Click here to load reader
Upload
sophia-wilson
View
877
Download
0
Embed Size (px)
Citation preview
1. Data breaches
Data breaches aren’t something which is new over the World Wide Web. Its intensity and variety got
changed between environments. According to predictions, data breach would be a concern in 2013
as well over a Cloud environment too.
Having known the risk of data breach, WHUK has in place a well-designed multitenant cloud service
database which helps us prevent the attackers from breaching into accounts and travelling from one
account to the other. On server data breach has never been an issue at WHUK due to strict
enforcement of usage policies.
2. Data loss
This is one of the major concerns of companies in this era. With an increasing threat of online scams
and hacks where organizations report about data loss which is either stolen or completely drained
out. This is something caused by human interference, nature too could be a major cause for data
loss. Nature funded accidents such as earthquakes, floods; fire etc. can lead to data loss too.
There are ways to tackle data losses, no matter what the cause would be. As a precautionary
measure, we regularly backup our servers for which we rely on R1Soft CDPs (incremental backup).
We also encourage our customers to maintain a copy of their data at an individual level in an
encrypted format. This practice has helped us ensure and avoid any loss of data for our customers
and tenants. Encrypting the data before uploading it over the cloud has proven to be an efficient
ways to avoiding data loss. In such cases it is the responsibility of the customers to maintain the
encryption keys.
3. Account hijacking
Account hijacking has been a prominent scam run since the year 2011 which continued in the year
2012 as well. It’s estimated that 2013 too would face account hijacking and similar scams. These
scams are typically carried out through phishing where with the techniques of social engineering,
fraudsters catch hold of ignorant end-users exploiting their passwords. Also a way used for
exploitation is software vulnerabilities. And since most large services are run on cloud these days,
fraudsters can carry out destruction on a greater scale considering the huge playground if they get
access to.
So, how can one avoid account hijacking and scams similar to these?
One can avoid falling prey to such frauds by using some simple methods, like:
DO NOT use same passwords for different accounts STRONG PASSWORDS with a combination of alphanumeric and special characters which is at
least 10 characters long Enable multi-step verification
Well, these are the suggestions that we ask our customers to follow. Apart from the environmental
security, we have no control over the activities carried out by our end-users over the hosted
platforms. Hence, we need to rely on the end-users to take care of this front on their own, though we
can help on a case-to-case basis with helping them out with tightening security.
4. Insecure application programming interfaces (APIs)
Today, nearly every alternate software has come up with an API which enhances interactions with
the software application or even an infrastructure, depending on the purpose what the software is
developed to deliver.Mark O’Neill, CTO, Vordel talked about API keys and Cloud at
cloudsecurityalliance website.
From this again comes under the end-user governance, we as cloud hosting service
providers can only offer a secure cloud environment at the back-end.
5. Denial of service
After a recent incident where the world faced with an Internet slowdown due to the biggest known
DDoS attacks over a highly popular company, it has once again become clear that no matter how
big a company is and what measures one has implemented to retaliate attackers, it can still pose
damage.
Any experienced company would know the means of avoiding such attacks and counteracting it if in
case it does strike. We at WHUK are backed by an experience of 13 years with highly skilled
engineers, network architects and a strong team of server administrators. Your server’s safety,
accessibility and integrity are something we keep on priority #1.
6. Threats from the Inside
Organizations face a continuous risk of damage caused by someone from the inside. A lot of
companies constantly face the challenge of watching over different aspects within the organization
or vendors. In case of the Cloud, it’s important to ensure the dependability of the third-party vendor.
According to the experts, complete dependency of a company on third-party technology vendors
poses a greater threat.
7. Abuse of cloud services
The Cloud offers one of the most unique flexibilities for the users where anybody can get an account
created over the virtual platform. The host barely has the scope of run a background check for each
customer he has over the cluster.
Therefore, it’s important that before you choose a host, it’s important to run through the Cloud usage
policies before signing up.
8. Risk Assessment and Mitigation
Cloud undoubtedly offers multiple advantages to users such as cost reduction, flexibility, availability,
security etc. Despite that, organizations must also assess the risks involved when using the Cloud
for running your business over it. Upon identification, it is equally necessary to adopt ways to
mitigate them.
9. Shared technology issues
Every shared technology model inherits some risks of their own. No matter how many security
measures one has adopted, exploiters do find a way to barge into the system. But with support from
the third-party vendors, organization must adopt backup strategies to mitigate the common threats
posed to the infrastructure.
With an active involvement of the Cloud vendor, the organization can get security tightened on a
case to case basis on an application and port level.