1. Data breaches
Data breaches aren’t something which is new over the World Wide Web. Its intensity and variety got changed between environments. According to predictions, data breach would be a concern in 2013 as well over a Cloud environment too.
Having known the risk of data breach, WHUK has in place a well designed multitenant cloud service database which helps us prevent the attackers from breaching into accounts and travelling from one account to the other. On server data breach has never been an issue at WHUK due to strict enforcement of usage policies.
2. Data loss
This is one of the major concerns of companies in this era. With an increasing threat of online scams and hacks where organizations report about data loss which is either stolen or completely drained out. This is something caused by human interference, nature too could be a major cause for data loss. Nature funded accidents such as earthquakes, floods; fire etc. can lead to data loss too.
There are ways to tackle data losses, no matter what the cause would be. As a precautionary measure, we regularly backup our servers for which we rely on R1Soft CDPs (incremental backup). We also encourage our customers to maintain a copy of their data at an individual level in an encrypted format. This practice has helped us ensure and avoid any loss of data for our customers and tenants. Encrypting the data before uploading it over the cloud has proven to be an efficient ways to avoiding data loss. In such cases it is the responsibility of the customers to maintain the encryption keys.
3. Account hijacking
Account hijacking has been a prominent scam run since the year 2011 which continued in the year 2012 as well. It’s estimated that 2013 too would face account hijacking and similar scams. These scams are typically carried out through phishing where with the techniques of social engineering, fraudsters catch hold of ignorant end-users exploiting their passwords. Also a way used for exploitation is software vulnerabilities. And since most large services are run on cloud these days, fraudsters can carry out destruction on a greater scale considering the huge playground if they get access to.
So, how can one avoid account hijacking and scams similar to these?
One can avoid falling prey to such frauds by using some simple methods, like:
- DO NOT use same passwords for different accounts
- STRONG PASSWORDS with a combination of alphanumeric and special characters which is at least 10 characters long
- Enable multi-step verification
Well, these are the suggestions that we ask our customers to follow. Apart from the environmental security, we have no control over the activities carried out by our end-users over the hosted platforms. Hence, we need to rely on the end-users to take care of this front on their own, though we can help on a case-to-case basis with helping them out with tightening security.
4. Insecure application programming interfaces (APIs)
Today, nearly every alternate software has come up with an API which enhances interactions with the software application or even an infrastructure, depending on the purpose what the software is developed to deliver. Mark O’Neill, CTO, Vordel talked about API keys and Cloud at cloudsecurityalliance website.
From this again comes under the end-user governance, we as cloud hosting service providers can only offer a secure cloud environment at the back-end.
5. Denial of service
After a recent incident where the world faced with an Internet slowdown due to the biggest known DDoS attacks over a highly popular company, it has once again become clear that no matter how big a company is and what measures one has implemented to retaliate attackers, it can still pose damage.
Any experienced company would know the means of avoiding such attacks and counteracting it if in case it does strike. We at WHUK are backed by an experience of 13 years with highly skilled engineers, network architects and a strong team of server administrators. Your server’s safety, accessibility and integrity are something we keep on priority #1.
6. Threats from the Inside
Organizations face a continuous risk of damage caused by someone from the inside. A lot of companies constantly face the challenge of watching over different aspects within the organization or vendors. In case of the Cloud, it’s important to ensure the dependability of the third-party vendor. According to the experts, complete dependency of a company on third-party technology vendors poses a greater threat.
7. Abuse of cloud services
The Cloud offers one of the most unique flexibilities for the users where anybody can get an account created over the virtual platform. The host barely has the scope of run a background check for each customer he has over the cluster.
Therefore, it’s important that before you choose a host, it’s important to run through the Cloud usage policies before signing up.
8. Risk Assessment and Mitigation
Cloud undoubtedly offers multiple advantages to users such as cost reduction, flexibility, availability, security etc. Despite that, organizations must also assess the risks involved when using the Cloud for running your business over it. Upon identification, it is equally necessary to adopt ways to mitigate them.
9. Shared technology issues
Every shared technology model inherits some risks of their own. No matter how many security measures one has adopted, exploiters do find a way to barge into the system. But with support from the third-party vendors, organization must adopt backup strategies to mitigate the common threats posed to the infrastructure.
With an active involvement of the Cloud vendor, the organization can get security tightened on a case to case basis on an application and port level.
Knowing the risks, it’s easier for any organization to tackle it and adopt measures to keep the system intact.