Storage Locker
Data is just as precious as anything else. While storage frameworks in the cloud and on-premise promise perpetual availability and sound security, they do not offer any differentiation to data to treat is as either sensitive or not. Moreover, they may change their policies every few years and do not offer any guarantees that the data will not be handled with minimal intervention.
Companies exist for record management, secure storage and secure destruction but they usually service backup data and often manage the archives. Sensitive data on the other hand may not live in an archive but can remain in a database, unstructured data or even shared among trusted subsidiaries. Locker services does not differentiate between live and aged data.
The vulnerabilities, threats and attacks in the cloud are discussed in survey of cloud security and made publically available. These include:
1) shared technology vulnerabilities - increased leverage of resources gives the attackers a single point of attack.
2) Data breach - with data protection moving from cloud consumer to cloud service provider, the risk for data breach grows
3) Account of service traffic hijacking - Since the data moves over internet, anybody who hijacks the account could mount a loss of service
4) Denial of service - a denial of service attack on the cloud provider affects all
5) malicious insider - a determined insider can find more ways to attack and cover tracks in a cloud scenario 6) Internet protocol : IP connectivity is a requirement for data but comes with its own vulnerabilities
7) injection vulnerabilities - XSS, sql injection and other injection vulnerabilities in the management layer affect even otherwise secure data
8) API & browser vulnerabilities - vulnerability in the cloud provider's API may also affect data security
9) Changes to business models - cloud computing may require consumers to change their business models and this introduces regressions from previous security reviews
10) abusive use - cloud computing is inviting all with zero cost subscription. While it is designed to mitigate denial of service attacks, it does not stop malicious users from trying.
11) malicious insider - even insiders of a cloud provider could become malicious
12) availability - the system has to be available at all times and while cloud providers take extra ordinary efforts, they may suffer from outages such as power
Data is just as precious as anything else. While storage frameworks in the cloud and on-premise promise perpetual availability and sound security, they do not offer any differentiation to data to treat is as either sensitive or not. Moreover, they may change their policies every few years and do not offer any guarantees that the data will not be handled with minimal intervention.
Companies exist for record management, secure storage and secure destruction but they usually service backup data and often manage the archives. Sensitive data on the other hand may not live in an archive but can remain in a database, unstructured data or even shared among trusted subsidiaries. Locker services does not differentiate between live and aged data.
The vulnerabilities, threats and attacks in the cloud are discussed in survey of cloud security and made publically available. These include:
1) shared technology vulnerabilities - increased leverage of resources gives the attackers a single point of attack.
2) Data breach - with data protection moving from cloud consumer to cloud service provider, the risk for data breach grows
3) Account of service traffic hijacking - Since the data moves over internet, anybody who hijacks the account could mount a loss of service
4) Denial of service - a denial of service attack on the cloud provider affects all
5) malicious insider - a determined insider can find more ways to attack and cover tracks in a cloud scenario 6) Internet protocol : IP connectivity is a requirement for data but comes with its own vulnerabilities
7) injection vulnerabilities - XSS, sql injection and other injection vulnerabilities in the management layer affect even otherwise secure data
8) API & browser vulnerabilities - vulnerability in the cloud provider's API may also affect data security
9) Changes to business models - cloud computing may require consumers to change their business models and this introduces regressions from previous security reviews
10) abusive use - cloud computing is inviting all with zero cost subscription. While it is designed to mitigate denial of service attacks, it does not stop malicious users from trying.
11) malicious insider - even insiders of a cloud provider could become malicious
12) availability - the system has to be available at all times and while cloud providers take extra ordinary efforts, they may suffer from outages such as power
No comments:
Post a Comment