Estimated reading time: 2 minutes, 59 seconds

Security in the Cloud is Still Evolving Featured

Security in the Cloud is Still Evolving closeup photo of turned-on blue and white laptop computer

In the age of cloud computing, bad actors can access many targets than ever. They can also access many tools that they can use in their activities more than ever before. As such, security in this age is a priority. Cloud Security Report 2020 indicates that the security challenges encountered in the cloud include misconfiguration, unauthorized access, insecure interfaces and account hijacking. The attacks on cloud platforms vary based on different aspects from mundane to new sophisticated attacks that are conducted using powerful tools.

Here are some cloud computing challenges we can expect to see in 2021:

  • Expect more Kubernetes compromises

Kubernetes compromise became a leading area of concern in cloud computing in the past year.  An example is TeamTNT, responsible for the theft of AWS credentials. The same outfit is responsible for the development of methods that take advantage of misconfigurations of Kubernetes. Hackers are taking advantage of the evolving Kubernetes to look for holes and misconfigurations that are yet to be discovered by the security professionals to cause problems. As Kubernetes matures, expect hackers to continue taking advantage of misconfigurations. Expect more Kubernetes compromises in 2021 and beyond. 

  • Scarcity of IT expertise

A survey by Cloud Security Alliance on the adoption practices indicates that about 34 percent of companies avoid the cloud because their employees lack knowledge and expertise to manage cloud computing initiatives. As many organizations migrate to the cloud, lack of IT expertise to operate the cloud will continue being one of the greatest challenges. Despite the increasing number of graduates and professionals in this area, their number will not address a large number of organizations that continue embracing cloud computing.

  • Insider threats

Trusting employees has always been advocated by HR professionals. However, some employees take this trust for weakness, while most businesses take trust too far. Every organization must always vet its employees to ascertain where their loyalty lies and identify behaviors that may be detrimental operations. Despite the vetting of IT employees, insider threats will continue being the primary concern of organizations in the future. According to Intel, insider threats are responsible for 43% of all compromises. Although some are accidental, almost half are intentional. Organizations should rethink access management and vet those who must be allowed into their systems. The rising number of insider threats means that only those that need the systems to complete their responsibilities will be granted access.

  • DoS attacks

Although cloud security has come a long way in terms of its benefits, it is not without concerns on security threats. Denial-of-service attacks can make systems stop working unexpectedly, which is a significant security threat. While some DDoS attacks are less sophisticated, others can have far-reaching consequences to service provision by cloud computing companies. As hackers and hacking tools continue becoming more sophisticated, DoS attacks targeting cloud service providers will face a challenge in addressing the problem. Cloud providers will become a bigger target for malicious attacks of this kind as more businesses and operations move to the cloud. According to Verisign, IT services hosted in the cloud were the most targeted areas by attackers in the past year. This is expected to continue into 2021.

Although cloud providers should expect more cloud security-related challenges from now on, these issues are not insurmountable. With the right cloud security strategies in place, forethought and technology, companies can get the best from moving their operations to the cloud. As such, security solutions must be integrated into the cloud security strategy. Assets should be protected 24/7 from possible attacks from bad actors with end-to-end security, including deploying DDoS mitigation measures at both the network and application levels.

Read 168 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here

scottkoegler.me/

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.