criticality of data, security implications and the information security awareness in general).
That being said, weakness in technology is also a factor for data breaches but can of course be rectified. Some measures that could be implemented are MFA, Data-at-rest encryption (for logs, DB, datasets, etc.) and last but not the least perimeter firewalls. Perimeter Firewalls between a private (internal) network and public network must be implemented to control the traffic flowing in & out of the network. Internal firewalls must be coupled along with perimeter firewalls to monitor and detect anomalies in the authorized network traffic.
Data Loss: This type of security threat is more hurting than the data breaches because of the inability to retrieve the original data, leading to huge losses. This happens due to factors such as data alteration, unreliable storage services that face outages (e.g. of service provider inefficiency), data deletion and the loss of access to the data. However, these could be prevented by the use of efficient back-up methodologies like RAID (Redundant Array of inexpensive Disks) services and geographically spanned servers which allow fast revival of data when one unit goes down because of problems in a specific geographical location.
Insecure API: API is another technology which makes accessing different web services easy for customers. API also has security implications like inefficient API code leading to access without effective authentication mechanisms, lack of access monitoring and the re-usability of tokens and passwords which could be exploited during brute force attacks. To prevent this from happening, regular penetration tests should be performed on the API to examine any weaknesses in the API and subsequently filling up the vulnerabilities found. General audits must also be performed on the API so as to have a thorough validation of the API.
Finally, implementation of SSL over TLS for data in transit should be made a mandatory requirement to safeguard the data that is transmitted over public network. HTTPS is a very good example of this methodology that has been adopted by majority of the organizations that value the two major aspects of information security i.e Authenticity and Confidentiality of data.
Misconfigurations: This risk can be thought of as the parent risk to the above-mentioned risk which is Insecure API. The most common types of security misconfigurations are retaining default security settings, mismatch in access management rules (When unauthorized personnel get access to data that is sensitive unintentionally) and access to data without storage protection i.e. when sensitive data is stored without the requirement of authorization.
Increased DoS/DDoS: Finally, the most common and easiest type of attack that a malicious entity can perform is the DoS/DDoS attack. One of the major pitching points in cloud technologies is the ability to scale resources effectively but the same does not protect an organization during a DoS or DDoS attack. Every system has a limit to which they can sustain traffic load. DDoS attacks keep replicating by itself once the systems in line are compromised. Therefore, having good scalability is not always the best alternative.
In order to protect an organization from these attacks, effective IDS/IPS must be implemented and needs to be constantly updated. Also, stateful packet inspection is a must so as to check and allow packets in a more proactive approach. The next approach could be to limit the bandwidth usage to the extent at which a server can run effectively.
A more proactive approach should be taken to inspect bandwidth usage so as to be ready when an attempt to DoS/DDoS is suspected. Finally, blocking the source IP’s that were previously found and considered to be malicious helps in keeping the situation under control.
To conclude this blog, cloud computing has been a great boom in the current industry and has been a very helpful technology in bringing revolutionary innovations. However, effective data security continues to be a challenge and this challenge is worth taking on considering the availability and scalability pay offs.