Some Reasons Behind Cloud Security Vulnerabilities

Some Reasons Behind Cloud Security Vulnerabilities

Some Reasons Behind Cloud Security Vulnerabilities

We have debated back and forth that the Cloud is just as safe as the traditional enterprise option, and even more so. Combined with all the advantages, it is a better option for today’s business world. But the security fears are always just around the corner and pops up again every time there is a discussion about Cloud migration. These fears are not unfounded however; they are very real but quite containable unless they were not considered during migration to the Cloud.

Organizations looking into Cloud security like HP have found very simple and obvious yet often overlooked reasons for the security vulnerabilities that happen when applications and data are migrated to the Cloud. Most of the vulnerabilities are caused by overlooked and unchanged settings when applications and data have been migrated. Here are a few of them.

1) Unchanged hardcoded communication channels

Most enterprises have data policies that have been enforced in their data centers and have been considered as fairly secure. Settings like encrypted or unencrypted data channels, harcoded IP addresses and hardcoded hostnames. These are all fine internally because the data center environment has been evaluated for security and these settings were made for exactly that. But when the data is moved to the Cloud, all the channels become public so internally secure processes like passing plain text content over the network suddenly becomes a huge vulnerability. That is why all migrated programs and applications should conduct all the previously safe intra-component communication over secured and encrypted channels. All of these settings have to be changed to accommodate the change in the control of the network infrastructure.

2) Unsecured logging system

InfoSec

Logs are very important for the enterprise. It allows administrators to diagnose problems and as a forensic tool to find evidence in the event of an attack. Enterprises often have strict rules which govern their logging system and dictates what exactly can be logged and who are privy to this sort of information. These rules are strictly policed and enforced regularly. But when the system is migrated, these rules do not apply anymore. And to avoid repercussions and accusations later on, these rules must be reviewed and reapplied to the Cloud environment through the SLA with the Cloud vendor. This ensures that data logging cannot accidentally leak towards malicious individuals. Attackers can use the log data to determine the vulnerabilities of the system; it is very rich and for hackers. The logging should be minimized, reconfigured and controlled, or even turned off.

3) Adjusting encryption for virtualization

Mirroring of an entire system is a very common practice when provisioning virtual environments. This means that a specific vulnerability with the parent system will ensure that all virtual mirrors will have that same vulnerability, giving an attacker hundreds of doors which can be opened by a single key. Virtual instances must have different encryption keys, so they should never be hardcoded. Hardcoding in an internal data center environment might be fine, but that should be changed when the system goes Cloud.

All of these vulnerabilities are because of the difference in the environment that the system will be residing in. Most of the time migration is so painless because systems work immediately without much tweaking that these very important security liabilities which were not issues before have been ignored and carried over in the public environment. The only solution is a reevaluation of the system’s security after migration and changing all of these variables.

By Abdul Salam

Sorry, comments are closed for this post.

Comic
Investing In The Future With The Introduction of Sage Cloud

Investing In The Future With The Introduction of Sage Cloud

CHICAGO, IL–(Marketwired – Jul 26, 2016) – Sage, a market leader in cloud accounting software, announced today at Sage Summit 2016 its strong commitment to future technologies, with a focus on new and existing partnerships that power business growth. Revealed during CEO Stephen Kelly’s keynote address, which opened the world’s largest gathering of entrepreneurs and…

2016 Tour de France: Racing With Big Data

2016 Tour de France: Racing With Big Data

2016 Tour de France The 2016 Tour de France has just concluded, with Chris Froome (SKY) taking his third overall win. Not the kind of event we often focus on here at CloudTweaks, but Dimension Data has put its analytics technology to use tracking the journeys of each rider across all 21 stages, and their…

Ransomware: A Digital Pandemic – Is There A Cure?

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the…

Martech In A Content Crazed World

Martech In A Content Crazed World

Content Crazed World Everywhere you look there are pop-up ads and offers, at times it can feel like overload. What used to be a few online ads on websites has now grown into a wild world of offers that consume your every device. These advancements in marketing technology can not only be overwhelming to the…

Hubgets – Advanced Collaboration, Enriched Communication

Hubgets – Advanced Collaboration, Enriched Communication

Advanced Collaboration Tool Sponsored series provided in collaboration with Hubgets Collaboration tools have advanced leaps and bounds with the advent of cloud technology, and the services available are only getting better. Promising features such as sophisticated group communication, productive management of tasks and meetings, and the ultimate dream, working remotely from some gorgeous island destination, innovative collaboration…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Cloud Infographic: IoT For Automotive Deconstructed

Cloud Infographic: IoT For Automotive Deconstructed

IoT For Automotive Deconstructed The IoT automotive industry is moving rapidly with many exciting growth opportunities available. We’ve written about some of the risks and benefits as well as some of the players involved. One thing for certain as that the auto industry is starting to take notice and we can expect the implementation of a…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the Internet and PC.…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…