Would you know if your cloud had been hijacked?

The benefits of cloud computing have been extensively documented, but what isn’t discussed as much is the growing opportunity for cyber attacks that cloud environments create. The majority of cloud storage providers house vast amounts of data in centralised, multi-tenanted cloud environments. This is great for business efficiency because it allows multiple users to access cloud data across numerous different devices and platforms. However, this approach isn’t without risks and being aware of what they are is extremely important for any business looking to embrace the power of the cloud.

[easy-tweet tweet=”#Cloud account hijacking can result in the leaking or destruction of sensitive company IP” hashtags=”Security”]

The growing threat from cloud hijacking

Cloud account hijacking is a growing phenomenon that occurs when an organisation or individual’s cloud account is accessed by a third party without permission, usually with malicious intent. Attacks of this nature are becoming increasingly commonplace in identity theft schemes, with criminals using the stolen account details to conduct fraudulent activity. However, what’s concerning is that more sophisticated cloud hijackers don’t even need a username or password to gain access to the account. Instead, they are using malicious attachments in emails or browser extensions to gain access to the account’s authentication token. Once in, they are able to pose as the legitimate account owner whilst simultaneously conducting a wide range of damaging activities such as stealing sensitive data, spreading malicious code or even sending traffic to counterfeit websites.

Are the risks real?

The risks are definitely real. Cloud account hijacking can be particularly devastating at an enterprise level, depending on how attackers use the information they steal, or what else they get up to whilst in the account. Obvious concerns are the leaking or destruction of sensitive company IP. However, the reputational damage caused by actions such as redirected web traffic to fraudulent websites or spamming customer bases with phishing attacks could be catastrophic. Additional legal implications and regulatory fines are also a very real concern for businesses in highly regulated industries, such as healthcare and finance, particularly if confidential stock market or patient data is exposed, for example.

What can businesses do to make their cloud accounts more secure?

There are a number of simple steps that any organisation can take to quickly improve the security of its cloud accounts and data:

  • Require multi-factor authentication. Several tools exist that require users to enter static passwords as well as dynamic one-time passwords, which can be delivered via SMS, hardware tokens, biometrics, or other schemes
  • Encrypt sensitive data before it goes to the cloud
  • Ensure service providers conduct background checks on all employees who have physical access to data centre server rooms
  • Restrict the IP addresses allowed to access cloud applications. Some cloud apps provide tools to specify allowable IP ranges, forcing users to access the application only through corporate networks or VPNs
  • Implement secure solutions for cloud account hijacking defence
  • Make sure all data is securely backed up in the event that data is lost in the cloud

Take time when choosing a new cloud service provider

Businesses must also take proactive steps when choosing a new cloud service provider, and prioritise security alongside other key factors such as ease of use and scalability. One important step is to compare the cloud security and data-integrity systems of different cloud service providers within their contracts.

Companies are well within their rights to examine the number of data loss or interference incidents a cloud service has experienced in the past. It is extremely prudent to know who you are going into business with. How often do they experiences downtime? How do they monitor and manage vulnerabilities? Do they allow clients to audit the performance in any of these areas? All of these are important questions that businesses should do their best to find the answers to before signing on any dotted lines.

Security platforms that extend to both the cloud and mobile devices will further bolster security. The ability to control or block risky data activity based on behavioural and contextual factors all add further security layers. Additional capabilities to look out for include end-to-end encryption, application control and continuous data monitoring.

[easy-tweet tweet=”To tackle the threat of #cloud account hijacking, businesses need a data-aware approach to #security”]

As the threat of cloud account hijacking continues to grow, a data-aware approach to security has become more important than ever. Cloud computing may well be the business model of the future, but organisations who want to capitalise on its many benefits would also do well to verse themselves in its risks and how to effectively mitigate them.

+ posts

Newsletter

Related articles

Don’t lose sight of SAP on Cloud operational excellence

Digital transformation projects can often become complex with twists and turns, which can lead organisations to focus solely on the migration itself.

Need to reduce software TCO? Focus on people

Investing in software is undoubtedly important for enterprises to stay ahead. However, the process is rarely a simple task for CIOs and IT leaders.

The future of cloud and edge optimisation

As more enterprises use multi-cloud and hybrid infrastructures, the danger of cost overruns and loss of control increases.

Here is how to stage a public cloud migration

As the relationships between CSPs and cloud providers are deepening, CSPs need to develop a clear strategy on how they add value to customer relationships.

The future of work is collaborative

As hybrid work models continue to gain traction, businesses will need to start implementing collaborative tools and processes to meet the needs and expectations of the upcoming workforce, seamlessly integrating them into existing workflows to enhance productivity and performance. Innovations in technology, including AI and machine learning, mean that organisations are in a better position than ever to shape the collaborative future of work – and with the right support in place, they can ensure that these digital tools continue to bring out the best in their workforce for years to come.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our Newsletter