Some Reasons Behind Security Vulnerabilities

Cloud Security Vulnerabilities

We have debated back and forth that the Cloud is just as safe as the traditional enterprise option, and even more so. Combined with all the advantages, it is a better option for today’s business world. But the security fears are always just around the corner and pops up again every time there is a discussion about Cloud migration. These fears are not unfounded however; they are very real but quite containable unless they were not considered during migration to the Cloud.

Organizations looking into Cloud security like HP have found very simple and obvious yet often overlooked reasons for the security Vulnerabilities that happen when applications and data are migrated to the Cloud. Most of the vulnerabilities are caused by overlooked and unchanged settings when applications and data have been migrated. Here are a few of them.

1) Unchanged hardcoded communication channels

Most enterprises have data policies that have been enforced in their data centers and have been considered as fairly secure. Settings like encrypted or unencrypted data channels, harcoded IP addresses and hardcoded hostnames. These are all fine internally because the data center environment has been evaluated for security and these settings were made for exactly that. But when the data is moved to the Cloud, all the channels become public so internally secure processes like passing plain text content over the network suddenly becomes a huge vulnerability. That is why all migrated programs and applications should conduct all the previously safe intra-component communication over secured and encrypted channels. All of these settings have to be changed to accommodate the change in the control of the network infrastructure.

2) Unsecured logging system

Logs are very important for the enterprise. It allows administrators to diagnose problems and as a forensic tool to find evidence in the event of an attack. Enterprises often have strict rules which govern their logging system and dictates what exactly can be logged and who are privy to this sort of information. These rules are strictly policed and enforced regularly. But when the system is migrated, these rules do not apply anymore. And to avoid repercussions and accusations later on, these rules must be reviewed and reapplied to the Cloud environment through the SLA with the Cloud vendor. This ensures that data logging cannot accidentally leak towards malicious individuals. Attackers can use the log data to determine the vulnerabilities of the system; it is very rich and for hackers. The logging should be minimized, reconfigured and controlled, or even turned off.

3) Adjusting encryption for virtualization

Mirroring of an entire system is a very common practice when provisioning virtual environments. This means that a specific vulnerability with the parent system will ensure that all virtual mirrors will have that same vulnerability, giving an attacker hundreds of doors which can be opened by a single key. Virtual instances must have different encryption keys, so they should never be hardcoded. Hardcoding in an internal data center environment might be fine, but that should be changed when the system goes Cloud.

All of these vulnerabilities are because of the difference in the environment that the system will be residing in. Most of the time migration is so painless because systems work immediately without much tweaking that these very important security liabilities which were not issues before have been ignored and carried over in the public environment. The only solution is a reevaluation of the system’s security after migration and changing all of these variables.

By Abdul Salam

The Backup.png
Holiday Photos.png
Recovery Experts.png
Answer To Everything.png
Yuliya Melnik
DevOps Services Outsourcing The sooner you release your unique idea to the public, the higher the chance that it will receive the lion's share of the audience's attention. Delays in development can lead competitors to ...
JK Chelladurai
Usage-Based Pricing We are now in an era where many businesses are flipping their business model and shifting from subscription-based pricing to usage-based models, to better cater to the modern ‘pay-as-you-consume’ buyer. So what exactly ...
Rakesh Soni
Customer Experience: Living In A Connected World and Winning the IoT Race IoT and smart interconnected systems have already created an invisible aura of convenience, usability, and a rich user experience around us. However, when ...
Mitigation Security
Data scraping solutions When people hear the term data scraping, their first thought is often about how companies use this technology for competitive reasons – specifically to pull publicly-available data from millions of websites in ...
Gilad David Maayan
What is Zero Trust Network Access (ZTNA)? In a zero-trust security model, all user connections are authenticated, and users only receive the access and privileges they need to fulfill their role. This is very different ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.