Estimated reading time: 2 minutes, 41 seconds

The IT world continues to migrate more of its workflow to cloud providers and there is no indication that this pattern will slow down anytime soon. A cloud presence presents a new avenue through which a corporation’s data resources can be attacked by cybercriminals. While some of the risks are essentially the same as with an on-premises data center, there are additional factors that need to be considered when cloud instances are in play.

Addressing the heightened risks associated with the cloud requires that they are understood and identified as potentially affecting an organization’s computing environment. Here are some things to watch out for if your enterprise is making use of public cloud services.

Container Vulnerability

Containers are lightweight virtual machines that enable faster deployment due to their speed and simplicity. The ease at which containers can be deployed may result in security gaps that are quickly replicated leading to more systems that are vulnerable to attack. Many companies are using containers extensively and they are becoming the foundation of many cloud offerings. A vulnerability in a container that is reused throughout an organization gives hackers a much broader target and requires remediation efforts to be enacted across multiple systems.

Cryptojacking

Cryptojacking is a specific form of malware that compromises system resources and uses them to verify the transactions used to mine for cryptocurrency. It is an alternative method to ransomware with which hackers do not need to elicit a response from their victims. Rather than demand a ransom, they simply infect systems and use them to perform crypto mining in the background. The cost to the affected businesses is reduced computing capacity for which they are being charged by cloud providers. Cryptojacking malware has been observed that can uninstall cloud security programs and escape detection. 

Data Breaches

Data breaches afflicting cloud services can destroy the financial health of a business and cause irreparable harm to its reputation. The enormous data breach that affected Capital One in 2019 was the result of a known vulnerability revolving around a misconfigured system communicating with Amazon Web Services (AWS). Customers using AWS in the same way as Capital One are responsible for their system configuration. It is critically important that organizations using cloud services are aware of how security is being implemented to avoid this type of disaster.

Lack of Cloud Understanding and Inadequate Security Training

A thorough understanding of the underlying technology is essential for employees in organizations that make use of the cloud. Without being informed regarding the capabilities and potential vulnerabilities of cloud services, it is impossible for individuals to know if their behavior may be contributing to compromised enterprise security. Security awareness goes hand-in-hand with a knowledge of the systems that it is intended to address. It is up to upper-management to devise viable training programs that cover the way the cloud impacts security efforts. All employees need to refrain from acting in inappropriate ways that can threaten the organization.

The benefits offered by engaging cloud services are real and will continue to entice more companies to migrate some or all of their systems to avail themselves of the advantages. They need to be aware of the risks that may accompany their journey. 

Last modified on Monday, 24 February 2020
Read 94 times
Rate this item
(0 votes)
Tagged under
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline