Tdavis_Cloud Security Threats and Mitigation_03142021

.docx

School

RMU *

*We aren’t endorsed by this school

Course

MIS 548

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

9

Uploaded by timothy.davis2

Report
Running head: CLOUD SECURITY THREATS AND MITIGATION 1 Cloud Security Threats and Mitigation Timothy E. Davis Rasmussen College Author Note This paper is being submitted on March 14, 2020 for Stacy Truelove’s CTS4623CCBE Section 01CBE Advanced Cloud Computing Technologies.
CLOUD SECURITY THREATS AND MITIGATION 2 Cloud Security Threats and Mitigation Our finance company is planning to store Personally Identifiable Information (PII) data on the public cloud. As we use the PII data to run analytics to send out credit card offers, we are obligated to stay FINRA compliant as a financial institution. FINRA is an acronym for Financial Industry Regulatory Authority and is the organization that oversees the Securities Exchange Commission (SEC). These organizations are in place to ensure that we as a financial institution stay compliant with storing, transmitting, and utilizing data. With our company utilizing the public cloud, we must take extra precautions to make sure that we adhere and consider all security threats. We want to make sure that we address security threats, implement data encryptions, and utilize threat detection tools with understanding our cloud platform and structure. In addition, we want to make sure that we know the best vulnerability scanning tools and cloud-native security services for our public cloud. Security threats in the public cloud can range from the point of access to security account credentials. Several security attacks on the cloud are strongly related to the poor management of access points. This is where the users play a critical role in ensuring that we secure these different access points. When vulnerable, these access points are exactly where the hackers look to expose the users and the information that is retrieved through these weaknesses. a way to help protect us from these types of vulnerabilities is by educating our users on securing these access points (Lee, 2012). Both Facebook and Google have experienced very similar situations where hackers retrieve personal information. However, this could have been avoided, as the personal information that was retrieved from the hackers, we're not encrypted and just in plain text. Nevertheless, Google was able to react by implementing a multi-factor authenticator to control
CLOUD SECURITY THREATS AND MITIGATION 3 access. This is extremely helpful as a user would need to have authentication through two different devices to gain access. Additional concerns of security threats are within data leaks and breaches, oftentimes are from negligence and security flaws. This confidential information is often leaked and sold on the black market. When these types of security breaches are detected and traceback to the company that leaks personal information, there are oftentimes fines that can be detrimental to the business. This happened with Equifax back in 2017, when they had a data breach of over 140 million users' accounts. This was a result of the failure to update the system. Where is this could have been avoided by encrypting data, utilizing multi-factor authentication, and a perimeter firewall. Another threat concern is data loss through alteration, deletion, and or access loss. A way to help mitigate these threats is to back up data to ensure its reliability continuously. These backups should be locating it separately from the original data. The reason to back up in separate locations is that cloud services are integrated through APIs, and hackers tend to utilize primary instruments to access cloud infrastructure points. This can lead to brute force attacks, anonymous access or even prevent access. This happened this type of situation happen with the Analytical scandal in Cambridge and the use of vulnerable API. They used hidden keys on Facebook API to obtain personal information. This can be succeeded by emulation testing via penetration testing, where is there is a numerous external attack on the API. This is why it is imperative to run audits and encrypt the SSL layers periodically. Lastly, another security threat to keep an eye on is incorrect configurations. This can result from mismatched data, default security settings, and distorted data on the cloud infrastructure (Behl, 2011). A DOS attack is where the servers are overloaded and calls the system to stop working, which prevents the user from accessing data in
CLOUD SECURITY THREATS AND MITIGATION 4 or out. This can be mitigated by limiting the source rate, inspecting the firewall, and ensuring that the cloud is up to date on security features and detection. Data encryption on the public cloud is a solution that encodes data while it travels two and from the cloud-based application as well as the storage to the authorized user that is looking to retrieve the data. Public cloud offers encryption such as encrypted connections, which is to limit encryption specifically for the data that is being recognized and encryption of the data that's being uploaded in the cloud. Cloud data-in-transit encryption is the most common use HTTPS protocol. Many cloud service providers encrypt data by default or by the click of a button, and they also offer encryption keys so that they may safely decrypt data as needed (Lord, 2018). Encrypting data on the public cloud is strongly recommended to protect from attackers. Though cloud service providers have made it easier to manage keys and encrypt data, some organizations take it a step further by encrypting their data prior to transferring their data into the cloud. For example, Office 365 is a cloud platform that encrypts data messages that are being sent. This type of cloud encryption is recognized within business industries as being compliant with regulators such as FINRA. When decrypting the data, there is a required decryption key. The quantum key is a system for advanced data encryption. Many top cloud providers, one being Azure, have implemented this method which is called cryptographic cloud services. Amazon AWS has encryption which is called Amazon S3. Where is SSE and AWS management services have embedded encryption keys. Cloud providers have made it a top priority to encrypt all data consistently. That is data that is being transmitted, data that is being back to, and the data stored. An essential need for the end-user is to secure their encryption keys.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help