1. Data breaches

Data breaches aren’t something which is new over the World Wide Web. Its intensity and variety got

changed between environments. According to predictions, data breach would be a concern in 2013

as well over a Cloud environment too.

Having known the risk of data breach, WHUK has in place a well-designed multitenant cloud service

database which helps us prevent the attackers from breaching into accounts and travelling from one

account to the other. On server data breach has never been an issue at WHUK due to strict

enforcement of usage policies.

2. Data loss

This is one of the major concerns of companies in this era. With an increasing threat of online scams

and hacks where organizations report about data loss which is either stolen or completely drained

out. This is something caused by human interference, nature too could be a major cause for data

loss. Nature funded accidents such as earthquakes, floods; fire etc. can lead to data loss too.

There are ways to tackle data losses, no matter what the cause would be. As a precautionary

measure, we regularly backup our servers for which we rely on R1Soft CDPs (incremental backup).

We also encourage our customers to maintain a copy of their data at an individual level in an

encrypted format. This practice has helped us ensure and avoid any loss of data for our customers

and tenants. Encrypting the data before uploading it over the cloud has proven to be an efficient

ways to avoiding data loss. In such cases it is the responsibility of the customers to maintain the

encryption keys.

3. Account hijacking

Account hijacking has been a prominent scam run since the year 2011 which continued in the year

2012 as well. It’s estimated that 2013 too would face account hijacking and similar scams. These

scams are typically carried out through phishing where with the techniques of social engineering,

fraudsters catch hold of ignorant end-users exploiting their passwords. Also a way used for

exploitation is software vulnerabilities. And since most large services are run on cloud these days,

fraudsters can carry out destruction on a greater scale considering the huge playground if they get

access to.

So, how can one avoid account hijacking and scams similar to these?

One can avoid falling prey to such frauds by using some simple methods, like:

DO NOT use same passwords for different accounts STRONG PASSWORDS with a combination of alphanumeric and special characters which is at

least 10 characters long Enable multi-step verification

Well, these are the suggestions that we ask our customers to follow. Apart from the environmental

security, we have no control over the activities carried out by our end-users over the hosted

platforms. Hence, we need to rely on the end-users to take care of this front on their own, though we

can help on a case-to-case basis with helping them out with tightening security.

4. Insecure application programming interfaces (APIs)

Today, nearly every alternate software has come up with an API which enhances interactions with

the software application or even an infrastructure, depending on the purpose what the software is

developed to deliver.Mark O’Neill, CTO, Vordel talked about API keys and Cloud at

cloudsecurityalliance website.

From this again comes under the end-user governance, we as cloud hosting service

providers can only offer a secure cloud environment at the back-end.

5. Denial of service

After a recent incident where the world faced with an Internet slowdown due to the biggest known

DDoS attacks over a highly popular company, it has once again become clear that no matter how

big a company is and what measures one has implemented to retaliate attackers, it can still pose

damage.

Any experienced company would know the means of avoiding such attacks and counteracting it if in

case it does strike. We at WHUK are backed by an experience of 13 years with highly skilled

engineers, network architects and a strong team of server administrators. Your server’s safety,

accessibility and integrity are something we keep on priority #1.

6. Threats from the Inside

Organizations face a continuous risk of damage caused by someone from the inside. A lot of

companies constantly face the challenge of watching over different aspects within the organization

or vendors. In case of the Cloud, it’s important to ensure the dependability of the third-party vendor.

According to the experts, complete dependency of a company on third-party technology vendors

poses a greater threat.

7. Abuse of cloud services

The Cloud offers one of the most unique flexibilities for the users where anybody can get an account

created over the virtual platform. The host barely has the scope of run a background check for each

customer he has over the cluster.

Therefore, it’s important that before you choose a host, it’s important to run through the Cloud usage

policies before signing up.

8. Risk Assessment and Mitigation

Cloud undoubtedly offers multiple advantages to users such as cost reduction, flexibility, availability,

security etc. Despite that, organizations must also assess the risks involved when using the Cloud

for running your business over it. Upon identification, it is equally necessary to adopt ways to

mitigate them.

9. Shared technology issues

Every shared technology model inherits some risks of their own. No matter how many security

measures one has adopted, exploiters do find a way to barge into the system. But with support from

the third-party vendors, organization must adopt backup strategies to mitigate the common threats

posed to the infrastructure.

With an active involvement of the Cloud vendor, the organization can get security tightened on a

case to case basis on an application and port level.