Loading...
Loading

Cloud Security Concerns for IT Teams

2014-07-09by Shah k

Cloud data thefts & cloud security breaches are a real concern for IT teams nowadays, especially given recent security breaches. One notable breach incident occurred at Target retail stores, up to 110 million individuals were victimized. "Using cloud computing involves other new routes of Cloud Security breaches and attacks," said UBA analyst George Li.

Security researchers at the University of Wisconsin, security software firm RSA, and the University of North Carolina discovered the possibility for a user on one virtual machine to listen for activity that signals the arrival of an encryption key on another VM on the same host. Technical lead for Dell's EMEA information security practice Don Smith commented on cloud security, "If you're going to stick data in the cloud and you're going to encrypt, who's got the keys? Does the provider have the keys, does an escrow agency have the keys or do you have the keys?" Smith said. "I had conversation with a very big bank in the UK a couple of months ago and they were particularly interested in leveraging the technology, simply because they could keep the keys in their walled garden. Furthermore, Smith stated, "the data that was flowing out could be encrypted, and privileged users at the cloud provider would never ever be able to decrypt that. That's a game-changer but it requires people to understand it, get over the fear of geeky words like encryption and just take it seriously." Smith also goes to note that, "Google Analytics is the biggest privacy breach in the universe, where they're giving away the web master tools. More than 50 percent of websites globally are feeding back everyone's surfing habits to Google so that they can then use it to target advertising. That's insidious."

According to UBA analyst George Li, "A chief information officers worst nightmare would be for highly confidential information to be leaked and directed to its competitors. Thus, proper measures of Cloud Security are a must do for CIO's" A data breach is the result of a malicious and probably intrusive action. Data loss may occur when a disk drive dies without its owner having created a backup. It occurs when the owner of encrypted data loses the key that unlocks it. According to the CSA report, minor bits of information were lost for some Amazon Web Service customers as its EC2 cloud suffered "a remirroring storm" due to a human operator error. And a data loss could occur intentionally in the event of a malicious attack.

Furthermore, malevolent insiders are other threats that can be induced from within a company. While the recent case of Edward Snowden and other NSA revelations have been found in the headlines, devious insiders have become more prevalent. With an evil-minded insider within a largely cloud-based organization, the problems can be largely magnified. One particular tactic that cloud customers can use is keeping encryption keys locally, as opposed to the cloud. According to ZP Security analyst Tim Lamar, "If key's aren't kept with the customer, and only available at data utilization time, the system still remains susceptible to malevolent insider threats and attacks. Systems that are only cloud based are at higher risk, and therefore its imperative to employ a Cloud Security platform in tandem."

news Buffer
Author

Shah k

Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com or follow us on Twitter@skyhighnetworks.

View Shah k`s profile for more
line

Leave a Comment