SlideShare a Scribd company logo

Cloud security risks

R
Revital Lapidot

The document outlines the challenges and critical threats to cloud security, highlighting issues such as lack of control, data breaches, weak authentication, and insider threats. It provides recommendations to mitigate risks, including the use of encryption and multi-factor authentication, as well as due diligence when selecting cloud providers. Additionally, it discusses trends in managing security from private clouds and using cloud as a front-end for network infrastructure.

Technology
Related topics:
Information SecurityCloud Computing Insights
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
11 Cloud Security Keep your data and services secured in the Cloud Baruch Menahem, CISSP, CCSK InfoSec Strategy Manager, Comsec
2 2 Challenges to Cloud • Lack of control over resources: Concerns related to lack of physical control, data and applications. • Less security visibility and control capabilities: The IT is not able to dictate things such as version control, patch frequency and code reviews. Therefore they will be forced to update their development, QA, administration and operations processes. • Internet dependency - performance and availability: Cloud computing services relies fully on the availability, speed, quality and performance of the internet. • Difficult to migrate: It is not very easy to move the applications from an enterprise to cloud computing environment or even within different cloud computing platforms.
3 3 Critical Threats to Cloud Security Cloud Security Alliance (CSA) has identified 8 critical threats to cloud security: 1. Enterprise cloud services are not enterprise-ready 95% of cloud services used in the average enterprise are not enterprise-ready from a security standpoint. 2. Data breaches Due to the huge amount of data stored on cloud servers, providers are an increasingly attractive target to cyber criminals. 3. Lack of encryption Encryption is one of the most basic methods for securing data, but many enterprises make the mistake of failing to encrypt sensitive data in the cloud.
4 4 Critical Threats to Cloud Security 4. Weak authentication and identity management A lack of proper authentication and identity management is responsible for data breaches within organizations. Cloud provider are usually support 2FA/MFA mechanisms but unfortunately, clients are not making use of it. 5. Insider threat An insider (a former employee, system administrator, contractor, or business partner) could destroy infrastructure or permanently delete data. Systems that depend entirely on cloud service providers for security are at greatest risk. 6. Account Hijacking Techniques like phishing and fraud are well known cyber threats, but cloud adds a new dimension to these threats as successful attackers are able to eavesdrop on activities and modify data.
5 5 Critical Threats to Cloud Security 7. Lacking due diligence Due diligence is the process of evaluating cloud vendors to ensure that best practices are in place. Part of this process includes verifying whether the cloud provider can offer adequate cloud security controls and meet the level of service expected by an enterprise. 8. DDoS attacks DDoS attacks often affect availability and for enterprises that run critical infrastructure in the cloud, this can be debilitating and systems may slow or simply time out. DDoS attacks also consume large amounts of processing power – a bill that the cloud customer (you) will have to pay.
6 6 Critical Threats to Cloud Security In order to reduce the risk of using cloud services, the following should be considered: • Use of encryption to protect data at rest as well as in transit. • Manage encryption key via HSM system. • Use MFA for accessing cloud resources. • Create and enforce dedicate security policy for cloud usage. • Monitor cloud accounts to make sure that every transaction can be traced back to a human owner. • Review accreditations and standards gained by cloud providers, including ISO 9001, DCS, PCI and HIPAA. • Use dedicated security systems such as IPS, WAF and DDoS protection to protect against external attacks. • Conduct security assessments and penetration tests. Remediation
7 7 Cloud Trends Centrally manage security from a private cloud Using a private cloud (either on premise or external) to centrally manage endpoint security. Especially useful when working with distributed networks (multiple branches / sites) or when distributed users are required to be protected according to the standard used in the organization. Can also reduce maintenance and licensing cost (managed by the cloud provider).
8 8 Cloud Trends Using the cloud as a front-end DMZ network Using the cloud as the internet gateway of the corporate network to transfer the handling of network attacks from the internet to the cloud provider. The cloud is used as a network extension (the Front-End DMZ) of the on premise network and used to host all internet facing services, while the on premise external network becomes the mediating layer (Back-End DMZ) which connects the two networks (by VPN / Direct Line connection). This implementation can also reduce cost to the organization by using managed cloud security services.
9 9 Cloud Trends Implementing a Cloud Stack Enjoy cloud benefits (e.g. scalability, flexibility, efficiency, cost and security) without relying on cloud vendors, by building an on premise private cloud using OpenStack, Azure Stack or any other cloud platform. Very useful for organizations that can not use cloud services due to regulatory and security constraints that do not allow them to store sensitive information in the cloud or to transfer core systems to the cloud.
10 10 Cloud Trends Private Cloud - Azure Stack
11 11 Cloud Trends Private Cloud - OpenStack
12 12 Sources • ComparetheCloud.com: 8 Public Cloud Security Threats to Enterprises in 2017 • Azure Stack: An extension of Azure • Azure Stack datasheet
13 +972 (0)3-9234277 Baruchm@comsecglobal.com Yegia Kapayim St. 21D, P.O. Box 3474, Petach-Tikva, Israel, 49130 www.comsecglobal.com Innovation, knowledge & Experience To keep you ahead of the curve Contact Us

