SlideShare a Scribd company logo

9 Things You Need to Know Before Moving to the Cloud

Download as PPTX, PDF
K
kairostech

The document outlines the rapid growth of cloud computing and its associated security challenges, highlighting nine significant risks identified by the Cloud Security Alliance (CSA). These risks include data breaches, data loss, account hijacking, and insecure APIs, among others, which businesses need to understand to safeguard their cloud environments. Effective risk management and due diligence strategies are essential for organizations transitioning to cloud services to avoid compromising their data security.

Internet
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
9 Things You Need to Know Before Moving to the Cloud
Agenda Cloud computing has emerged and paved its way forward at an unprecedented pace. It has managed to simultaneously transform business and government giving rise to new security challenges. The emergence of the cloud service model provides business supporting technology with an increased efficiency than ever before. The paradigm shift from server to service has revolutionized the way IT departments think, design, and provide computing solutions and applications. Yet, these revolutions have given birth to new security challenges–the full impact of which is yet to be determined.
The cloud shift proves to be more affordable and prompt, but by taking that route, it undermines the necessity of enterprise level security policies, principles, and best practices. In the event of these, businesses have made themselves vulnerable to breaches that can as easily nullify any gains that have made as a result of the cloud shift.
Cloud Security Alliance (CSA) has identified nine such risks or threats associated with cloud computing. In view of this they have created industry-wide standards for cloud security. In order to safeguard themselves in the cloud environment, businesses should understand these risks–aptly named as “The notorious nine” by CSA.
These Notorious Nine are; Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Service Malicious Insiders Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues 1 3 2 5 4 7 8 6 9
Data Breach Data Breach is a serious threat that most CIOs are concerned about. In November 2012, researchers at the University of Carolina published a paper which described how an automated machine was able to use side channel timing information to access private cryptographic keys on another machine located on the same physical server. Security breaches are inevitable. Service providers may claim that they adopt best practices, however, we all know that there’s no way to completely eliminate risks associated with it. The best way for businesses is to be on the defensive and work with the vendors, providers, and lawyers to prepare “Data Breach Response’ in advance to reduce the risks and liabilities when data breach incident happens.
Data Loss It is a petrifying thought to lose data for both businesses and consumers alike. The data in the cloud is in complete possession of the cloud service provider. Any accidental deletion through human error, a physical catastrophe like fire or earthquake, may lead to a permanent loss of all data. This risk can be mitigated by keeping an adequate backup of the data. A backup on a separate server still is open to a data breach or data loss on losing the encryption key. However, many companies are required to deal with compliance standards for record keeping. If physical records are kept, then data loss may not have that big an impact on the enterprise.
Account or Service Traffic Hijacking This threat is not a new one. Phishing, exploitation, fraud have found a place in cyber space for a long time. Passwords are reused often amplifying the impact. Cloud just adds to the landscape. All attackers have to do is gain access to your account, which is not hard if password and credentials are not strong enough. Attackers can then falsify, manipulate, or even redirect data. They may also make your account a base for their activities and leverage their subsequent attacks. This has been and still remains one of the top threats. Stolen credentials give the attackers power over all critical information. The enterprise data then falls into his hands and he may gain access to all cloud computing services deployed, thereby compromising the integrity and confidentiality of those services.
Insecure Interface and APIs Cloud computing essentially works by exposing a set of APIs or software interfaces that allow consumers to remotely access data. Delivery, Management, adaptation, and monitoring services are all performed by way of these interfaces. The overall security of the cloud depends on the security of these interfaces. From credible access control to encoding and activity overview, these interfaces must be secured against accidental or purposeful efforts to circumvent policy. These interfaces are further used by cloud users to build upon and provide value- added services to their customers. This introduces an additional layer of risk and exposure to the security breach at the API level. The responsibility of grasping the depth of security at the API level lies with both, the service provider and the consumer as reliance on a poorly orchestrated API would lead to security issues related to integrity, confidentiality, accountability and availability.
Denial of Service (DoS) Essentially, DoS is preventing the consumers of the cloud to access their own data. This attack tends to corner the victim into consuming inordinate amounts of limited system resources, memory, processor power, and network bandwidth or disk space. This leads to a network slow down, much like getting bottlenecked in rush hour traffic. This is a case of can’t go through, can’t get out. What results is excessive use of bandwidth. And the service providers charge based on the disk space consumed. Therefore, the increased processing time would lead to high costs.
Malicious Insiders The backbone of the entire cloud technology is storing data with a third party. Where there is trust, there is also a breach of trust. This is much like data breach, except it comes from the different sources and purposes. CERN, the European Organization for Nuclear Research, defines an insider threat as: “A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.”
Abuse of Cloud Services Cloud computing has made a name for itself as it gives large computing capabilities to even small organizations. These capabilities can even fall into the wrong hands. With such computing power, an attacker can easily crack an encryption key in no time. He may even employ these servers to plan and orchestrate a DoS attack. This threat is a risk to the service providers. They have to identify abusers and service breach from their end.
Insufficient Due Diligence Cloud computing has made its presence felt with a bang. All the organizations want a piece of the cloud. The promise of reduced cost, efficiency in operations and improved security has baited the organizations well. By pushing to the cloud, organizations may be minimizing their risk at the operational and departmental front but they are adopting risk associated with the cloud. These risk, if not assessed diligently can pose a threat and impact organization making it difficult for them recoup for the lack of capable resources.
Shared Technology Vulnerabilities Cloud services are third party services. Service providers scale their resources by sharing platforms, Infrastructure, and applications. Whether it’s the hardware components that make up the infrastructure (CPU, Servers, Caches etc.) or the software ( Saas, PaaS, IaaS etc.) The risk of shared vulnerability exists in all service models. A compromise of a critical component may lead to an overall compromise of data stored on the cloud.
Conclusion Having an equal understanding of both the promise that cloud computing offers and the risk that it brings is a crucial step for enterprises before adopting and transitioning their IT environment onto the cloud.
Kairos partners with the leading technology providers in cloud, mobile and social space. Our team of experts has helped organizations migrate to cloud seamlessly. Write us today (info@kairostech.com) for your cloud computing requirements and security assessment. Let’s Talk!
http://www.kairostech.com

