-

 Threats to Cloud Security.

 

Cloud computing is on the rise and becoming popular in the public and business enterprises sector. Many CSPs (Cloud Service Providers) like, Microsoft Azure, AWS (Amazon Web Service), and GCP (Google Cloud Platform) are offering their clients and users the opportunity to migrate the operations to the cloud by subscribing services () that fits their operation needs. There are many activities involved with migrating to the cloud that are important for the public and business enterprises to understand before making such leap (migrate). Speaking of migrating, the term security is one of the most critical aspects that concerns cybersecurity team members, and all proper measures must be taken seriously. The uprising of cyber threats to cloud computing increases by the day just as cloud computing becomes more and more popular. The following are lists of threats to cloud security:

1.      Data Breach - regardless of whether data is accessible through the Internet or private network (on-perm or cloud), they are subject to security risk. Data stored in the cloud has some unique vulnerabilities, however, including risks due to shared hardware resources and vulnerabilities to CSP personnel or third-party providers (West, 2023, p. 217). As much as some customers would like to protect their data in the cloud, unfortunately, they do not have any physical security control over the physical configuration of the “infrastructure supporting their cloud-hosted data.” However, depending on the CSP, customers will be provided virtual security control.

2.      DoS and DDoS – (Denial of Service and Distributed Denial of Service) are methods attackers implement when they want to bring down a network by delaying its operations. Both methods can deny user access to legitimate websites (network server) if properly implemented. For example, an attacker can take down a website simply by deploying DDoS to flood the website with unnecessary traffic.

3.      Poor Account Management – poor account management will eventually lead to accounts being compromised by attackers.  For example, humans have the attitude of using weak passwords because human memory is not capable of memorizing complex characters (mixture of signs, numbers, and letters).

Other threats to cloud security that are not discussed in this blog but are just as important as the three being discussed are: Insider Threat, CSP Change or Outages, Data loss with no backup, Insecure Interface, Advanced Persistent Threat and many more.

 

 

Reference:

West, Jill. CompTIA Cloud+ Guide to Cloud Computing (p. 217). Kindle Edition. Retrieved: October 23, 2023.

Comments

Post a Comment

Popular posts from this blog

CompTIA Network+: Network Management & Infrastructure

-
 Week One: Entry Blog. Hello to all, my name is Edward Cooper, and I was born and raised in Monrovia, Liberia, Africa. I came to the United States, November of 1996, and I reside in the beautiful state of New Jersey. I love working with different types of technologies and I just got through building a brand-new Personal Computer last month as I was pursuing my certification in Comp & Network Security Fund (CompTIA Security+), and Comp & Hardware and Software Mgmt. (CompTIA A+). I am currently taking a class in both Computer Server Environments (CompTIA Server+), and Network Mgmt. & Infrastructure (CompTIA Network+). Other than Windows Server that I have had some experiences (installed and configured) working with, I have not had experience with other vendors’ server platforms.   Speaking of server, I have some experience when it come to computer networking and I was able to build a home network (LAN) with four computers, Windows server, routers hubs, and a sw...
Week One: Safety and Professionalism
-
 Week Six: Internet Protocol version Six (IPv6). This week six topic focused on the fundamental concepts of Internet Protocol version six (IPv6), describing IPv6 practices, and the implementation of Pv6 in a Transmission Control Protocol/ Interprotocol (TCP/IP) network design. The Internet Protocol version four (IPv4) was developed for the purpose of assigning Internet Protocol addresses. IPv4 was developed to handled IP addresses for the foreseeable future, unfortunately, it turned out that wasn’t the case as the traffic (more computers became available in homes and smaller businesses) on the air wave begin too much to handle.  The IPv6 was developed as the replacement for IPv4. IPv6 comes with tremendous benefits that IPv4 didn’t had, and one of those benefits that IPv6 come with has to do with its pool of unlimitedly IP address. IPv4 is stay in used at this current moment as IPv6 translation begin slowly into replacing IPv4. There is no comparison whatsoever between IPv4 an...
Week One: Safety and Professionalism