Cloud and Cybersecurity
The use of the cloud brings great benefits both in terms of applications and economics in the medium and long term. However, if not properly managed, it can also be a target for cyber-attacks.
In this blog we will know in depth the characteristics of a cloud service, as well as the considerations that we must take into account when migrating our information to a cloud service to minimize risks.
What is the cloud?
The cloud, also known as cloud computing, cloud services or cloud computing; are technologies or a global network of servers with specific functions, connected to function as a single ecosystem.
These technologies are implemented to store and manage data, run programs or applications and provide services. Cloud services facilitate access to information from any connected device.
Characteristics of the cloud
● Scalability and elasticity. Cloud resources are not limited; thanks to its capacity, its technologies will adapt to the load they are being subjected to, so you will not run out of storage or computing capacity for your application.
● Independence. One of the main features of cloud computing is being able to access from any device or management consoles.
● Security. Cloud users are responsible for ensuring application-level security. Cloud service providers are responsible for physical security.
● Costs are reduced. Infrastructure is provided by a third party and does not have to be purchased for one-time or IT tasks.
● Performance. All resources are available to optimize the bottom line. Integrations are generated so that the user has greater efficiency and performance to track and make corrections to further increase resource capacity.
● Maintenance. Maintenance decreases, it is not necessary to have an entire department for the sustenance of the cloud. A responsible person can be assigned to follow up. The cloud performs the maintenance of the systems automatically, which contributes to time optimization.
Types of cloud
● Private cloud. Consisting of a single organization with its own cloud of servers and software for use without a public access point.
● Public cloud. Several companies can use it simultaneously, sharing resources and offering services. The cloud provider is responsible for security maintenance.
● Hybrid cloud. Composed of two or more infrastructures, between public and private clouds, which remain as single entities, united by one technology.
● Community cloud. Shares resources between companies or organizations that pool their resources in the cloud to solve a common problem.
Cybersecurity threats in the cloud
Threats in the cloud depend on the type of service contracted and how it is contracted and deployed. Here are some threats to take into account:
This can be the result of a targeted attack, human error, application vulnerabilities or poor security practices. The data stolen is usually health information, financial information, personally identifiable information, trade secrets and intellectual property.
Poor Identity and Access Management
Poor management of identity, passwords or credentials can result in cybercriminals gaining access, modifying and deleting data, stealing information or spying, as well as injecting applications or malicious code that appears to come from a legitimate user.
One of the fundamental aspects of cloud services security is the programming interfaces for creating applications, since they must be designed with security policies that guarantee the protection of information.
System vulnerabilities can be exploited by cyber attackers to infiltrate, steal data, gain control or disrupt the service.
Attacks from the inside
A malicious administrator, may have access to sensitive information and may have increasing levels of access to more critical systems and data.
Advanced Persistent Threats (APT)
Advanced Persistent Threats are a type of attack that infiltrates systems to compromise a system harboring valuable information. APTs pursue their targets stealthily over long periods of time, often adapting to security measures designed to defend against them. The problem in cloud services lies in the fact that, once installed, attacks can move laterally across data center networks and blend in with normal network traffic to achieve their goals.
Denial of Service (DoS) attacks
A DDoS (Distributed Denial of Service) attack is an attempt to exhaust the resources available to a network, application or service so that its legitimate users cannot access it. By forcing a cloud service to consume excessive amounts of resources, cybercriminals can slow down legitimate users’ systems or even leave them without access.
It is necessary to perform a risk assessment of the cloud that may affect the service to be hired, so that, in this way, the security measures to be implemented can be established. These are some of the risks of the cloud:
Access by privileged users.
An employee with administrator privileges accesses when he/she should not or acts with bad intentions, modifying data or configurations. The human factor also involves risks, since it is possible that by mistake privileges are given to collaborators who should not have them and these, through ignorance, cause damage.
Non-compliance with regulations
Regulatory non-compliance occurs when the supplier does not comply, or does not allow us to comply, with our legal obligations. We may face legal sanctions for this type of infringement.
Lack of knowledge of data location
Purchasing services with a data hosting provider in a data center whose location is unknown, implies a risk of not knowing the legislation of other countries.
Lack of data isolation
When contracting cloud services, companies share the cloud infrastructure with other companies, it is necessary that the provider manages that the data of the different companies are not mixed and that each one only has access to its own.
Unavailability of the service in the event of a disaster or incident
It is important to be aware that if the provider suffers a serious incident or disaster and does not have a continuity plan, it will not be able to continue providing service.
Lack of investigative support
In the event of an incident, it is necessary to review access to the data to find out what has happened. The provider is required to guarantee access to activity logs.
There is a risk that the terms of the contract may be modified due to a change in the supplier’s structure, senior management, bankruptcy or the supplier’s decision to outsource part of its services. It is therefore advisable to secure access to and recovery of data.