Beruflich Dokumente
Kultur Dokumente
/تحت إشراف
The first step in minimizing risk in the cloud is to identify the top
security threats.
2
“The 2016 Top Threats release mirrors the shifting ramification of
poor cloud computing decisions up through the managerial
ranks,” said J.R. Santos, executive vice president of research for
the CSA.
3
organizations use multifactor authentication and encryption to
protect against data breaches.
4
facing repositories such as GitHub. Keys need to be appropriately
protected, and a well-secured public key infrastructure is
necessary, the CSA said. They also need to be rotated periodically
to make it harder for attackers to use keys they’ve obtained
without authorization.
5
as organizations may need to expose more services and
credentials, the CSA warned. Weak interfaces and APIs expose
organizations to security issues related to confidentiality, integrity,
availability, and accountability.
6
regular vulnerability scanning, prompt patch management, and
quick follow-up on reported system threats.
7
every transaction can be traced to a human owner. The key is to
protect account credentials from being stolen, the CSA says.
8
Threat No. 7: The APT parasite
The CSA aptly calls advanced persistent threats (APTs) “parasitical”
forms of attack. APTs infiltrate systems to establish a foothold,
then stealthily exfiltrate data and intellectual property over an
extended period of time.
9
budgets. Organizations should weigh these costs against the
potential economic damage inflicted by successful APT attacks.
The burden of preventing data loss is not all on the cloud service
provider. If a customer encrypts data before uploading it to the
cloud, then that customer must be careful to protect the
encryption key. Once the key is lost, so is the data.
10
personal data as data breaches requiring appropriate notification.
Know the rules to avoid getting in trouble.
11
including launching DDoS attacks, sending spam and phishing
emails, and hosting malicious content.
12
asymmetric, application-level DoS attacks, which target Web
server and database vulnerabilities.
13
At the end I mention 10 things we need to know about cloud
security.
14
3. It's more than public vs private
One of the raging debates when it comes to cloud security is the
level of security offered by private and public clouds. While a
private cloud strategy may initially offer more control over your
data and easier compliance to HIPAA standards and PCI, it is not
inherently more or less secure. True security has more to do with
your overall cloud strategy and how you are using the technology.
15
Alliance listed storage as the most risky cloud application
according to their organization's definition of risk. The second
most risky set of applications were those dealing with finance or
accounting.
16
8. Many organizations don't have security
policies
According to the Cloud Usage: Risks and Opportunities Report,
25.5% of respondents don't have security policies or procedures in
place to deal with data security in the cloud. Also, 68.1% said they
do have security policies in place, and the remaining 6.4% didn't
know whether they do or do not have the proper policies in place.
17
encrypting data at rest. The numbers continued to drop in regards to other
preventative measures until the bottom of the list where only 15% said they
were using obfuscation or tokenization of sensitive data.
18