Subscribe to our Newsletter | To Post On IoT Central, Click here


Cloud computing vulnerabilities

When contemplating to migrate to cloud computing, you have to consider the following security issues for you to enhance your data safety.

Session Riding

Session riding occurs when an online attacker steals an internet user’s cookie to use the application later as the real user. The attackers might also use the CSRF attacks for them to trick the user to send authentic requests to random websites to accomplish various missions.

Virtual Machine Escape

Within virtualized settings, the physical servers operate multiple virtual apparatuses on top of the hypervisors. An online attacker can remotely exploit a hypervisor by using a weakness present in that particular hypervisor. However, such vulnerabilities are pretty rare, but they are real. Also, a virtual machine can avoid the virtualized sandbox setting to gain access to the hypervisor. Consequently, all the virtual machines ultimately run on the virtual machine.

Unsafe Cryptography

Cryptography algorithms normally use random number generators. They use unpredictable information sources to produce actual random numbers that are needed to get a large entropy pool. When the random number generators provide only a limited entropy pool, the numbers can be forced. In a client’s computer, the major source of randomization is user mouse operations and the key presses. Servers however normally operate without user interaction. That consequently means that there will be a lower number of sources for randomization. Hence, the virtual machines usually rely on the sources that are available to them. That could lead to easily guessable numbers that do not give much uncertainty in cryptographic algorithms.

CSP Lock-in

You have to choose a provider that has guarantee cloud security will enable you to shift easily to another provider when necessary. You do not want to choose a CSP that will force you to use its services. That is because sometimes you would prefer to use a CSP in one thing and another CSP for something different.

Cloud computing threats

Before you decide to shift to the cloud computing, you have to put into consideration the platform’s security vulnerabilities. You also need to assess the possible threats to determine whether the cloud platform is worth the risk due to the numerous advantages it has to offer. The following are the major security threats experienced regarding cloud security.

Ease of Use

It is a reality that cloud computing services can easily be exploited by malicious attackers since its registration process is pretty simple. You are only required to have valid credit card to get started on this platform. In some cases, you can even pay for the cloud computing charges by through PayPal, Payza, Bitcoin, Western Union or Litecoin. By using the payment methods, you can stay completely anonymous. The cloud platform can be used maliciously for various ill purposes like malware distribution, botnet C&C servers, spamming, DDoS, hash cracking and password cracking.

Secure Data Transmission

When sending the data from clients to a cloud computing platform, the data can be transferred by using a secure, encrypted communication channel such as SSL/TLS. That prevents various attacks like the dreaded MITM. During these attacks, your online data could be stolen by an attacker intercepting your communication.

Insecure APIs

Most cloud services are exposed by their application programming interfaces. Since the APIs are easily accessible from any location on the Internet, malicious attackers can exploit them to compromise the integrity and confidentiality of the internet users. An attacker has access to a token used by a legit user to access the service through cloud computing. The API can apply the same token to interfere with the customer data. Hence, it is imperative that all cloud services provide a safe API to prevent such attacks.

Malicious Insiders

It is possible for a staff member at a cloud service provider to have complete access to your confidential resources. Therefore, cloud service providers should set proper security measures to track their employee actions. Normally, cloud service providers never follow the best security procedures and fail to implement security policies. Hence, their employees can collect confidential information from customers without getting detected.


Originally posted on Data Science Central

E-mail me when people leave their comments –

You need to be a member of IoT Central to add comments!

Join IoT Central

Comments

  • As the experience of roughly 1 in 3 Americans over the course of 2015 demonstrated, data theft is as much a crime of opportunity as the result of a complex, evolving security infrastructure that needs constant updating.

    Opportunity may come in the form of ignorant employees, neglectful standards governing behavior, and poor human resource management just as easily as it may come from insecure APIs or poor cryptography. The strongest wall in the world may still be breached when the gatekeeper leaves the door open.

This reply was deleted.

IoT Open Discussion Forums

Upcoming IoT Events

More IoT News

How wearables can improve healthcare | TECH(talk)

Wearable tech can help users track their fitness goals, but these devices can also give wearers ownership of their electronic health records. TECH(talk)'s Juliet Beauchamp and Computerworld's Lucas Mearian take a look at how wearable health tech can… Continue

IoT Career Opportunities