Cyber Security (2 Part Series)
General Risk : There are humongous amount of risk ranging from Data breach to data leakage which need to be prioritized when we are selecting the provider, every provider is having their own way of dealing with the control, Consumer needs to prioritized and select based on their concerned area’s the best suitable provider, there is a way which we can use like understanding client’s requirement , assessing what provider is offering you , then selection of the appropriate framework which will help you to implement control according to your requirement and then assessing any control gap which might help you understand whether the risk is with in appetite level.
Vendor lock : It is another issue which most of the consumer is going to face if the initial due diligence effort horribly fails, in this case most of consumer fails to understand the technology used by provider or initial contract which will results consumer locked with provider and they can’t leave provider.
Provider Exit : financial stability of the provider also matters most, what about after making so much investment on the technology provider run away from the market, along with provider data as well which belongs to consumer, so as like other risk it needs to be treated equally and stability of the provider needs to verified before doing a large investment.
Cloud Security Training
Multitenant : Because of the shared nature of cloud (Multitenant) Side channel attack is also the concern area of consumer; Needs to be prioritized and rectified. Multitenancy also create a severe issue on privacy along with security, the reason along with your workload other tenant workload is also running and operating from the same hardware so if the underlying infrastructure is not secure it may create a issue of isolation failure which results to data and service breach.
Virtualization : is the base of cloud or we can say without virtualization there is no cloud, Multiple attack has been discovered against well-known hypervisor like ESXI it needs to be tested and rectified as well, we need to have a secure virtual platform on which we can build the secure service. Multiple malwares and rootkits are there which can exploit the weak virtual platform. so secure virtual platform selection is also the key part of secure cloud.
VM-HOPPING : Attacker target the less secure virtual machine and from there target the virtual platform and finally the other tenant data and workload, this attack technically called as VM-Hopping attack, these attacks normally can occur because of insecure operating system and insecure virtual platform.
API : On cloud because most of the services we are assessing through either web console or CLI , in both of the case one of the primary service to assess all the services is through API(application program interface) ; the API simply accept the request and forward that request to relative underlying service to get the things done and provide the result back to the requestor. Because for all the interaction we are very much dependent on API so this will create a new attack vector for the cloud computing and needs to secure with proper control (authentication, authorization along with encryption) so user request and response can be safe.