More Related Content

PPTX
Rik Ferguson
CloudExpoEurope
 
PPTX
Can Cloud Solutions Transform Network Security
EC-Council
 
PPT
Cloud Security
Rashmi Agale
 
PPTX
cloud Resilience
Integral university, India
 
PDF
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
PPTX
Cloud Security_ Unit 4
Integral university, India
 
PPTX
Cloud Computing Security Threats and Responses
shafzonly
 
PDF
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
Rik Ferguson
CloudExpoEurope
 
Can Cloud Solutions Transform Network Security
EC-Council
 
Cloud Security
Rashmi Agale
 
cloud Resilience
Integral university, India
 
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
Cloud Security_ Unit 4
Integral university, India
 
Cloud Computing Security Threats and Responses
shafzonly
 
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 

What's hot (19)

PPTX
Top 5 Cloud Security Threats in Healthcare
Bitglass
 
PDF
Csathreats.v1.0
vivek_kale27
 
PDF
Cloud Security Top Threats
Tiago de Almeida
 
PPTX
Cloud computing security
gangal
 
PDF
Disaster recovery glossary
singlehopsn
 
PPTX
Software Security
Integral university, India
 
PDF
Cloud Security Myths Vs Facts
OPAQ
 
PDF
Migrating to the Cloud: Lessons Learned from Federal Agencies
VMware
 
PDF
Top Application Security Threats
ColumnInformationSecurity
 
PDF
Threats and risks to cloud computing
Ryo Matsumoto
 
PDF
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
PPT
Cloud security
Tushar Kayande
 
PPTX
Cloud with Cyber Security
Niki Upadhyay
 
PDF
Data security in cloud environment
Shivam Singh
 
PPT
Data security in the cloud
IBM Security
 
PDF
Is it an internal affair
George Delikouras
 
PPTX
VMware vRealize Network Insight 3.5 - Whats New
VMware
 
PPTX
Security on Cloud Computing
Reza Pahlava
 
PPTX
Cloud Computing Security
Nithin Raj
 
Top 5 Cloud Security Threats in Healthcare
Bitglass
 
Csathreats.v1.0
vivek_kale27
 
Cloud Security Top Threats
Tiago de Almeida
 
Cloud computing security
gangal
 
Disaster recovery glossary
singlehopsn
 
Software Security
Integral university, India
 
Cloud Security Myths Vs Facts
OPAQ
 
Migrating to the Cloud: Lessons Learned from Federal Agencies
VMware
 
Top Application Security Threats
ColumnInformationSecurity
 
Threats and risks to cloud computing
Ryo Matsumoto
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Cloud security
Tushar Kayande
 
