June 2013: Do you know what the greatest threat is to your company when you use cloud-based services? How about the nine greatest?
The brainiacs at the Cloud Security Alliance, a nonprofit that researches and promotes best practices for cloud-based services, recently released its report, “The Notorious Nine: Cloud Computing Top Threats in 2013.” While the Notorious Nine risks are largely the same as in the 2010 report, they rank in a totally different order.
What’s gotten scarier and what’s more under control now?
Here’s each risk and how it can affect your company, plus a quick analysis from our top tech frogs on what’s changed in the cloud during these past three years:
- Data Breaches: Your data is infiltrated because there’s profit to be made from stealing it.
- Data Loss: Your data is no longer there. Or anywhere. This happens by mistake (human error), on purpose (sabotage) or by an act of nature (such as a hurricane).
- Account or Service Traffic Hijacking: Your credentials, or the credentials of someone on your team, are stolen and used.
- Insecure Interfaces and APIs: Your cloud depends in part on third-party technology, which has weak security models and therefore allows infiltration.
- Denial of Service: Your customers can’t access your services because an attacker has overwhelmed your system’s resources.
- Malicious insiders: Your team member turns on you.
- Abuse of Cloud Services: Your provider is affected by another tenant who is using the cloud you share for undesirable purposes.
- Insufficient Due Diligence: Your company doesn’t fully understand the cloud service offerings so you have insufficient qualifications or resources to use it correctly.
- Sharing Technology Vulnerabilities: Your cloud provider’s infrastructure doesn’t properly handle the isolation requirements of shared technologies.
The top three Notorious Nine threats this year — data breaches, data loss and hijacking — are way up when compared to 2010, when they were numbers 5 (tied) and 6. That’s because hacking is big business now, with big investments and even bigger returns. In addition, businesses are focusing on being more efficient and budget-conscious, which often means letting down their guard about IT security. In fact, data is less secure now than it was six or seven years ago.
At the same time, since 2010 there’s been an explosion of consumerization, or consumers driving technology decisions. People want to use their own smartphones and tablets for work (BYOD is here to stay!) which means IT departments are no longer in control. Which means the data isn’t controlled either — it’s literally everywhere! Data breaches, loss and hijacking are all easier when the IT pond that needs to be protected is literally global.
On the other hand, cloud services are safer in some ways — abuse of cloud services, shared technology vulnerabilities, malicious insiders and insecure interfaces all rank as lesser threats today. The services are more mature, providers are more sophisticated, and clouds in general are more stable. And hiccups that take down the whole system are less frequent, leaving companies connected and hopping productively along.
That being said, it’s critical to choose a cloud provider that really knows what it’s doing so your company doesn’t leap backward instead of forward!
You can read the entire Cloud Security Alliance report here. It includes details about each threat, including the implications, a risk matrix, where to find more information, and survey results. For more from the Cloud Security Alliance, check out its SaaS research and Security Guidance for Critical Areas of Focus in Cloud Computing.
