Security Resilience in The Cloud
Background
As the advancement in technology grows and the demands for new multifunction devices soar, the fast pace of cloud services soar, the complexities and features grow into an enormous compliance and security nightmare. On the other hand, it can be equally construed that the security issues that accompany these devices are a major cause for Information Security has gained momentum over the years and the pace at which the demand for assurance in Information Security is growing. In addition, it is only natural to face the challenges and tackle the issues that are imminent which posses a threat to the global corporate world of business.
The growth of hackers, numerous malicious software codes and the inevitable zero day exploitation is only getting worse. The way in which enterprises challenge and mitigate these risks is to use all the possible counter measures there are to prove their success or failure in a global dynamic IT environment.
What are the threats in a hosted cloud environment?
The threat landscape is constantly changing. However, some of the most dangerous threats are those that are ‘old school’ with a more sophisticated new approach in launching an Some of the typical threats that are pertinent to cloud services are:
Command Execution
A command string, executed in server-side code, contains invalidated user input
Potential impact
- The attacker can execute arbitrary code using the web server privileges
- This code could retrieve data from the server or directly alter the server
Simple example
- Web user is supposed to provide a filename to be displayed or retrieved
- The web server uses “echo” or “copy” directly on filename, as provided
- An attack provides a filename “stupid.txt & myMaliciousCommand”
Session Hijacking
This is sometimes also known as cookie hijacking. This is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorised access to information or services in a computer system. This type of attack happens when the Security malicious user guesses or steals the authentic token or token key for that session and by doing so, accesses the webserver system or resources as a legitimate user. This can lead to further security breaches via carrying a man-in-the-middle attack, browser attacks or even installation of malicious codes onto system.
Compliance and legislation
The challenge of legislation and compliance in the cloud is a slow adoption. Only a few internal businesses tend to be able to comply and manage to satisfy compliance in an interconnected cloud environment. Compliance requirements such as SOX, HIPPA, Safe Habour agreement are some of the main cross-country challenges businesses have to battle with to provide assurance and security. One of the biggest problems with the increased use of cloud services is that the client cannot, with confidence, control where their data is stored, who is processing or harvesting their data; and that in itself is a security challenge.
Especially where the services offered by the cloud services provider is free, the client will not have any say/control over the location their data is being stored, backed up and managed.
Compromise of Interconnected Systems
Resulting from exploitation of a trusted path through an insecure application or networkresource, resulting in the compromise of partner systems and their data; in turn leading to a loss of reputation and customer confidence. Clinton at Security Aware calls it ‘Cross contamination exploits’ – this is an exploit that has been coined in a way such that it compromises all the systems hosted in a shared environment.
Denial of Service
Resulting in the unavailability of network and application resources, potentially leading to the loss of revenue.
What are some of the vulnerabilities?
These key threats are most often realised through the following vulnerabilities within the internal network:
- Unused open ports and services
- Missing security patches/updates
- Poor design, configuration and implementation of services
- Default/generic user accounts (username & passwords)
- Lack of understanding of best practices and security requirements
- Lack of or poor internal monitoring and auditing of systems
- Excessive privileges assigned to users within an unrestricted environment
When should you perform security assessment of your cloud system?
With new vulnerabilities and malware exploits populating the web daily, it is best practice to develop a robust vulnerability management strategy to manage the threats your business faces continuously. Assessment should be done on a regular basis to have constant visibility of the threats your business faces. Some companies have systems in place to identify and manage vulnerabilities on a weekly, fortnightly or monthly basis. In some cases, bigger companies with an allocated budget and resources normally perform security assessments on a daily basis.
In addition, it is critical to perform an assessment of corporate networks and their services both prior to their initial roll out and on a regular basis to ensure that any and all specific security threats are understood, managed and remediated.