Cloud computing internal threats: a mitigation measure to study risk and risk

Security is often a top priority when planning to invest in cloud-based technologies. Of course, in a cloud environment, technology is often outside the network boundaries of an enterprise, so users can use resources instead of physical racks, servers, power systems, and other related devices. One important issue to be sure of is that critical data such as customer data, medical records, and intellectual property rights are not affected by other customer systems and data files.

In this article, we will look at another security issue in the Enterprise Cloud environment: internal threats. We will explore deliberate (planned) attacks and accidental (accidental) damage based on cloud-critical resources.

Explore the internal threat of cloud computing

When investigating the main problem of internal threats, attackers already exist internally. For the purposes of this article, we assume that insiders work for cloud service vendors and have one or more client environments. Insiders can coordinate the confidentiality, integrity, and usability of customer information.

Types of deliberate attacks include information theft, data destruction or data destruction, damage to systems that serve specific customers, damage, destruction, and fraud of software and services used by users.

Although it is hard to imagine an unintended cloud of internal threats, this threat often occurs due to faulty directives, which negatively impacts customer systems, services, and data. However, it may also be due to a lack of training in the management of client systems, services and data. For example, an operator or technician may receive commands for a particular service, or it may be a command to update a particular service, and the wrong data will be entered because of a lack of training for special events. A database administrator may accidentally visit the wrong customer database and enter the wrong command so that the entire database is corrupted.

Cloud computing internal threats: a mitigation measure to study risk and risk

In fact, seemingly malicious internal activity may be entirely accidental. However, such events raise the question of how "accident" can happen if someone knows how to safely access and use complex cloud-based systems and services.

Therefore, we should focus on deliberate attacks, focus on the potential impact of deliberate attacks and how to prevent or mitigate their effects. If the offender has security clearance, information or intellectual property theft is a nightmare for an enterprise. Trade secrets, engineering documents, financial data, customer data, and many other valuable assets can be replicated and sold to the highest bidder or person anywhere. These may be happening quietly.

Once the data is destroyed or destroyed, insiders can access key customer files and databases and delete data, introduce viruses or worms, or introduce logic bombs to destroy/erase data. If these critical data are not backed up/or not replicated to other locations, the loss will cause the company to fail.

Companies that use cloud-based systems and services that are maliciously manipulated and changed suddenly find that their critical customer-facing applications fail or are not operational. This means that their customers may not be able to handle business properly, resulting in litigation, business and reputation loss. It can be difficult, if not impossible, to regain customer trust, especially if the customer-facing system is severely damaged.

The foregoing may be a deliberate act, as is the case with many internal attacks. A cloud based service organization may be dissatisfied with the organization or have a personal grudge against a particular company, who happens to be a client of the cloud services organization. This person has security clearance, as long as he likes, he can almost do anything to slowly destroy the target organization and the company. Use a variety of techniques to steal information, create false financial data, or disrupt organizations that run "interrupts," but overall, this could be part of a larger, more sinister plan.

Finally, like many other malicious acts, fraud occurs frequently in the cloud environment. However, the company's internal perpetrators may only be able to access the company's resources, while in the cloud environment, the offender can access many organizations. For example, the events we hear about insider manipulation of the financial system, such as the infamous Societe Generale fraud, cause millions of of losses, otherwise hurting the organization and causing billions of of billions of dollars in losses. In a cloud environment, a perpetrator can secure access to multiple client systems and data and will only be limited by his or her computer skills.

Preventing internal threats: questions to ask

A malicious insider may be a system administrator or other technical person. An unlawful attack by such a person might be called a "rogue" Administrator or technician.

Organizations that plan to use cloud-based resources must actively assess the security posture of cloud service vendors. The issues that need to be addressed include the following:

How often are the cloud system administrators and technicians authorized to be audited and reconfirmed? Make sure to sit down with the manufacturer not only to listen to the process of explanation, but also to write it down. Ideally, the organization conducts a number of internal access verification processes each year.

How do you scrutinize future system administrators and technicians who can access customer systems and data? Ensure that newly hired employees do not have immediate access to sensitive customer systems and data. Before you entrust a new employee with managing your account, the vendor should ask the new employee to prove that they are competent and trustworthy.