More Related Content

PDF
Cloud Computing Security
Arunvignesh Venkatesh
 
PPTX
Cloud computing - Assessing the Security Risks - Jared Carstensen
jaredcarst
 
PDF
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
PDF
Winston morton - intrusion prevention - atlseccon2011
Atlantic Security Conference
 
PDF
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
DOCX
Cloud Computing Security
Ahmed Banafa
 
PDF
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
PPTX
4.5.cloud security
DrRajapraveenkN
 
Cloud Computing Security
Arunvignesh Venkatesh
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
jaredcarst
 
MIST Effective Masquerade Attack Detection in the Cloud
Kumar Goud
 
Winston morton - intrusion prevention - atlseccon2011
Atlantic Security Conference
 
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Cloud Computing Security
Ahmed Banafa
 
Law firms keep sensitive client data secure with CloudMask
CloudMask inc.
 
4.5.cloud security
DrRajapraveenkN
 

What's hot (20)

PDF
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
PDF
Best-Practices-Web-Usability
Larry Wilson
 
PDF
2_24551_Virtualization_SC_0113
Jim Romeo
 
PPTX
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
PDF
Case study
Shehrevar Davierwala
 
PDF
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
PPT
Hipaa Compliance With IT
Nainil Chheda
 
PPTX
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
Raffa Learning Community
 
PDF
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
PDF
Risk management for cloud computing hb final
Christophe Monnier
 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
PPTX
Should You Be Automating
Siemplify
 
PDF
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
 
PDF
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Armor
 
PDF
Mindtree distributed agile journey and guiding principles
Mindtree Ltd.
 
PDF
Introduction to Cloud Security
Susanne Tedrick
 
PPTX
Cloud Security Issues 1.04.10
Rugby7277
 
PPTX
User Behavior based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
PPTX
Microsoft Platform Security Briefing
technext1
 
PDF
Collaborating Using Cloud Services
Dr. Sunil Kr. Pandey
 
HOW TO TROUBLESHOOT SECURITY INCIDENTS IN A CLOUD ENVIRONMENT?
EC-Council
 
Best-Practices-Web-Usability
Larry Wilson
 
2_24551_Virtualization_SC_0113
Jim Romeo
 
Cloud Security for U.S. Military Agencies
NJVC, LLC
 
Case study
Shehrevar Davierwala
 
Cloud Security Guide - Ref Architecture and Gov. Model
Vishal Sharma
 
Hipaa Compliance With IT
Nainil Chheda
 
2017-10-05 Mitigating Cybersecurity and Cyber Fraud risk in Your Organization
Raffa Learning Community
 
A Comparative Review on Data Security Challenges in Cloud Computing
IRJET Journal
 
Risk management for cloud computing hb final
Christophe Monnier
 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Should You Be Automating
Siemplify
 
Cloud Computing Risk Management (IIA Webinar)
Brian K. Dickard
 
Case Study - Currency from the Cloud: Security & Compliance for Payment Provider
Armor
 
Mindtree distributed agile journey and guiding principles
Mindtree Ltd.
 