Cloud with Cyber Security
Niki Upadhyay
 
Data security in cloud environment
Shivam Singh
 
Data security in the cloud
IBM Security
 
Is it an internal affair
George Delikouras
 
VMware vRealize Network Insight 3.5 - Whats New
VMware
 
Security on Cloud Computing
Reza Pahlava
 
Cloud Computing Security
Nithin Raj
 
Ad

Similar to Cloud security risks (20)

PPTX
The Top Cloud Security Issues
HTS Hosting
 
PDF
Cloud Computing Security
Arunvignesh Venkatesh
 
PDF
Top 5 Cloud Security Threats in 2025 and Ways to Avoid Them
Oliver Grady
 
PPTX
Cloud Computing Security Essentials for beginners
ssuser1e89a0
 
PDF
Lecture27 cc-security2
Ankit Gupta
 
PDF
Cloud Security - Kloudlearn
KloudLearn
 
PDF
Cloud_security_v2_chpater_9_s_version.pdf
alkabarala01
 
PDF
Cyber Security in Cloud Computing: Challenges and Solutions
chanchalsainihawksco
 
PPTX
Cloud-Architecture-Technology-Deovps-Eng
Ganesh Bhosale
 
PDF
Cloud Security Network – Definition and Best Practices.pdf
qualysectechnology98
 
PDF
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
DataSpace Academy
 
PPTX
Cloud Security: A matter of trust?
Mark Williams
 
PPTX
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
PPTX
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
PDF
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Adnene Guabtni
 
PPTX
Cloud Cmputing Security
Devyani Vaidya
 
POT
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
PPTX
Cloud Security: Risks and Recommendations for New Entrants
irvinchoo
 
PPTX
Cloud security: Risks and Rewards for New Entrants
irvinc
 
PPTX
Cloud computing - Assessing the Security Risks - Jared Carstensen
jaredcarst
 
The Top Cloud Security Issues
HTS Hosting
 
Cloud Computing Security
Arunvignesh Venkatesh
 
Top 5 Cloud Security Threats in 2025 and Ways to Avoid Them
Oliver Grady
 
Cloud Computing Security Essentials for beginners
ssuser1e89a0
 
Lecture27 cc-security2
Ankit Gupta
 
Cloud Security - Kloudlearn
KloudLearn
 
Cloud_security_v2_chpater_9_s_version.pdf
alkabarala01
 
Cyber Security in Cloud Computing: Challenges and Solutions
chanchalsainihawksco
 
Cloud-Architecture-Technology-Deovps-Eng
Ganesh Bhosale
 
Cloud Security Network – Definition and Best Practices.pdf
qualysectechnology98
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
DataSpace Academy
 
Cloud Security: A matter of trust?
Mark Williams
 
9 Things You Need to Know Before Moving to the Cloud
kairostech
 
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
Adnene Guabtni
 
Cloud Cmputing Security
Devyani Vaidya
 
Automation alley day in the cloud presentation - formatted
Matthew Moldvan
 
Cloud Security: Risks and Recommendations for New Entrants
irvinchoo
 
Cloud security: Risks and Rewards for New Entrants
irvinc
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
jaredcarst
 
Ad

Recently uploaded (20)

PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Encapsulation theory and applications.pdf
gurumoop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Approach and Philosophy of On baking technology
30anthuong17
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 

