Treacherous Twelve: The Top 12 Cloud Security Threats
The cloud is a valuable resource to many organizations; however, its value also means that securing it is a high priority. The Cloud Security Alliance (CSA) is an organization dedicated to improving public knowledge and understanding of cloud security threats.
One of the ways that the CSA helps to improve the state of cloud security is by making cloud providers, developers, and users aware of the most pressing threats against cloud security. The CSA has recently released the most recent version of its report on the 12 most “treacherous” threats to cloud security. To build this report, the CSA surveyed leaders throughout the industry to determine which threats they feel are the most dangerous to cloud security.
- Data Breaches. Data breaches are a significant threat whether in the cloud or on an organization’s own network. The cloud has had many headlines recently due to security breaches caused by security misconfigurations. Many organizations collect, store, and process sensitive data, and compromise of this data can have a significant impact on both their competitive advantage and their customers’ privacy. As a result, a lot of legislation has come into effect, like GDPR and the CCPA, to help regulate this industry.
- Insufficient Identity, Credential, and Access Management. A significant threat to cloud security is the potential for malicious actors to access and use legitimate user accounts to compromise cloud resources. If an organization does not appropriately manage the access credentials for their cloud deployment, this lowers the bar for attackers trying to misuse these cloud resources.
- Insecure Interfaces and Application Programming Interfaces (APIs). Application programming interfaces (APIs) allow developers to write code that interacts directly with an application backend without placing load on the front-end systems (like a webpage). Cloud security providers (CSPs) also allow API access to their products, enabling automated management of a cloud deployment. If these APIs are not secure, threat actors can take advantage of them to compromise the cloud deployment.
- System Vulnerabilities. All software has bugs, the main question is whether or not these bugs are exploitable vulnerabilities. In the cloud, an organization’s cloud deployment can share a physical server with other, untrusted cloud resources. If the cloud software has a vulnerability, a malicious cloud user on a multitenant server could exploit the vulnerability to read parts of the shared physical memory allocated to other cloud instances, which may contain sensitive data.
- Account Hijacking. Compromise of a user’s or organization’s online account is not a new attack vector. However, with the cloud, organizations are placing increasing amounts of valuable data and applications on third-party systems. Hijacked cloud accounts could give an attacker access to sensitive data and a platform for launching further attacks.
- Malicious Insiders. While many organizations focus on external threat actors, malicious insiders are also a significant potential threat. A disgruntled employee with the power of a system administrator has the potential to completely compromise an organization’s cloud deployment.
- Advanced Persistent Threats (APTs). If traditional hackers are a threat to an organization’s security, advanced persistent threats (APTs) are even more so. These hacking groups have the support and resources of governments or large corporations. As a result, they often have the patience and capabilities to infiltrate and exploit even well-protected networks.
- Data Loss. A breach isn’t the only bad thing that can happen to an organization’s sensitive data. Even the loss of sensitive data can have a significant impact on an organization’s ability to operate or their competitive advantage. Data loss can occur due to malicious actions (like ransomware) or benign accidents (like unintentional deletion of a critical file).
- Insufficient Due Diligence. The cloud has become a buzzword, with many organizations adopting it simply to be doing so. If an organization’s leadership doesn’t take the time to develop a clear plan for cloud adoption and perform market research for potential providers, making the wrong decision could impact organizational security.
- Abuse and Nefarious Use of Cloud Services. Cloud computing is valuable to many organizations due to its ability to increase the scalability and efficiency of legitimate operations. However, these same benefits are also appealing to malicious actors. Cloud services are often used for launching phishing and spam email attacks and performing Distributed Denial of Service (DDoS) attacks at scale.
- Denial of Service. Denial of Service (DoS) attacks target bottlenecks or single points of failure in systems, overwhelming them to degrade or destroy the system’s ability to function. Cloud computing can be both the target of this type of attack or help to enable it (with cloud resources being used to launch a DDoS attack).
- Shared Technology Vulnerabilities. Cloud service providers offer infrastructure or resources to consumers “as a service” and often use the same systems for multiple tenants at a time. If the off-the-shelf hardware and software used by the CSPs does not provide a high level of isolation between different users, a malicious user may be able to break the isolation and spy on other tenants.
Securing Your Data
The cloud is a very valuable resource, but it is important to use it responsibly. Of the twelve threats highlighted by the CSA, some are out of the cloud user’s control but other are flaws in how consumers make use of their cloud deployment. Organizations should take care to plan and implement their cloud deployment properly and ensure that it is protected, monitored, and secured by the appropriate cloud security technologies.