December 7, 2020

871 words 5 mins read

10 Biggest Threats of Cloud Computing

10 Biggest Threats of Cloud Computing

In recent years, cloud computing has brought about a paradigm shift in the technology realm. Instead of storing and accessing data and programs using a computer’s hard drive, it can be carried out over the Internet, which is also known as the “cloud”. Users can use their data, programs, and services from the cloud anywhere, anytime. However, what seems like the perfect solution for remote working has several threats associated with it too.

  1. Data Breach
    A data breach occurs when sensitive or confidential information is released, viewed, stolen or used by entities who have access to the cloud network. It is usually the main objective of a planned cyber attack, but it could also be due to human error, application vulnerabilities or weak security implementations. Aside from losing data, businesses could also lose the trust of its customers, have its own intellectual property stolen or even face hefty penalties in accordance with data protection regulations.
  2. Misconfiguration of Cloud Resources
    Misconfiguration occurs when cloud users set up their cloud resources incorrectly, such as having default credentials and configuration settings left unchanged. This often leaves the cloud user’s network to risk being exposed to a myriad of malicious activities, such as data breaches. It could also cause unintentional technical errors to happen, such as service interruptions between cloud resources that require communication with each other for running processes smoothly.
  3. Responsibility Ambiguity
    Cloud users belonging to organizations typically have a role assigned to each of them based on their responsibilities for each project. A role contains a set of permissions that can be performed on specific cloud resources. If not clearly defined, user roles and responsibilities that are related to critical cloud operations, such as access control, may cause business or legal conflicts.
  4. Limited Cloud Usage Visibility
    Limited cloud usage visibility occurs when an organization is unable to identify whether the cloud service used in its cloud network is safe or malicious. This can be broken down into two categories, namely invalid application use and valid application misuse. In most cases, it comes down to identifying valid and invalid users by determining if their actions are out of the norm or adhere to the organization’s corporate policies.
  5. Account Hijacking
    Account hijacking happens when attackers gain unauthorized access to and abuse cloud user and service accounts for carrying out malicious activities. With stolen credentials, the attackers can view and manipulate sensitive and confidential information, exploit the vulnerabilities of applications and services in the cloud network, or even pose as the account user and launch cyberattacks on other targets. These can potentially cause significant disruption of the cloud network, such as data and asset loss and compromised operations.
  6. Insider Threats
    Even with tight security measures in place to protect the organization’s cloud network from outside threats, insider threats still exist. Insiders refer to those who have authorised access to the organization’s cloud network and sensitive data, such as current or former employees, or trusted business partners. Intentional or not, their actions could result in the loss of proprietary information and intellectual property, system downtime due to cyberattacks or even customers losing confidence in the organization’s services.
  7. Loss of Control
    Cloud providers and customers utilise a shared responsibility model, whereby the former handles the hardware and software, and the latter handles the security of data and assets in the cloud. Transferring a part of the organization’s own IT system to be managed in the cloud implies that the cloud service providers have been given partial control over it. Although the providers are typically unable to view customers’ sensitive and private data, some customers may feel uneasy and question the integrity and trustworthiness of the providers.
  8. Abuse of Cloud Services
    To appeal to its customers better, cloud providers usually offer a myriad of attractive services such as an unlimited storage capacity. Some of them even offer free limited trial periods to use its offering of services. This gives an opportunity for cybercriminals to leverage on the free services for accessing the cloud immorally. With valid cloud access, they could then use these services as a launchpad for cyberattacks, or as a base for conducting other malicious activities that target users, organizations or other cloud providers.
  9. Availability of Services
    Each cloud provider offers its own unique range of services that cater to the various needs of its customers. Some of these services may be managed by the cloud provider itself, while some others are managed by external service providers which created these services. Services may become unavailable due to updates conducted by its respective providers, cease of operation or even cyberattacks. When these happen, regular work processes and delivery of important workloads could get delayed, or the entire cloud system could get clogged up.
  10. Lack of Asset Management
    One of the serious concerns customers have when engaging the services of cloud providers is asset management. Asset consists of not only customer data, but also other IT components such as hardware and software. With assets running in the cloud, it is imperative that cloud providers have the necessary and reliable asset management services available for customers to use, such as data backup and recovery software. Lack of asset management could potentially make the customer’s assets vulnerable to other malicious threats.
comments powered by Disqus