Companies are increasingly using cloud computing and investing more and more. The only reason why big-business executives are hesitant about cloud computing is the security of cloud computing. However, most enterprises have no concept of how to safely assess or even reinforce the cloud computing that is about to be used, and therefore it is difficult to reach agreement and consensus on using cloud computing for efficiency and convenience and security two.
Based on this, this paper uses classic "CIA three", i.e. confidentiality (confidentiality), integrity (Integrity) and usability (availability) to define the risk types of cloud computing, and puts forward relevant defense, detection and blocking measures. Then, the remaining risks after these measures are given to provide a useful reference for the executives of the enterprise in cloud computing practice.
"C": confidentiality (confidentiality) risk
These risks are related to the flaws and threats associated with privacy and information control, assuming that you want to make the information available only to entities that need it in a controlled manner, without exposing them to unauthorized third parties.
1 data leakage, theft, exposure, forwarding
User data and other types of intellectual property rights are lost through unintentional means. Data leaks have four major threat intermediaries: Outside theft, vandalism internally (including unauthorized data printing, copying or forwarding), unauthorized misuse by authorized users, and errors caused by ambiguous policies.
Defense: Software controls prevent inappropriate data access through data Loss Prevention (DLP) schemes. Avoid placing sensitive, confidential, or personally identifiable (PII) information in the cloud.
Detection: Tracking data flow using water markers and data classification labels with monitoring software.
Blocking: The use of clear and powerful language in contractual agreements with service providers that specify enforcement and protection of data privacy.
Residual risk: In the cloud vendor environment, multiple untraceable logical disk storage locations are involved, as well as data persistence issues related to exposing private data to the administrator's vendor management access issues.
2 detection, packet detection, packet resend
Intentionally capturing information through unauthorized network interception, using tools to intercept network packets, or to reproduce network transactions and to send back transmitted data.
Defense: encrypts static data and transmitted data by using powerful encryption techniques such as PGP, encrypted files, and network encryption techniques (such as TLS,SSL,SFTP) between servers on the network. Providing link layer data encryption is a priority for cloud providers.
Detection: At present, we are not well aware of when someone intercepted your data, however, the IDs feature can help identify unusual behavior on a network that might indicate an unauthorized scope intent.
Blocking: Transferring the risk of unauthorized access to a service provider that uses a specific contract language.
Residual risk: Use network topology, network defects, intrusion servers and network devices, and direct access to network devices to steal data from the network.
3 Improper administrator access rights
Work with privileged access levels is typically reserved for system administrators who provide access to all the data that the system and the system can access to browse data and make adjustments without having to pass the system certification process. Administrators have the right to bypass all security controls, which can be used to intentionally or wrongly damage private data.
Defense: Minimize the number of administrators who provide cloud services-servers, networks, and storage (preferably less than 10 and more than five administrators). In addition, there is a thorough background review to ensure that all personnel of the service provider are screened. When hiring a cloud provider or signing an agreement, a vendor security check is required to ensure that their practices are effective.
Detection: Monthly or quarterly inspection of cloud provider management access logs for their internal infrastructure.
Block: Select only those cloud providers that can prove to be robust and have network management methods that want to identify with customer conditions.
Residual risk: Because administrators have full control, they are willing to abuse their access rights intentionally or unintentionally, resulting in a trade-off between personal information or service availability.
4 Persistent storage
After a data is no longer needed or has been deleted, the data may remain on disk. Data may be deleted but must not be overwritten, so the risk of data recovery after unauthorized individuals is increased.
Defense: When a disk is replaced or reassigned, insist that the vendor has a plan to protect against disk erasure management. Invalid disks should be degaussing or destroyed to prevent data leaks.
Detection: You cannot find out when your data is stored on a disk that is already offline.
Blocking: A disk erasure scheme should be established before selecting a vendor to ensure that these requirements are clearly defined in the contract language.
Remaining risk: The data remains on physical media long after it has been deleted.
5 Storage Platform Attack
Direct attacks on the SAN or storage infrastructure, including the use of management controls for a single storage system, provide access to private data, and bypass control settings built into the operating system, because the operating system is outside the loop.
Defenses: Ensure that providers have robust zoning and role-based access control on their storage systems, and that access to vendor storage-system management interfaces is not done through the user network.
Detection: Implement IDs for the storage network and check the storage System access control log on a quarterly basis.
Block: Ensure that cloud service providers have a strong legal representation and can commit to identifying and prosecuting attackers.
Residual risk: The data can be stolen directly from the SAN, and you may be able to discover it, perhaps without realizing it.
6 Misuse of data
It is also possible for someone with access to the data to perform other operations on the data, including operations that are not allowed to do so. For example, disclosing information to competitor employees, testing the developers of production data, and removing data from the managed environment of the organizer's private network and putting it into the unprotected main environment.
Defense: For employees, use security controls similar to private data networks, such as DLP, role-based access control, and interference test and development data. Destroys the ability to send e-mail attachments to external addresses.
Detection: Tracking data flow using water markers and data classification labels with monitoring software.
Blocking: The use of security awareness programmes to punish and sanction acts that prevent people from transmitting data to an uncontrolled environment from a controlled environment.
Residual risk: People can find some control strategies to put data into an uncontrolled environment that can be stolen or misused.
7 scam
Illegal (or deceptive) access to information that is unauthorized. Fraud can be committed by outsiders, but is usually committed by a trusted employee.
Defence: A balance that is fully separated by censorship and by reducing reliance on a single individual. Ensure that the business process includes review management and approvals.
Detection: Perform periodic audits of computer system access and data use, with particular attention to unauthorized access.
Prevent: Ensure that employees have a proper punishment procedure. For service providers, the written language of the contract is used to transfer risk.
Residual risk: Fraudulent behavior can lead to significant reputational and economic losses.
8) Hijacking
A valid computer session, sometimes referred to as a session key, for the development of unauthorized access to information and services on a computer system, in particular the misuse of the magic cookie that is used by remote server access for user authentication. For example, HTTP cookies used to maintain sessions on many Web sites can be stolen by using a cookie stored on an intermediary computer or on a computer that accesses the victim. If an attacker could steal the cookie, an attacker could request a data operation like a real user, gain access to privileged information, or change data. If the cookie is a permanent cookie, the fake behavior can last for quite a long time. In this case, the protocol that is maintained by passing the key on both sides is fragile, especially if it is not encrypted. The same applies to the management credentials of the cloud environment, and if the entire cloud environment is managed through a session key, the entire environment can be effectively exploited by a session hijacking attack.
Defense: Look for a solid identity management implementation from a service provider that emphasizes this risk with robust, encrypted, accurate session keys. As a customer, you should use good key management processes and scenarios, key escrow, and key recovery schemes so that employee turnover does not cause the service to be unmanaged.
Detection: Periodically check the access logs of cloud resources and their management interfaces to identify anomalies.
Stop: We can't take effective measures to prevent the hijackers from taking a hostage session outside the positive legal response.
Residual risk: A valid user of a cloud service that an attacker might impersonate can even use administrative credentials to lock down and damage the entire infrastructure of the enterprise.