ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Cloud Computing Security

Updated on September 3, 2020
Source

Introduction

You can classify security threats into two main categories. These are:

Infrastructure and host-related threats that could end up affecting the entire cloud operation and infrastructure. There are also service provider related security threats, that can affect any customers who are actively using or searching for a service in the cloud. There are also generic threats that can affect each of the previous classifications.

Infrastructure and host threats

There are a number of threats under this classification, they can include natural disasters, that can affect the critical infrastructure. There are tools available to help manage this risk, CRAMM, and Octave. Both are deployed to help soften the impact that any natural disasters may have.

Unauthorized physical access to facilities or equipment is also an important threat to be aware of. This can be unauthorized users that may try to access the facilities of the cloud system. Again, you can manage the risks of this with a good access policy, and monitoring software.

Something that can get overlooked is the negligence of employees. This can happen because of bad training and poor management reporting skills. It’s important in this very technical field, that you ensure your staff are trained up to the highest standard to deal with difficult challenges.

Known as dumpster diving, this is when people are able to access important and sensitive information from the trash, or from what you recycle. Many information leaks have happened with equipment being discarded or sometimes even lost.

Social engineering is another form of risk to the cloud system. This can help with unauthorized users gaining access to systems, via successful insider access requests. Passwords can easily be guessed from retaining some information about the internal employee, who may be a bit lax in their password writing skills, or in opening an infected email attachment.

Another aspect of security that you probably deal with, but might have missed for the potential of being compromised is security logs. Especially if you are part of an administration team that may have multiple users system-level access, this can be a real issue. As if the security logs aren’t correct, then you can’t trust any part of the system.

Privilege Escalation is also a real concern. People can access another VM if they escalate the rights of their existing users, again, through either social engineering or malicious software control.

Ineffective data deletion is something not considered by system & IT administrators. Most operating systems do not wipe data completely from unused or deleted VM accounts, instead they merely reference the data to be available to be overwritten. This can also happen with hardware and data migrations, where a cloud provider is upgrading equipment.

Malicious scanning. This can be where someone is using some sort of scraping or network probing tools, and costing you dearly in system resources. It’s easy for a hacker to obtain images behind a firewall, for example, using some simple URL parameters on a host address.

Obsolete or insecure cryptography is another vulnerability that you have to be careful to watch out for. Many cloud providers don’t implement any sort of encryption protocols on their cloud system, so unless you are sure that a vendor does, your data might be at an even bigger risk than usual.

Economic denial of service (EDoS) is a relatively new term, yet it is just as dangerous as any other risk. It can include identity theft, where a malicious user has free access to another user’s service, and for example, sends millions of spam emails via the email portal. The cloud provider might also come under pressure with being able to operate freely and evenly among its customers if one particular user takes up all the system resources. Distributed denial of service (DDoS) attacks are often popular to nowadays, with many notorious hacker groups seeing this as a right of passage. This is when the host has so many requests for information, that it can’t cope, and stops processing requests.

Service Provider Threats

The replay attack is when an attacker intercepts the saves the message that has been transmitted. After they spoof, (create fake, but real-looking) these messages, the attacker will resend them to the service. This can be overcome using a couple of countermeasures, most notably, the timestamp, which indicates when a message was sent.

Data interception is another threat that because of the scalable nature of cloud systems, makes this problem also just as scaleable. The techniques to data interception are The man in the middle, where the attacker can impersonate the victim by changing their user association, or public key. This means any message can be forwarded to look like a genuine message. There is also eves dropping, which can include keystroke monitoring, shoulder surfing, or data scavenging. This information found can be used to aid in an attack later.

Browser security is a common threat in cloud systems, because of the nature of accessing them using a browser. Since it is different tech companies that develop browsers, the cloud provider has no control over any vulnerabilities found in its browsers. You are at the mercy of the update or fix from the browser company.

As well as cloud systems being attacked, web services can be attacked via XML signature element wrapping. This attack on the protocols that use XML signatures is a great threat to cloud services. Amazon’s EC2 services succumbed to this type of attack.

Injection Vulrnabilites are a big risk, especially since almost every cloud company relies on some sort of SQL database. These can also take the form of script attacks to though. They are among the most popular type of attack since there are so many YouTubes explaining how exactly to do it.

Customers’ negligence is a risk factor that you have to account for in some way, yet you are almost powerless to control it. This is when an unauthorized user has access to a client’s cloud system, and they cause damage. It’s difficult to trace these back, if they only copy material out, but staying alert, having easy to understand security policies in place is among the best way to minimize this risk.

© 2020 Kit

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)