The Top Cloud Security Issues - PowerPoint PPT Presentation

About This Presentation
Title:

The Top Cloud Security Issues

Description:

There are many threats to cloud security. The main treats arise from account hijacking, data breaches, inadequate cloud security architecture and strategy, insecure interfaces and APIs, insider threats, limited visibility with regard to cloud usage etc. – PowerPoint PPT presentation

Number of Views:1200
Slides: 21
Provided by: htshosting
Category: Other

less

Transcript and Presenter's Notes

Title: The Top Cloud Security Issues


1
The Top Cloud Security Issues
2
Table of Contents
  • Cloud Technology
  • Types of Cloud Services
  • Advantages of Cloud Technology
  • The Best Practices for Cloud Security
  • The Main Cloud Security Threats
  • Data Breaches
  • Account Hijacking
  • Lack of Cloud Security Architecture and Strategy
  • Insider Threats
  • Misconfiguration and Inadequate Change Control
  • Insecure Interfaces and APIs (Application
    Programming Interface)
  • Weak Control Plane
  • Limited Visibility regarding Cloud Usage
  • Criminal Use of Cloud Services
  • Metastructure Failures
  • Inadequate Credential, Identity, Access, and Key
    Management

3
Cloud Technology
  • Cloud technology involves on-demand IT resources
    delivery over the Internet. These resources have
    to do with data storage, servers, databases,
    networking, and software. Cloud computing enables
    one to access technology services (computing
    power, databases and storage) as per ones need
    from a cloud service provider instead of owning,
    buying and maintaining data centers and servers.
    It usually involves pay-as-you-go pricing.
  • A remote cloud computing server that is hosted in
    a data center and is managed by a third party is
    used to provide cloud services. Cloud services
    are scalable and in it the users make use of the
    Internet to access computing services. With the
    aid of cloud technology any device with an active
    Internet connection can be used to access files
    from any location.
  • One example of cloud servers usage is in cloud
    hosting, which is a type of web hosting. Web
    hosting is the service that enables websites to
    be accessible over the Internet. The most
    reliable web hosting companies are usually known
    as the Best Windows Hosting Company, the Best
    Web Hosting Company, the Top Cloud Hosting
    Company etc.

4
Types of Cloud Services
  • There are different types of cloud service
    models, which are mentioned below.
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Function as a Service (FaaS)

5
Advantages of Cloud Technology
  • The main benefits of cloud technology are as
    follows-
  • Mobility
  • Cost savings
  • Scalability
  • Security
  • Enhanced quality control
  • Flexibility regarding work practices
  • Better collaboration
  • Disaster recovery
  • Data loss prevention
  • Competitive edge
  • Sustainability
  • Automatic software updates

6
1-800-123 -8156
  • Whoa! Thats a big number, arent you
    proud?

7
The Best Practices for Cloud Security
  • The best practices that need to be followed in
    order to take care of cloud security are
    mentioned below, in no particular order.
  • Regular monitoring of cloud environment for
    security threats
  • Performing routine penetration tests
  • Adequate management of access control
  • Following cloud data deletion policies
  • Clarity about the shared responsibilities of the
    cloud vendor and that of the user
  • Data encryption in the cloud

8
The Main Cloud Security Threats
  • The main threats to the security of the cloud are
    caused by data breaches, account hijacking, a
    lack of cloud security architecture and strategy,
    insider threats, misconfiguration and inadequate
    change control, insecure interfaces and APIs
    (Application Programming Interface), weak control
    plane, limited visibility with regard to cloud
    usage, criminal use of cloud services,
    metastructure failures and inadequate credential,
    identity, access and key management.
  • Each of these will be discussed briefly in the
    following slides.

9
Data Breaches
  • Data breaches are a threat to cloud security as
    these can cause financial and reputational
    damage, loss of intellectual property (IP) and
    often legal liabilities.

10
Account Hijacking
  • As a threat to cloud security, account hijacking
    enables an attacker to gain access to privileged
    accounts. When an attacker enters a system using
    a legitimate account, he is able to cause a lot
    of damage which can include data theft, deletion
    of important data, disruption of service delivery
    along with carrying out financial fraud etc.

11
Lack of Cloud Security Architecture and
Strategy
  • A lack of cloud security architecture and
    strategy is another major threat to cloud
    security. This occurs when a user is in a hurry
    to minimize the time that is needed to migrate
    data and systems to the cloud. Hence, the user
    becomes operational in the cloud, using
    strategies and security infrastructure that are
    not adequate or havent been designed for the
    cloud.

12
Insider Threats
  • An insider threat can be caused by a business
    former or current employees, contractors etc.
    Such threats can arise from anyone who has access
    to a business systems. Any damage caused by an
    insider threat can be either intentional or
    unintentional. When unintentional, an insider
    threat results from the negligence of employees
    and/or contractors and includes storage of
    sensitive data on a personal device,
    misconfigured cloud servers etc.

13
Misconfiguration and Inadequate Change Control
  • Inefficient change control practices cause most
    of the misconfiguration errors. This threat can
    not only result in the loss of data for cloud
    users but also resources deletion or
    modification.

14
Insecure Interfaces and APIs (Application
Programming Interface)
  • Insecure interfaces and APIs (Application
    Programming Interfaces) present another threat to
    cloud security. API vulnerabilities enable
    attackers to steal user credentials. Since APIs
    and user interfaces are usually the most exposed
    parts of a system, their security needs to be a
    top priority.

15
Weak Control Plane
  • A weak control plane results from not having full
    control over the logic of the data
    infrastructure, verification and security. A
    failure to understand the security configuration
    and the architectural weaknesses can result in
    data leakage, data corruption, unavailability of
    data etc.

16
Limited Visibility regarding Cloud Usage
  • Limited visibility with regard to cloud usage can
    be caused by any unsanctioned apps use or by the
    misuse of any sanctioned app. It is yet another
    cloud security threat.

17
Criminal Use of Cloud Services
  • Legitimate cloud services are often used by
    attackers in order to carry out their malicious
    activities. A cloud service might be used by
    attackers for hosting disguised malware on
    websites, distribution of phishing emails,
    launching DDoS attacks, executing automated click
    fraud, carrying out brute-force attacks etc.

18
Metastructure Failures
  • The metastructure of a cloud service provider
    contains security information which is disclosed
    through API calls. A metastructure can give
    attackers data access as well as enables them to
    disrupt cloud customers. Such a vulnerability is
    usually caused by poor API implementation.

19
Inadequate Credential, Identity, Access and Key
Management
  • Cloud security threats can arise from inadequate
    access and key management along with inadequate
    control with regard to data, systems, server
    rooms etc. Businesses need to change their
    practices with regard to identity and access
    management in order to enhance their cloud
    security.

20
Thanks!
  • ANY QUESTIONS?
  • www.htshosting.org
Write a Comment
User Comments (0)
About PowerShow.com