Cloud security has improved over the years with cloud providers working hard to minimize risk and a variety of third party vendors launching comprehensive cloud security tools, such as Alert Logic’s Cloud Defender and Trend Micro’s Deep Security. So, is the cloud now just as secure as running your own infrastructure in a data center? Here are some significant differences between cloud security and data center security.
1. Ease of Access
According to angel investor and startup consultant David Schwartz, “It is a reality that cloud computing services can easily be exploited by malicious attackers since its registration process is pretty simple. You are only required to have valid credit card to get started on this platform. In some cases, you can even pay for the cloud computing charges by through PayPal, Payza, Bitcoin, Western Union or Litecoin [thereby remaining anonymous].”
2. A Target for Hackers
Data in the cloud is more attractive to hackers simply because there is such a mass quantity of sensitive data available in one virtual pool. Cloud providers are also more attractive targets for DDoS attacks and other harmful activities due to the impact they can have. David Schwartz states, “The cloud platform can be used maliciously for various ill purposes like malware distribution, botnet C&C servers, spamming, DDoS, hash cracking and password cracking.”
3. Human Carelessness
The majority of major data leaks in the cloud this year (Republican National Committee, Verizon, Schoolzilla) were due to human carelessness. In all the above cases, sensitive data was unwittingly stored on a publicly accessible location on Amazon’s web servers. This type of carelessness is much less likely to occur if data is stored or backed up on a server within a company’s own data center deployment. Additionally, if a company’s entire infrastructure and business apps exist in the cloud, they must manage an enormous volume of permissions, passwords and certificates to ensure that only certain employees have access to certain platforms. Many employees don’t use best practices when it comes to password management, and this vulnerability is more likely to be exploited in the cloud. Security credentials have also been stolen and sold on the dark web. This carelessness can result in account hijacking, fraud and the manipulation of data.
4. Hacked APIs
According to the Cloud Security Alliance (CSA), the security and availability of cloud services depend on the security of basic APIs. Additionally “organizations and third parties may build on these interfaces to offer value-added services. This introduces the complexity of the new layered API and increases risk, because organizations may be required to relinquish their credentials to third parties…” These interfaces tend to be the most exposed part of a system because they’re usually accessible from the open Internet. “These assets will be the target of heavy attack,” states the CSA in their report, The Treacherous 12 – Cloud Computing Top Threats in 2016.
5. Shared Resources
Sharing storage, databases and other resources in the cloud (multitenancy), leaves companies vulnerable to carelessness on the part of other tenants. For example, hackers could exploit the vulnerabilities of one company to gain access to the resources of other companies on the same hypervisor. This joint study conducted by researchers from the University of Ohio and the University of Wisconsin found that multitenancy in public clouds enables co-residency attacks, with little cost to the attacker.
6. Insider Threats
Due to the number of insiders, it can be argued that companies in the cloud are more vulnerable to insider threats. Not only do they have to worry about rogue employees abusing cloud credentials, but they must also be aware of the possibility of malicious activity conducted by the cloud provider’s employees. Malicious insiders on the cloud provider’s side can destroy entire infrastructures and manipulate data when company systems rely solely on cloud services for security.
The bottom line is that, based on pure calculations of probability, security events are more likely to happen in the cloud. There are more users, more insiders and more targets accessing the same pool of infrastructure. Stay tuned for our next cloud security blog post where we will take a deeper dive into how intruders can target companies on the same hypervisor and break the logical confines of the virtual machine.