Virtually all businesses are talking about “The Cloud”. The Cloud is a conceptual term referring to computing that is being done on servers outside of your physical environment. There are (3) types of cloud: public, private or hybrid. Cloud service models are IaaS (infrastructure as a service), PaaS (platform as a service), and SaaS (software as a service). While these terms can seem like complicated jargon, they are conceptually simple and define: How are those server resources provided to the company, are the resources “shared” with any other parties and what do they accomplish for business?
Although the cloud can offer enormous benefits to clients, and the promise of never owning server hardware again, security is a primary concern in Cloud computing. Data management in the cloud is provided by a Third Party, and how data is transferred, where it is stored and how to move data into and out of the Cloud is a key security consideration. When considering a cloud migration, Upward Technology thoroughly analyzes how client data is transferred, where it is stored and how to move data into and out of a Cloud in a way that promotes the necessary flexibility and convenience while protecting the potential risks.
The most significant vulnerabilities within Cloud Computing (ranked in order of severity) reflect the most current concerns for all Small and Midsize Businesses thinking about a migration. In this blog, we cover the Top 5 most important Cloud Computing Vulnerabilites that Small and Midsize businesses may encounter, and should be knowledgeable about.
Cloud Malware Injection Attacks are one of the most critical attacks on Cloud computing environments, as they can be introduced by any unsuspecting user and can be extremely malicious and complicated to detect. Attackers use this method to inject malicious code or applications onto an end-user’s system, which is running on any SaaS, PaaS or IaaS architecture. When this specific instance starts running on a Cloud server, the standard automated defenses on the cloud verify if the instance is authorized to run this service or not, i.e. Does the user have permissions to install this type of application or tool? In general, Cloud servers are not equipped to check the integrity or validity of individual instances before running. Once successfully accessed, the attacker gets the opportunity to eavesdrop on other services and data on that server and begin influencing or affecting them. Therefore, this type of malware injection can create serious security implications such as server deadlock, Denial of Service (DoS) or loss of data within any Cloud computing architecture. If a multi–tenant Cloud service database is not correctly designed, a flaw in one client’s application could allow attacker access not only to that client’s data but every other client’s data as well.
Regardless of the architecture of a Cloud environment, all Cloud service providers will use types of authentication system to give access to the service, which may include “something a person knows,” “something a person has” and “something a person is.” Currently, most SaaS, PaaS and IaaS environments use a authentication method where a person will know “something” such as username and password. Vulnerabilities in the authentication process are one of the common targets for attackers, especially on environments which do not have an effective encryption system. There are a limited number of service providers who offer Cloud service access based on a “two factors authentication method” with encryption technology enabled.
Most cloud application and platform providers utilize software interfaces or Application Platform Interfaces (APIs) that customers can use to manage and interact with Cloud services, these are the integration tools that allow for platforms to talk to one another and allow for the custom integration that many companies need. Management, integration and monitoring are all performed using these API interfaces. Because these API’s become an open doorway to an application or cloud platform, it is critical that they are secured. In many cases, like the infamous Target breach from 2013 that affected as many as 100 million records, the API between a subcontractor to Target and the Target mothership became the weak leak that allowed the malicious breach. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy or access to a system.
Furthermore, organizations and third parties often customize API’s in unique and proprietary ways to offer value-added services to their customers. For instance, a company may build a custom client portal that interfaces with their primary operational and accounting software. This can be a tremendous value add that saves a company significant money by providing self-service access to a client that reduces phone calls and human interaction. However, using API interfaces in ways like this introduces the complexity of a new potential access point to a companies crown jewels; , as organizations may be required to relinquish their credentials to third-parties to enable their access and agency to the systems, it can seriously increase risk. Any company utilizing API’s should treat those as a critical security consideration when analyzing their threat landscape.
Denial of Service
Denial of Service (DoS) / Distributed Denial of Service (DDoS) / Flooding Attack is one of the most significant security risks for Cloud computing or internet-based service, where the availability of the data or service can go down because of the high volume of traffic to the server. Typically, attackers send a large quantity of data packets to the service in a very short period, which can be simple TCP/ UDP or any other type of data. The target of any of these attacks is to negatively affect the availability of the service for legitimate users by overloading the server’s capacity and bandwidth. “Buffer overflow attack” works on similar principle like DoS attack, where a large amount of data, which exits the buffer size of a system, will be given to the service provider’s environment to process. This attack may cause a Denial of Service (DoS).
Furthermore, Distributed Denial of Service (DDoS) attack is more dangerous for Cloud computing, because of its unique nature of the source of the attack. DDoS use hundreds of different computers, which are known as “bots” to attack the server. The kind of this type of attack makes it complicated to protect the server against a DDoS attack while the attacker uses different types of data packets. DDoS bandwidth attack can take place by using TCP SYN flood, ICMP or UDP flood; which will overload the allocated bandwidth of service provider so that legitimate customers will not be able to access their services. Smurf attack, Ping of Death Attack, TearDrop or Land attack are some common ways to attacking Cloud computing environment, all of these will cause a denial of service to the genuine user if successful. DoS or DDoS attack can take place against any SaaS, PaaS, IaaS, private Cloud or public Cloud environment. While this is not as easy to influence by a customer, it is an important consideration. A DoS or DDoS attack can leave a service down for an extended period of time, negatively affecting operations.
In our next blog, we will address the Malicious Insiders, Abuse of Cloud Services, Insufficient Due Diligence, Shared Technology Issues implications associated with using Cloud, controls to mitigate them, and ways in which Upward Technology can help.