Cloud Security Risks

  • Secure data transfer – Since all of the traffic travelling between your network and whatever service you’re accessing in the cloud must traverse the Internet, make sure your data is always travelling on a secure channel and encrypt and authenticate using industry standard protocols, such as IPsec (Internet Protocol Security).
  • Secure software interfaces – The Cloud Security Alliance (CSA) recommends learning how providers integrate security throughout its service stack, from authentication and access control techniques to activity monitoring policies.
  • Application and Process –The cloud providers must practice secure development processes, including image provenance, licensing and usage control.
  • Secure stored data – Your data should be securely encrypted when it’s on the provider’s servers and while it’s in use by the cloud service.
  • Network, Server and Endpoint – All tenant domains need to be properly isolated and are protected from leakage from one tenant domain to the other. This calls for trusted virtual domains and policy-based security zones with capabilities like intrusion detection and prevention systems to be built into the environment.
  • Denial of Service – All parties must agree on their responsibilities to review data and perform reviews of internal and internet-based denial of service (DoS) or distributed denial of service (DDoS) attacks.
  • Physical Infrastructure – As with any datacenter or work environment the provider’s infrastructure, including servers, routers, storage devices, power supplies, and support operations, should be physically secure.
  • User access control – Data stored on a cloud provider’s server can potentially be accessed by an employee of that company, and you have none of the usual personnel controls over those people.
  • Data separation – Every cloud-based service shares resources, namely space on the provider’s servers and other parts of the provider’s infrastructure. Hypervisor, or virtual machine manager (VMM), software is used to create virtual containers on the provider’s hardware for each of its customers, which should include data encryption to prevent access across virtual containers.