Do you manage background checks? Do they regularly update and/or redo background checks? Those who have a criminal record should be examined further or excluded altogether from the person considered. Also, have employees worked for competitors in the past? If you are a Pepsi worker, you may not want the former Coca-Cola staff to manage the implementation of cloud computing.

What kind of initial and on-the-job security training is useful for system administrators and other technicians? Assume that security administrators and other technicians are aware of information security and prove their capabilities through careful questioning and certification of special skills, such as professional certification assessments, The next step is to make sure that they have a thorough understanding of the security systems in use, and that you can enhance their experience by having them read the technical manuals, security configuration data used by the system, and discuss security systems with the manufacturer and/or distributor of the system. As new versions of the security system are implemented and software patches are installed, these changes should be presented to managers and technicians.

What kind of security training is provided to the employees of the non-tech cloud services company? Assuming that the cloud organization has an information security policy, first of all, the policy should be distributed to all employees, and even the employees who have already read the policy can be signed to confirm; Or at least include employees who have access to customer information and systems; Finally, prepare a sheet of paper summarizing key information security policies and good practices defined by the company.

From a policy and procedural point of view on security issues, especially on information theft, destruction, fraud and other issues, based on the attitude of the cloud service providers proactive? As part of the vendor assessment process, review the cloud service vendor policy, guidelines, and proof of practice for client-side systems and data protection activities; If you are preparing a proposal request as part of the cloud service vendor evaluation process, be sure to ask the service vendor how to ensure that the customer's data are protected in their environment.

What security monitoring systems and procedures are needed? Most cloud service vendors have security monitoring systems and programs that have a set of systems in use, such as intrusion detection systems, intrusion prevention systems, firewalls, and to view their security monitoring policies and procedures to find out how they detect and correct denial of service attacks, Malware and other software that attempts to compromise system and data/database security, and a detailed record of all previous security vulnerabilities and how to discover and correct these vulnerabilities.

What kind of network monitoring systems and procedures are needed? This is similar to the above list, in addition to their concerns with the network boundaries, Internet access devices, internal/external voice and data network services and network access devices (such as routers, switches, load balancers), and secondly, To see the proof of all network security vulnerabilities and how they found and corrected these vulnerabilities.

How many records of malicious internal behavior have the cloud service vendors had? This may be one of the most important issues to be addressed when evaluating potential cloud service vendors, which should be part of all RFP and vendor readiness to submit an incident record certificate. Be prepared, you may not get the answer, because this may be considered "company secret;" Of course, no answer to this question is a warning sign.

How to solve the attack? Any cloud vendor answering such questions should include a summary of the incident and how the accident was resolved, and more importantly, what improvements were being made to the security policies and procedures of the cloud services company to prevent future accidents and quickly identify suspicious behavior.

Has cloud services been convicted of internal attacks by customers? Second, to be prepared, you may need to review or you will not get the answer, because it could be a sensitive issue for cloud service vendors, and it could be placed in a confidential place; A truly reputable cloud service company should be bold enough to admit its mistakes and see how an accident can help the company improve its customer security policies, practices and capabilities.

Before signing a contract with a cloud service vendor (ask them about your own internal IT organization and other issues). Even the most successful and respected cloud companies may have such people waiting for the right time, and when the time comes, they will take malicious action to get their own pockets or to reach their own advantage. Although it is almost impossible to find a perpetrator, unless it is too late, a warning signal is issued. Discontent, poor performance appraisals, unpaid pay, family problems, busy working and occasional tantrums are all warning signs. It may not seem important, but make sure that your vendor's HR team is able to assist in the process of screening and continuous monitoring of employee performance. Take these approaches when evaluating your organization's security posture. Like your suppliers, your organization could be a target for internal threats.

Before fully reliable employee screening, system/network monitoring, and detection of human performance changes that portend internal attacks, cloud-based service vendors, like many other IT service companies, have to maintain high levels of due diligence and proactive work oversight to prevent malicious internal attacks. Therefore, we must consider the above suggestions. Keeping the highest standards on the manufacturer will help reduce the internal threat of cloud computing.