Introduction to Cloud Security
Susanne Tedrick
 
Cloud Security Issues 1.04.10
Rugby7277
 
User Behavior based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
Microsoft Platform Security Briefing
technext1
 
Collaborating Using Cloud Services
Dr. Sunil Kr. Pandey
 
Ad

Similar to 9 Things You Need to Know Before Moving to the Cloud (20)

PDF
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 
PDF
N017259396
IOSR Journals
 
PDF
Cloud Application Security Best Practices To follow.pdf
Techugo
 
PDF
Top 5 Cloud Security Threats in 2025 and Ways to Avoid Them
Oliver Grady
 
PPTX
cloud computer security fundamentals Unit-5.pptx
SuryaBasnet3
 
PDF
How Secure Is Cloud
William Lam
 
PDF
Cloud Application Security Best Practices To follow.pdf
Techugo
 
PDF
Cloud servers-new-risk-considerations
Accenture
 
PPTX
Chapter_5_Security_CC.pptx
LokNathRegmi1
 
PDF
A017130104
IOSR Journals
 
PDF
Identified Vulnerabilitis And Threats In Cloud Computing
IOSR Journals
 
PDF
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
PPTX
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
PPTX
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
 
PDF
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
PDF
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
PDF
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 
PDF
Outsourcing control
Shahbaz Sidhu
 
PPTX
Cloud Security in 2025_ Top Challenges, Daily Risks & Key Threats You Need to...
infosprintseo
 
DOCX
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
Internal & External Attacks in cloud computing Environment from confidentiali...
iosrjce
 
N017259396
IOSR Journals
 
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Top 5 Cloud Security Threats in 2025 and Ways to Avoid Them
Oliver Grady
 
cloud computer security fundamentals Unit-5.pptx
SuryaBasnet3
 
How Secure Is Cloud
William Lam
 
Cloud Application Security Best Practices To follow.pdf
Techugo
 
Cloud servers-new-risk-considerations
Accenture
 
Chapter_5_Security_CC.pptx
LokNathRegmi1
 
A017130104
IOSR Journals
 
Identified Vulnerabilitis And Threats In Cloud Computing
IOSR Journals
 
Investigative analysis of security issues and challenges in cloud computing a...
IAEME Publication
 
Unit -3.pptx cloud Security unit -3 notes
Ramya Nellutla
 
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
 
Cloud Security - Emerging Facets and Frontiers
Gokul Alex
 
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
Seven Deadly Threats and Vulnerabilities in Cloud Computing
Mervat Bamiah
 
Outsourcing control
Shahbaz Sidhu
 
Cloud Security in 2025_ Top Challenges, Daily Risks & Key Threats You Need to...
infosprintseo
 
CLOUD COMPUTING -Risks, Countermeasures, Costs and Benefits-
Lillian Ekwosi-Egbulem
 
Ad

Recently uploaded (20)

PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Internet___Basics___Styled_ presentation
poonam62133
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
Funds Management Learning Material for Beg
NKKumar16
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
innovation process that make everything different.pptx
SoumyadipPaul18
 

