TechTarget has published a new article which talks about five cloud security threats which are plaguing IT security teams in 2018, mostly associated with APIs, IoT and human error.
Written by Stephen J. Bigelow, Senior Technology Editor, the article focuses on five key threats to cloud security that have marked and will continue to be big during this year.
The list starts with a lack of responsibility, which talks about organizations that believe that workloads situated in the cloud are no longer their concern. This is quite wrong as cloud providers do not need to protect those workloads, with data retention, resilience and security remain the responsibility of the user and not the providers. Hence, it is imperative for one to completely utilise the ecommerce features that their website come with.
Another key thing is the to mitigate the risk of data loss with redundant workloads and storage services distributed across more cloud regions.
The second security threat is insufficient security tools and tests, and while public providers offer an array of tools and services aimed at cloud security, organizations still have to check and ensure the security of cloud resources and mitigate attacks. Plenty of key cloud providers, like Amazon Web Services, Google and Microsoft offer both application firewalls, encryption, dedicated connections and monitoring tools that can be used to check the security.
Third and probably the most common one is the human error as, according to the article, “the human element is still one of the weakest links in IT security”. With the cloud, this becomes even harder as misappropriated credentials can make a big problem across applications and data in the cloud. Phishing, fraud, and other attacks can allow hackers to steal credentials, hijack cloud accounts and more.
Of course, the human error also includes poorly implemented authentication, weak passwords, and weak security protocols in general.
The fourth threat focus on vulnerable systems and APIs, which enable software to connect to outside services, including those on the cloud provider. The best way to defend against this threat is to have prompt corrective action by developers and operations staff.
The last, but definitely not the least important one, are the unprotected IoT devices. With the expansion of the Internet of Things (IoT), each of those devices at the network endpoint becomes a security threat as it has its own configuration and an IP address. These are usually a target of malicious attacks and can be the weakest point in the network.
You can check out the full article, titled “Five cloud security threats to combat in 2018”, over at the TechTarget website.