In a recent survey, 69 percent of North American IT professionals expressed a belief that the risks of using a cloud based service currently outweighed the benefits. The main reason cited was a concern over data security. This concern has made many business leaders hesitant to switch over to the cloud, but the reality is the cloud is growing and is not going away, especially with the possibility of big data cloud computing.
In fact, Forrester Research predicts that the cloud business will grow from its current worth at $40 billion to $160 billion by 2020. Rather than ignoring the cloud, business leaders should learn about the vulnerabilities, what their implications are and the steps they can take to protect their data. This article will specifically address the vulnerability to service traffic hijacking and how it can be addressed.
Service Traffic Hijacking Vulnerabilities
In its 2013 report the Cloud Security Alliance identified service traffic hijacking as the third-greatest cloud computing security risk. In this type of security breach, hackers seek to hijack your account by stealing your security credentials and then eavesdropping on your activities and transactions. These hackers can also manipulate your data, insert false information and redirect your clients to illegitimate sites.
This type of vulnerability is particularly scary because hackers are able to use your reputation and the trust you have built up to manipulate your clients. In 2010, Amazon faced an attack that allowed hackers to steal the session IDs that grant users access to their accounts after entering their passwords. This left the client’s credentials exposed to the hackers. The bug was removed 12 hours after it was discovered, but many Amazon users unknowingly fell for the attack during that time.
Implications for Businesses
It’s not hard to imagine the negative implications a data breach like Amazon’s would have on a company. Depending on what the hacker chose to do with the information, you could be left with your integrity and reputation destroyed or with confidential data leaked or falsified. For companies in highly regulated industries, such as health care, this could even have potential legal implications if client’s confidential data was exposed.
Tips to Ensure Safety
Some businesses looking to stem this threat may decide to take the wait and see approach. Industry standards for cloud platforms are still being developed, and many businesses are waiting until more standards are in place to ensure the safety of their data and compliance with the law. While this option does eliminate some security risks, these company's are also risking not taking advantage of this platform while their competitors are.
Instead, there are some proactive steps companies can take to protect themselves. For example, companies can do this by:
- Setting up protocol that prohibits sharing account credentials between employees or services.
- Using a strong two-factor authentication technique and track employee use of the platform for unauthorized activity.
- Utilizing a secure encryption management system, such as that offered by Venafi, should also be prioritized and developed specifically for use with a cloud platform.
As businesses select a cloud service provider they should go through potential contracts carefully and make comparisons of the clouds’ security and data-integrity systems. Try to take a data-driven approach when evaluating potential cloud service providers rather than relying on inaccurate or out-of-date anecdotal evidence. Factors to look at include the number of data loss or interference incidents a cloud service experienced compared to members of your organization. How often does the cloud experience downtime and how does it monitor and manage vulnerabilities? Does the contract grant you access to this data, and will you be able to audit the cloud’s performance in these areas?
Ultimately, an organization’s data faces the risk of exposure no matter where it is housed, so companies should stay up to date on the threats and take the proper precautions to increase security. As the cloud continues to develop new insights and regulations will come into place that will hopefully make the transition easier and less risky for business leaders.