9 Things You Need to Know Before Moving to the Cloud

  • 1. 9 Things You Need to Know Before Moving to the Cloud
  • 2. Agenda Cloud computing has emerged and paved its way forward at an unprecedented pace. It has managed to simultaneously transform business and government giving rise to new security challenges. The emergence of the cloud service model provides business supporting technology with an increased efficiency than ever before. The paradigm shift from server to service has revolutionized the way IT departments think, design, and provide computing solutions and applications. Yet, these revolutions have given birth to new security challenges–the full impact of which is yet to be determined.
  • 3. The cloud shift proves to be more affordable and prompt, but by taking that route, it undermines the necessity of enterprise level security policies, principles, and best practices. In the event of these, businesses have made themselves vulnerable to breaches that can as easily nullify any gains that have made as a result of the cloud shift.
  • 4. Cloud Security Alliance (CSA) has identified nine such risks or threats associated with cloud computing. In view of this they have created industry-wide standards for cloud security. In order to safeguard themselves in the cloud environment, businesses should understand these risks–aptly named as “The notorious nine” by CSA.
  • 5. These Notorious Nine are; Data Breaches Data Loss Account Hijacking Insecure APIs Denial of Service Malicious Insiders Abuse of Cloud Services Insufficient Due Diligence Shared Technology Issues 1 3 2 5 4 7 8 6 9
  • 6. Data Breach Data Breach is a serious threat that most CIOs are concerned about. In November 2012, researchers at the University of Carolina published a paper which described how an automated machine was able to use side channel timing information to access private cryptographic keys on another machine located on the same physical server. Security breaches are inevitable. Service providers may claim that they adopt best practices, however, we all know that there’s no way to completely eliminate risks associated with it. The best way for businesses is to be on the defensive and work with the vendors, providers, and lawyers to prepare “Data Breach Response’ in advance to reduce the risks and liabilities when data breach incident happens.
  • 7. Data Loss It is a petrifying thought to lose data for both businesses and consumers alike. The data in the cloud is in complete possession of the cloud service provider. Any accidental deletion through human error, a physical catastrophe like fire or earthquake, may lead to a permanent loss of all data. This risk can be mitigated by keeping an adequate backup of the data. A backup on a separate server still is open to a data breach or data loss on losing the encryption key. However, many companies are required to deal with compliance standards for record keeping. If physical records are kept, then data loss may not have that big an impact on the enterprise.
  • 8. Account or Service Traffic Hijacking This threat is not a new one. Phishing, exploitation, fraud have found a place in cyber space for a long time. Passwords are reused often amplifying the impact. Cloud just adds to the landscape. All attackers have to do is gain access to your account, which is not hard if password and credentials are not strong enough. Attackers can then falsify, manipulate, or even redirect data. They may also make your account a base for their activities and leverage their subsequent attacks. This has been and still remains one of the top threats. Stolen credentials give the attackers power over all critical information. The enterprise data then falls into his hands and he may gain access to all cloud computing services deployed, thereby compromising the integrity and confidentiality of those services.
  • 9. Insecure Interface and APIs Cloud computing essentially works by exposing a set of APIs or software interfaces that allow consumers to remotely access data. Delivery, Management, adaptation, and monitoring services are all performed by way of these interfaces. The overall security of the cloud depends on the security of these interfaces. From credible access control to encoding and activity overview, these interfaces must be secured against accidental or purposeful efforts to circumvent policy. These interfaces are further used by cloud users to build upon and provide value- added services to their customers. This introduces an additional layer of risk and exposure to the security breach at the API level. The responsibility of grasping the depth of security at the API level lies with both, the service provider and the consumer as reliance on a poorly orchestrated API would lead to security issues related to integrity, confidentiality, accountability and availability.
  • 10. Denial of Service (DoS) Essentially, DoS is preventing the consumers of the cloud to access their own data. This attack tends to corner the victim into consuming inordinate amounts of limited system resources, memory, processor power, and network bandwidth or disk space. This leads to a network slow down, much like getting bottlenecked in rush hour traffic. This is a case of can’t go through, can’t get out. What results is excessive use of bandwidth. And the service providers charge based on the disk space consumed. Therefore, the increased processing time would lead to high costs.
  • 11. Malicious Insiders The backbone of the entire cloud technology is storing data with a third party. Where there is trust, there is also a breach of trust. This is much like data breach, except it comes from the different sources and purposes. CERN, the European Organization for Nuclear Research, defines an insider threat as: “A malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.”
  • 12. Abuse of Cloud Services Cloud computing has made a name for itself as it gives large computing capabilities to even small organizations. These capabilities can even fall into the wrong hands. With such computing power, an attacker can easily crack an encryption key in no time. He may even employ these servers to plan and orchestrate a DoS attack. This threat is a risk to the service providers. They have to identify abusers and service breach from their end.
  • 13. Insufficient Due Diligence Cloud computing has made its presence felt with a bang. All the organizations want a piece of the cloud. The promise of reduced cost, efficiency in operations and improved security has baited the organizations well. By pushing to the cloud, organizations may be minimizing their risk at the operational and departmental front but they are adopting risk associated with the cloud. These risk, if not assessed diligently can pose a threat and impact organization making it difficult for them recoup for the lack of capable resources.
  • 14. Shared Technology Vulnerabilities Cloud services are third party services. Service providers scale their resources by sharing platforms, Infrastructure, and applications. Whether it’s the hardware components that make up the infrastructure (CPU, Servers, Caches etc.) or the software ( Saas, PaaS, IaaS etc.) The risk of shared vulnerability exists in all service models. A compromise of a critical component may lead to an overall compromise of data stored on the cloud.
  • 15. Conclusion Having an equal understanding of both the promise that cloud computing offers and the risk that it brings is a crucial step for enterprises before adopting and transitioning their IT environment onto the cloud.
  • 16. Kairos partners with the leading technology providers in cloud, mobile and social space. Our team of experts has helped organizations migrate to cloud seamlessly. Write us today (info@kairostech.com) for your cloud computing requirements and security assessment. Let’s Talk!