If it’s in the Cloud – It must be Secure, surely?

Few are surprised by the popularity of the cloud. It offers flexible computing options at a fraction of the cost and time.

Organisations can conveniently improve data storage and server processing or use Software-as-a-Service
(SaaS) products.

Cloud computing has become an integral piece of today’s IT infrastructure. Its ‘try before you buy’ and ‘pay as you go’ models provide organisations with the ability to test the technology, and integration with the cloud is fast and usually requires virtually no organisational downtime.

However, much like other emerging technologies, the cloud can be abused, so it’s imperative to know its vulnerabilities, especially the holes in security.

Cloud services are vulnerable across three main attack vectors:

1. Account Hijacks – Gaining unauthorised access to an individual or organisation’s email or computer account for malicious purposes.
   In a Check Point survey, Account Hijacks were the biggest concern amongst customers and partners.
2. Malware Delivery – Propagation, especially through in-app file sharing services, such as Box or OneDrive cloud apps, in order to commit a variety of cyber crimes.
3. Data Leaks – Whether intentionally or unintentionally, data leakage occurs with the seamlessness of sharing information with cloud services.

When asked why they may not be securing their cloud assets, a full 30% of survey respondents believe security is the responsibility of the cloud service provider. This negates recommendations that cloud security follow the Mutual Responsibility model shared by the cloud provider and the customer.