The risk of data breach is not unique to cloud computing,
but it remains a top security concern for cloud customers. A data breach is an
incident in which sensitive, protected, or confidential information is released,
viewed, stolen or used by an individual who is not authorized to do so. Cloud
environments are exposed to the same threats as traditional corporate networks,
providing new avenues of attack due to the high accessibility and shared
resources. The vast amount of data cloud providers host makes them a very
attractive target.
A data breach can be the result of human error, application
vulnerabilities or poor security practices. It may involve personal health
information, financial information, personally identifiable information (PII),
trade secrets, intellectual property or any other information not intended for
public release.
The extent of the breach depends on the sensitivity of the
data exposed. When a data breach occurs companies may face large fines,
lawsuits or criminal charges. There are also costs associated with
investigations, customer notification and legal services. Indirect effects such
as brand damage and loss of business can have even more devastating impact on
the organization.
In 2015 the antivirus firm BitDefender suffered a security
breach, involving stolen usernames and passwords, due to a security
vulnerability in its public cloud application hosted on AWS. The hacker
responsible demanded a ransom of $15,000. The company was quick to resolve the
issue and put additional security measures in place to prevent future reoccurrence.
As an extra precaution, a password reset notice was sent to all potentially
affected customers.
Cloud providers typically have good security controls set up
for their environments, but customers are ultimately responsible for protecting
their data in the cloud. An effective security program should be implemented,
as well as multifactor authentication and encryption.
Resources:
The Treacherous 12 Cloud Computing Top Threats in 2016,
(February 2016), prepared by the Cloud Security Alliance, retrieved from https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
Rashid, F., (2016, March 11), The dirty dozen: 12
cloud security threats, retrieved from http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
Goldman, J., (2015, August 6), Bitdefender Acknowledges Data Breach, retrieved from http://www.esecurityplanet.com/network-security/bitdefender-acknowledges-data-breach.html
No comments:
Post a Comment