Email Security

    What are the Security Risks of Cloud Computing?

    Migrating to the cloud can expose you to some security risks and issues. Read about the security risks of cloud computing, how to manage these threats, and more.

    by Gayle Kesten
    888846278.jpg

    Key Points

    • Cloud computing is leveling the playing field for organizations of all sizes, but it also introduces security risks.
    • Businesses’ increasing reliance on the cloud has made it a lucrative target for data-hungry cybercriminals.
    • Companies can protect themselves if they adhere to relevant security measures.

    With big names like Amazon, Google and Microsoft competing for market share, and spurred on by an increase in remote working and expanded online services brought on by the pandemic, cloud computing has become one of the most important computing platforms underpinning businesses large and small. With half of all corporate data now stored in the cloud,[1] it’s easy to see how this hyper-connected form of resource sharing and software delivery is also an attractive target to cybercriminals. That’s why organizations need to fully understand what’s at stake and measures they can take to mitigate their risks.

    Introduction to Cloud Computing Security

    Global research and advisory firm Gartner defines cloud computing as “a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using internet technologies.”[2] So instead of having to invest millions of dollars and weeks or months building out their own data centers, applications and services, companies now have at their disposal instant access to storage, additional bandwidth and computing power, and a variety of computing services and specialized business applications by simply subscribing to a cloud computing provider, such as Amazon Web Services (AWS) or Microsoft Azure.

    Worldwide, end-user spending on public cloud services is expected to reach $332.3 billion in 2021 and $397.5 billion in 2022 — a 20% increase, according to Gartner.[3] Among cloud computing’s many business benefits: reduced IT costs, the ability to grow and roll out new capabilities quickly, the ability to ramp up performance with surges in demand and improved departmental collaboration.

    Cloud services are typically divided into three types of service models:

    • Software-as-a-service (SaaS) provides end users with access to applications.
    • Platform-as-a-service (PaaS) provides developers with the software and operating systems they need to build applications for the cloud.
    • Infrastructure-as-a-service (IaaS) provides companies with cloud-based infrastructure, such as servers.

    While all models typically charge using a subscription model, pricing varies according to everything from the amount of bandwidth used, number of users (employees accessing services, for example), applications used, storage requirements, uptime requirements, and more.

    Cloud Computing Issues

    Some of the top issues with cloud computing are compliance, data privacy, lack of expertise, reliability, cost management, data loss, security, compliance, and integration.

    Top 5 Cloud Computing Security Risks

    Few, if any, technologies come without some level of security risk. Cloud computing is no exception — and for good reason: Seventy percent of IT managers said their companies had experienced a public cloud security incident in the past year, such as malware, ransomware or stolen account credentials, according to Sophos’s “The State of Cloud Security 2020” report.[4] Some of the biggest security risks include:

    Data breaches and leaks

    Cloud computing providers typically store and handle a company’s sensitive information, such as intellectual property and client information. That data, however, could be leaked, lost or held for ransom if the provider doesn’t have the proper security controls in place and is hacked or its systems fail. Data loss and leakage, in fact, was the top concern among report respondents.

    Vulnerable web apps

    Vulnerabilities in web applications, which connect organizations and their customers to cloud services, can be exploited by data-hungry cybercriminals. Flaws related to encryption configurations, authentication management and business logic are among Web apps’ potential problems.[5]

    DDoS attacks

    Distributed denial-of-service (DDoS) attacks, which overwhelm a company’s servers with fake requests for information, are particularly dangerous in cloud computing settings. A persistent DDoS attack can lead to lengthy service outages that result in business downtime and loss of revenue.

    Compliance problems

    Businesses in certain industries must keep a tight rein on the information they collect due to data privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and Europe’s General Data Protection Regulation (GDPR). Should a cloud service experience a breach resulting in data exposure or loss, businesses may find themselves out of compliance and face fines.

    Customer distrust

    When something goes wrong, it won’t matter much to end customers whether their data resides on-premises or in the cloud. Those customers will hold you responsible. Customer goodwill could be lost and, consequently, their business.

    How Do Hackers Exploit Cloud Security Issues?

    Account hijacking is one of the most common cyber attacks. Hackers gain access to the cloud through a legitimate user account by stealing credentials or using password-cracking techniques. Hackers tend to gain access to data or systems through vulnerabilities in cloud infrastructure or a human error of some type (whether malicious or non-intentional). Once they have access, attackers will usually launch attacks against other businesses that use the same cloud provider.

    Security Measures to Manage and Reduce Cloud Risks

    Despite these concerns, companies have at their disposal a number of ways to lessen their cybersecurity risks and reap the cloud computing rewards. Here are some steps to consider:

    Always back up data

    This old mantra continues to be relevant in the cloud. Extending control of your data to a third party shouldn’t supplant maintaining backups. Frequent, complete backups are the best preventative measures not only against threats like ransomware, but also against data loss due to technical problems. Simply migrating data from one system to another can result in disastrous data loss, as infamously demonstrated by MySpace’s destruction of more than a decade’s worth of customer data.[6]

    Web app pen testing

    One smart way to pick up on vulnerabilities in web applications — hopefully before the bad guys do — is to simulate a cyberattack to see where security holes might exist. So-called penetration testing should be conducted on a regular basis to detect, fix and prevent flaws and app vulnerabilities. (For more, read “A Guide to Web Application Penetration Testing.”)

    Multifactor authentication

    Multifactor authentication, which requires two or more credentials to confirm a user’s identity, cuts down on threats posed by increased remote access. Logging into a web app, for example, may require a password as well as a code sent to the customer’s smartphone.

    Geodiversity

    Work with a cloud provider that stores data across servers in different locations, rather than only a single physical location. This can help prevent loss of information or services should a particular data center be attacked.

    Review cloud configurations

    And do so on a regular basis. Misconfigured cloud services, such as mismanagement of access privileges and internet-exposed storage, leave businesses vulnerable to cyberattack. Compounding the issue: The more services a company uses from different vendors, the more at risk it becomes.

    The Bottom Line

    Cloud computing has enabled businesses of every size to grow and scale without having to make large capital investments. However, the public nature of the cloud also places them at risk from a variety of cyberattacks. By understanding these threats and taking the proper preventative measures, companies can still enjoy the benefits of cloud services, while minimizing the dangers.

    [1]Share of corporate data stored in the cloud in organizations worldwide from 2015 to 2020,” Statista

    [2] Gartner glossary

    [3]Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 23% in 2021,” Gartner

    [4]The State of Cloud Security 2021," Sophos

    [5]Web Application Security," Synopsys

    [6]MySpace admits losing 12 years’ worth of music uploads,” BBC

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top