Is Your Client’s Cloud Infrastructure Protected?

Cloud infrastructure makes it far easier for large organizations to organize their data, but it also provides a new set of opportunities for cybercriminals to gain illicit access to company information.

It's important to remember that the risks of using cloud infrastructure aren't necessarily greater than using traditional data storage and on-site computing — they're just different. Because of each system's inherent design architecture, they both have their strengths and weaknesses for different types of attacks. Because cloud infrastructure is already so commonly adopted, it's extremely useful for organizations and clients to know the particular weaknesses of both types of systems and build their risk mitigation strategies around their unique system profile.

Using Infrastructure-as-a-Service

Infrastructure-as-a-Service (IaaS) is currently one of the most popular forms of cloud computing because it is so simple and turnkey. Companies contract with a cloud-computing software company, providing them with a complete cloud computing infrastructure.¹

While there are other commonly used forms of third-party cloud architecture, such as Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS), IaaS is the most complete version of this type of solution. IaaS provides monitoring, storage and fully developed infrastructure on a unique and private cloud. While companies moving from a fully in-house system may use SaaS and PaaS to begin the transition to cloud systems, IaaS has become the final step in the process.

One of the big selling points for IaaS is its cost effectiveness. Instead of paying an entire team of employees to create and maintain a highly specialized and unique system, many companies see the merit of simply paying another tech company to provide them with a finished product. IaaS systems often have the advantages of full-time customer support and the ability to mold the system to your organization's needs.

The first thing to consider with IaaS packages is the relative cybersecurity perks of each. Not all are created equal, with some IaaS products providing different types or amounts of cyber protection.

Insecure Application User Interfaces

Application user interfaces (APIs) are programs designed to streamline communication between the client/customer using the IaaS and the cloud system itself. These programs have become one of the greatest weaknesses in the armor of cloud storage and computing. While the cloud servers themselves may be extremely secure and resistant to breaches, the programs that are actually allowed to interact with and instruct data storage in the cloud have demonstrated cracks.

Many APIs are either intentionally or inadvertently exposed to the public. A recent study showed that roughly two-thirds of companies reveal their APIs to third parties, such as external developers or new business partners.² From a business perspective, this transparency makes a lot of sense. It's important for cloud infrastructure companies to have a way for new clients to get a good look at the user interface that they'll be using if they choose to sign on with the cloud system in question. However, from a security perspective, this transparency can quickly turn into a disaster. Because APIs are designed to grant explicit access to otherwise secure cloud networks, showing business partners your APIs can allow hackers new vectors of access.

Drawbacks of Interconnectivity

A largely unintentional benefit of a traditional or localized data storage system is that they're often fragmented. While fragmented storage architecture can severely slow employee access and workflow, it can also slow the speed of hackers' data access once they've breached your outer defenses.

By contrast, a hallmark of many cloud-based attacks is the sheer amount of damage that can be done when an attacker gains access to the system, because the data is well organized. Hackers can quickly sort through less important files in the system while looking for the good stuff.

Highly interconnected systems also allow hackers to access everything once they've gotten within the first formidable walls of defense. Denial of service (DoS) attacks and hypervisor infections can run rampant through some cloud systems with relative ease.

Access and Management Problems

When you outsource your data management and data systems to another company, you often give up some control in the process. While most IaaS providers offer sufficient systems for governing control and access to data within your organization, there's a learning curve to teaching your employees to accurately control and use them.

If your data governance team fails to properly set up the right data access restrictions and allowances within your own organization, you can unintentionally allow employees access to areas of the system that those employees aren't supposed to see.³ If the company's employees are compromised by phishing attacks or other form of employee-targeted attacks, hackers can access the more vulnerable parts of the cloud system. When starting to use a new system, it's critical that your tech team fully understands its cybersecurity and data access controls.

While cloud infrastructure saves many organizations a lot of time and money, it also has its own set of vulnerabilities and downsides. It's extremely important that your organization knows exactly what kind of cloud system you're getting into and has a firm grasp of its unique vulnerabilities.

Sources

¹Al Mehdar, Zainab. "Cybersecurity and Cloud Computing: Risks and Benefits Updated," Rewind, 18 Jan 2022.

²Kosten, Steve. "7 Cloud Computing Security Vulnerabilities and What to Do About Them," Toward Data Science, 13 Jul 2020.

³Morrow, Timothy. "12 Risks, Threats and Vulnerabilities in Moving to the Cloud," Carnegie Mellon University Software Engineering Institute, 5 Mar 2018.