Cloud security risks

  • 1. 11 Cloud Security Keep your data and services secured in the Cloud Baruch Menahem, CISSP, CCSK InfoSec Strategy Manager, Comsec
  • 2. 2 2 Challenges to Cloud • Lack of control over resources: Concerns related to lack of physical control, data and applications. • Less security visibility and control capabilities: The IT is not able to dictate things such as version control, patch frequency and code reviews. Therefore they will be forced to update their development, QA, administration and operations processes. • Internet dependency - performance and availability: Cloud computing services relies fully on the availability, speed, quality and performance of the internet. • Difficult to migrate: It is not very easy to move the applications from an enterprise to cloud computing environment or even within different cloud computing platforms.
  • 3. 3 3 Critical Threats to Cloud Security Cloud Security Alliance (CSA) has identified 8 critical threats to cloud security: 1. Enterprise cloud services are not enterprise-ready 95% of cloud services used in the average enterprise are not enterprise-ready from a security standpoint. 2. Data breaches Due to the huge amount of data stored on cloud servers, providers are an increasingly attractive target to cyber criminals. 3. Lack of encryption Encryption is one of the most basic methods for securing data, but many enterprises make the mistake of failing to encrypt sensitive data in the cloud.
  • 4. 4 4 Critical Threats to Cloud Security 4. Weak authentication and identity management A lack of proper authentication and identity management is responsible for data breaches within organizations. Cloud provider are usually support 2FA/MFA mechanisms but unfortunately, clients are not making use of it. 5. Insider threat An insider (a former employee, system administrator, contractor, or business partner) could destroy infrastructure or permanently delete data. Systems that depend entirely on cloud service providers for security are at greatest risk. 6. Account Hijacking Techniques like phishing and fraud are well known cyber threats, but cloud adds a new dimension to these threats as successful attackers are able to eavesdrop on activities and modify data.
  • 5. 5 5 Critical Threats to Cloud Security 7. Lacking due diligence Due diligence is the process of evaluating cloud vendors to ensure that best practices are in place. Part of this process includes verifying whether the cloud provider can offer adequate cloud security controls and meet the level of service expected by an enterprise. 8. DDoS attacks DDoS attacks often affect availability and for enterprises that run critical infrastructure in the cloud, this can be debilitating and systems may slow or simply time out. DDoS attacks also consume large amounts of processing power – a bill that the cloud customer (you) will have to pay.
  • 6. 6 6 Critical Threats to Cloud Security In order to reduce the risk of using cloud services, the following should be considered: • Use of encryption to protect data at rest as well as in transit. • Manage encryption key via HSM system. • Use MFA for accessing cloud resources. • Create and enforce dedicate security policy for cloud usage. • Monitor cloud accounts to make sure that every transaction can be traced back to a human owner. • Review accreditations and standards gained by cloud providers, including ISO 9001, DCS, PCI and HIPAA. • Use dedicated security systems such as IPS, WAF and DDoS protection to protect against external attacks. • Conduct security assessments and penetration tests. Remediation
  • 7. 7 7 Cloud Trends Centrally manage security from a private cloud Using a private cloud (either on premise or external) to centrally manage endpoint security. Especially useful when working with distributed networks (multiple branches / sites) or when distributed users are required to be protected according to the standard used in the organization. Can also reduce maintenance and licensing cost (managed by the cloud provider).
  • 8. 8 8 Cloud Trends Using the cloud as a front-end DMZ network Using the cloud as the internet gateway of the corporate network to transfer the handling of network attacks from the internet to the cloud provider. The cloud is used as a network extension (the Front-End DMZ) of the on premise network and used to host all internet facing services, while the on premise external network becomes the mediating layer (Back-End DMZ) which connects the two networks (by VPN / Direct Line connection). This implementation can also reduce cost to the organization by using managed cloud security services.
  • 9. 9 9 Cloud Trends Implementing a Cloud Stack Enjoy cloud benefits (e.g. scalability, flexibility, efficiency, cost and security) without relying on cloud vendors, by building an on premise private cloud using OpenStack, Azure Stack or any other cloud platform. Very useful for organizations that can not use cloud services due to regulatory and security constraints that do not allow them to store sensitive information in the cloud or to transfer core systems to the cloud.
  • 12. 12 12 Sources • ComparetheCloud.com: 8 Public Cloud Security Threats to Enterprises in 2017 • Azure Stack: An extension of Azure • Azure Stack datasheet
  • 13. 13 +972 (0)3-9234277 Baruchm@comsecglobal.com Yegia Kapayim St. 21D, P.O. Box 3474, Petach-Tikva, Israel, 49130 www.comsecglobal.com Innovation, knowledge & Experience To keep you ahead of the curve Contact Us