Cloud computing has transformed businesses at an unprecedented pace, contributing to a shift towards a service-based approach in the use of computing applications and resources. It also makes the accessibility and maintenance of computing resources seamless and consistent. However, such convenience comes at the cost of many threats and risks.
1. Data Breach & Loss Owing to Attacks:
The top cloud computing threat of 2013 is the risk of data breaches. The cloud, by its very definition, means transferring the storage of data to third-party remote locations from the hard drive or the internal server. The loss of control over the data, and the possibility of cyber-criminals or corporate rivals breaching the defenses of the cloud service provider to get their hands on such data, has been a traditional bane of cloud computing. Contrary to the hype, this threat has not abated, and remains the top threat when migrating data to the cloud. Such attacks can lead to disastrous consequences such as
- Account hijacking
- Permanent loss of the data, as the attackers erases the data
- Theft of confidential consumer data such as account numbers, passwords and credit card numbers
In fact, the risk of data breach is higher in the cloud when compared to in-house hosting, and the data may become victim of collateral damage, when hackavists or other attackers target the data of some other enterprise located in the same cloud server. Then, there is also the threat of losing encryption keys, or even hackers deciphering the encryption key to steal data when in transit, all multiplying the risks when storing data in the cloud.
2. Denial of Service (DoS) Attacks:
Denial of service attacks (DoS) prevents cloud users from accessing their data or their applications, by forcing the victim cloud service to consume inordinate amount of finite consuming resources.
Distributed Denial of Server (DDoS) attacks against the servers of large corporations by hackavists and corporate rivals are now commonplace. Apart from DDoS, another type of DoS attack is asymmetric application level DoS attacks, which exploit vulnerabilities in web servers, databases, and other cloud resources, to take out single web based applications, using small payloads. The cloud can extend such threats to even small enterprises, whose data happen to be in the server that hosts the data of the large corporation, or when the attackers target the provider itself.
3. Data Theft or Loss Owing to Malicious Insiders:
Malicious insiders who steal data and other sensitive information have always been a bane for network security. Most organizations neglect the threat on this front, focusing their energies on deflecting external threats instead, and very often, they pay the price for it as well. With cloud computing, such threats multiply. Organizations now have to worry not just on malicious in-house insiders, but also about the possibility of malicious insiders the cloud service provider’s office.
4. Cloud Service Abuses:
The cloud allows even small organizations to access vast amounts of computing power. While this creates a world of possibilities for small enterprises, who could not afford to purchase and maintain the thousands of servers required for advanced computing tasks, it also makes the life of the cyber criminal that much easier. Launching DDoS attacks, sending spam or phishing emails, dishing out malware, cracking advanced encryption key, and brute-forcing passwords have all become possible and affordable to just about anyone. Instances of cyber criminals leveraging cloud services to launch deadly attacks are set to become a major threat in 2013.
5. Technology Vulnerabilities:
Cloud services deliver their scalable model of computing by sharing infrastructure, platforms and applications. This gives rise to the risk of misconfiguration or vulnerability in any one application or service compromising the cloud network in its entirety, spanning multiple organizations.
A related threat is insecure Interfaces and APIs. Cloud providers offer their clients a set of software interfaces, to manage and interact with the cloud services. Many organizations, in a bid to provide their end-customers with value added services, develop such interfaces further. This may however introduce vulnerabilities to such interfaces, and allow third-parties a way in to access their cloud account.
With traditional channels closing down, cyber criminals are sure to exploit these loopholes, right through 2013 and even beyond.