New report shows the pitfalls of cloud computing: Cloud computing has already become the standard in many areas in recent years. But as practical as using the cloud is, security should not be neglected.
The use of cloud computing has accelerated significantly over the past two years and is likely to become the dominant model for hosting data and programs in the foreseeable future. It is already indispensable in many areas, for example when working together on documents and databases across different locations and departments. Experts anticipate that the point will soon be reached where the use of cloud computing for application software, infrastructure software, business process services, and system infrastructure will overtake traditional on-premises technology.
Benefits of using the cloud
In view of the many advantages of cloud use compared to classic on-site solutions, this is not surprising. The Software-as-a-Service (SaaS) area is particularly interesting for companies, because on the one hand additional capacities can be booked at any time without having to worry about the infrastructure such as servers. On the other hand, the complex maintenance and management with security updates and updates is the responsibility of the SaaS provider. Cloud computing thus also offers improved security, especially for companies without their own IT department - at least as far as the operation of the software is concerned.
700 industry experts criticize cloud cyber security
But this added security comes at a price, and it also brings other issues for organizations to consider. According to a survey of 700 industry professionals on security issues in the cloud industry, inadequate identity, permissions, access and key management for privileged accounts has been cited as one of the top cloud cybersecurity concerns. The survey was conducted by the Cloud Security Alliance, a non-profit organization dedicated to promoting cloud computing best practices. Since more and more employees are no longer logging into their applications from the office, but increasingly from external devices, managing access permissions to both programs and files is one of the most important and sensitive tasks of cyber security.
Weak access permissions are dangerous
In particular, the ability to easily access cloud tools with a username and password is a real benefit for many workers and employers, but also offers cybercriminals new avenues of attack. If hackers crack the username and password, they have the same access as the user - and with a real account, which means suspicious activity might not be detected as quickly. In addition, there is often an overly generous handling of access rights: users are given access to files and programs that they do not need at all for their job. This means that attackers can spread even more easily in the system. Malicious insiders can also obtain data in this way, which they can then sell to competitors or via the dark web.
Files stored unprotected in the cloud
But the report uncovers another problem associated with cloud computing. All too often, attackers don't even have to bother hacking user accounts to get at sensitive data. The reason? Files stored unprotected in the cloud, freely accessible to anyone who knows where to look. Other security gaps also arise from insecure interfaces and APIs, incorrect configurations and a lack of controls when changing settings or insecure software. A lack of security architecture and strategy are also among the errors that are frequently encountered. The reasons for this are usually a lack of knowledge and too much haste when setting up the cloud.
Zero trust model as access management
So what should companies pay attention to if they want to use the possibilities of the cloud without taking any security risks? To improve identity and access management, the report recommends a zero-trust model that requires re-validation at every step the user takes through the cloud environment. This prevents attackers from gaining access to a large amount of data with just one set of credentials. In addition, weak passwords should be avoided and multi-factor authentication used wherever possible.
More at 8com.de
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.