Hackers and the Cloud

There are a variety of reasons someone might be hacking your information, with any Cloud service there is going to be a wealth of data. Remember, whatever your reason for choosing one Cloud provider over another, other people are likely making similar choices for similar reasons. In addition, with more and more people moving their data to the Cloud, the increase in payoff for the hacker attracts more sophisticated hackers. Hackers will use a number of entry points to get into the Cloud provider. A lot of the vulnerabilities are in the interface between you and the Cloud provider. A Cloud service should be using the most sophisticated techniques to secure your data on their end. But remember that an API gives access to the server, in limited formats, to any one using the UI or API.

An API, or Application Programming Interface, is is similar to a UI, or User Interface. Though often used similarly, the two can offer varying services depending on who is using the term. An interface is the way a user interacts with some program or programs; an API provides access to the service. It is a program that you can operate from a remote location. This interface provides a key security loophole that can be exploited because the Cloud provider is giving access to the user. It can seem an obvious problem, and in some respects it is, in addition some API’s give access to the Cloud customer’s customer. Some companies or individuals are using Cloud services to offer back up and security to their prospective clients.

There is no one-step way to prevent hackers, a lot depends on the systems you are using. For every system there are going to periodic vulnerabilities, but staying up to date with the latest patches for your software is important. Researching known vulnerabilities is also important. There are various companies which you can hire to keep you abreast of vulnerabilities and problems that occur.

A lot of Hackers are increasing their efforts towards spear phishing, spear phishing is a way to find out passwords or answers to security question through indirect means. After discovering who has access, a hacker will look through public information about that customer, and even a username that might be given away by the employee. The most basic thing you can do to thwart hackers is to educate your employees on the various threats to security. What could seem like an innocuous question, or email attachment, can very well be the opening to an attack. The basics are simple, verify everything. If you aren’t sure of the website, or an email attachment, then do a little research into it. Perhaps you are getting a call from someone saying they are a provider; find out for sure by calling them back.

Hackers have a variety of reasons to get your information, sometimes to sell it to other hackers who can use your usernames and passwords to log into other sites. Suffice to say, this information is becoming more and more of a commodity it our markets. And as long as there are people who want that information, a burgeoning blackmarket for information will develop.

The difficulty is that this is all going on behind the scenes. You may have been hacked and not even know it, yet identifying what information was compromised, and the weak point in your system that allowed for the breach, is a crucial part of keeping a competitive edge in the world today. A lot of the prevention can seem vague or unnecessary to keep your data safe, but it is vital to understand security and your Cloud provider.

Cloud Security Concerns for Any Customer to Consider

For a Cloud customer there are primarily three questions you have to ask yourself:
– what cloud service I want;
– what security vulnerabilities does that cloud service have;
– and what can I do once I have chosen to limit those vulnerabilities.

A lot of vulnerabilities arise from a lack of knowledge. The Cloud service provider will connect their available network to you by way of a UI or API interface. So being informed will help you as a customer know how best to control your operation, and prevent loss or release of data.

A number of concerns arise when trying to secure your operations. Amongst the concerns one has to consider is what are you sharing on the Cloud service, how secure is the connection to the Cloud provider, and who has access to your operations and information. These questions can form the basis of an investigation into preventing future data failures from happening.

The most basic things you can do to prevent your information from being hacked is to use encrypted data; anything that goes over a network should be encrypted. Encryption is the lock on your information. Another important strategy is to use passwords, especially for any administrative duties, and change those passwords periodically. The problem is that in house employees will not want to memorize changing passwords, and passwords shouldn’t be in the cloud system itself. So a difficult balancing act becomes necessary and in order to juggle between protecting access to your Cloud data, and ease of use.

Another thing you can do to secure your system is to back everything up. In case of malicious or accidental removal, you will have that data stored elsewhere, and you most likely want to encrypt those backups for protection. Hackers can have a variety of reasons for attacking your Cloud provider or personal system, and some of those reasons involve removing your data from the web. So it is vital to create back-ups of important data.

Make use of the security updates your Cloud provider releases immediately; these security patches repair known flaws. If your provider has provided a patch, this means anyone who knows of the patch knows of the flaw in the system, and most likely some people knew of this flaw before you did. The key to good security is to be one-step ahead of everyone else, people trying to access your information are most likely going to go after the lowest hanging fruit.

According to the CSA, another important security concern to consider is the threat of malicious insiders. A malicious insider is someone who now has, or once had access, and now wishes to use that access in a way you don’t want. A malicious insider could be an ex-employee. One way to remedy circumstances is to have a fast turn over rate for security access when new employees are hired and old employees leave. You want to change access over from old employees to new ones immediately. Other measures you can take is to routinely track access to sensitive information. While I deplore over reaching efforts to snoop on employs, there is a balance that can be achieved by tracking access to particularly sensitive information and encryption keys or passwords.

The use of a Cloud service is fraught with new and old perils. While it is in many respects more secure handling your information yourself, its attractiveness as a target for an attack makes it vulnerable. So taking steps to ensure that you are able to limit security loopholes and working with your cloud provider is a good way to help ensure the security of sensitive information and data.