123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computer-Programming >> View Article

The 9 Biggest Online Security Threats In 2014

By Author: skyhighnetworks
Total Articles: 54

The increasing use of cloud in the enterprise is changing the threat landscape for many companies. The Cloud Security Alliance, an industry association founded in 2008, recently published its latest ranking of the top online security threats. Over the past couple years as companies put more data into the cloud the nature of threats has changed. The latest Cloud Security
landscape is profiled in its “Notorious Nine” list of the top security threats faced by enterprises this year.

Compared to 2010, several threats have moved up in the rankings. Data breaches now rank as the top threat to companies as they store data in cloud services they don’t have direct control over. With the average company using 626 cloud services, there is a wide range in the security controls, ranging from ones built for the enterprise like Box to consumer grade services without the same security controls.

Data loss also moved from 5th to 2nd this year as more companies grapple with the destruction of data in the cloud. Denial of service attacks were previously not ranked and have made the top 9 list this year. Other risks such as insecure APIs have declined in their relative severity compared to other threats.

1. Data Breaches

When companies store data in the cloud they put their trust in companies they don’t directly control, or in many cases even evaluate for security. The recent Target data breach of credit cards shows that attackers continue to focus on where large amounts of sensitive data is stored. When company employees store data in the cloud, if there’s a breach all the data from every customer of that Cloud Security
service could be affected. Evernote, Dropbox, and Scribd are some of the cloud services that have recently experienced significant security breaches.

2. Data Loss

IT departments developed a number of processes to protect data from loss including using backups of data and RAID storage systems. But is your cloud provider backing up data stored in the cloud? Data in the cloud could be lost in several ways including users who forget their login credentials, data that is not backed up by the cloud provider who experiences data loss, compromise by malicious third party, and losing encryption keys protecting that data making it indecipherable. In April 2011 Amazon AWS experienced data loss during a “remirroring storm” attack. Wired write Mat Honan had his personal photos and email accounts erased by a hacker.

3. Account or Service Hijacking

Enterprises are seeing increases hijacking of accounts and even sessions when users login. Man in the middle attacks allow a third party to view the data being sent to and from the cloud by an employee. Cloud services that encrypt data in transit and use certificates help reduce the risk of these types of attacks.

4. Insecure APIs

While declining in relative severity, insecure APIs still represent a threat to corporate data. As more and more cloud apps utilize public APIs to exchange data with other apps and devices, the security of those APIs is paramount. After OAuth became a standard used by Twitter and Google the prevalence of this problem has declined over time relative to other security issues.

5. Denial of Service

Millions of automated requests by computers controlled by malicious code can now be detected and filtered out before it brings down a service. But attackers are finding new ways to launch attacks on an even larger scale that are distributed and more difficult to detect and isolate from normal traffic to a service. This is especially problematic for providers running on IaaS such as Amazon AWS or Microsoft Azure as they get billed from the increased resources consumed during an attack.

6. Malicious insiders

When you hand over your data to a third party, you need to worry about who has access to your data at the provider. Each cloud provider has different policies, and there is a wide range of internal security controls. The best way to protect your data, say experts, is to encrypt data before it leaves your company with encryption keys you own and control, so even the cloud provider itself cannot decrypt and view your data stored on the cloud service.

7. Abuse of Cloud Services

The same large scale elastic computing services that allow cloud providers and enterprises to gain quick access to computing resources without making large capital investments also benefit attackers needing computing power. For example, using cloud infrastructure allows an attacker to quickly crack passwords, or serve malware at scale, or lunch DDoS attacks. The tools that you use to be more productive can also be used by nefarious parties to cause damage and launch attacks.

8. Insufficient Due Diligence

One of the biggest problems with Shadow IT
is that employees do very little due diligence on a cloud provider before they store company data in the service. Companies have hundreds of cloud services in use with their data spread among them, but only a small fraction have been properly vetted by the IT department. Many users may be completely unaware of some of the legal obligations hidden in terms and conditions of each service, clicking “accept” without reading them.

9. Shared Technology

Another disadvantage of sharing computing resources with other users of a service is that it can open you to certain types of attacks and security breaches. For instance, a vulnerability affecting the shared infrastructure being used by tenants of a cloud service can affect all of them. Each vulnerability is magnified across many different consumers, instead of isolating them to one user.

Author :
Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/ or follow us on Twitter@skyhighnetworks.

Total Views: 124Word Count: 1028See All articles From Author

Computer Programming Articles

1. Best Java Jee Training Institutes In Pune | Top Certification Courses
Author: meenal deshpande

2. Sap Iot Startup Accelerator
Author: Karthik M

3. How To Remove Learnthelyrics Browser Hijacker
Author: Virus Removal

4. Selenium – Introduction And History Of Selenium Testing Tool
Author: Siyaram Ray

5. Selenium Testing Tool Training – A Complete Guide To Master Selenium
Author: Siyaram Ray

6. Web Development - What’s In Demand
Author: Siyaram Ray

7. Tips To Survive And Progress In The Field Of Selenium Software Testing
Author: Siyaram Ray

8. Neagenia It Pvt Ltd
Author: NAVYA

9. In High Doses – Selenium Testing Tool Becomes Toxic
Author: Siyaram Ray

10. How Web Development Patterns Will Change By 2020?
Author: Siyaram Ray

11. 2018 Chevy Equinox
Author: hanan

12. Top 6 Dating Apps Solo Travellers Should Download
Author: Pulkit Goel

13. Finish Setup Of Selenium Grid 2.0 With Hub And Node Setup
Author: Siyaram Ray

14. What If Selenium's Highlight Command Was Always On?
Author: Siyaram Ray

15. Ways To Hire A Skilled Web Developer
Author: CMTech

Login To Account
Login Email:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: