Cloud Security Risks and Threats in 2020

Tarun Manrai
3 min readMay 1, 2020

Cloud computing is the ultimate and most cost effective data solution to meet new and growing business demands today. The transition to the cloud has brought new security challenges. Since cloud computing services are available online, this means anyone with the right credentials can access it. The availability of enterprise data attracts many hackers who attempt to study the systems, find flaws in them, and exploit them for their benefit.

Read Full Story…

1 Access Management system

Access management is one of the most common cloud computing security risks. The point of access is the key to everything. That’s why hackers are targeting it so much. Cloud computing introduces multiple changes to traditional internal system management practices related to identity and access management (IAM).

How to avoid?

Non crackable passwords & Multi-factor authentication: In addition to a regular password, the user gets a disposable key on a private device. The account is locked down, and the user is sent a notification in case of an attempted break-in. Also the passwords should be complex (alphanumeric passwords with combination of upper & lower case letters and special characters are best to use)

Distinct layout for access management: This layout means determining the availability of information for different types of users like marketing department does not need to access accounts data.

2 Data Breach and Data Leak

In this the information is accessed and extracted without authorization. This event usually results in a data leak. The information in the cloud storage is under multiple levels of access. However, it is available from various devices and accounts with cryptographic keys. In other words, a hacker can get into it if he knows someone who has access to it. In cloud environments, the accounts with the highest risks are cloud service accounts or subscriptions. Phishing attacks, exploitation of cloud-based systems, or stolen credentials can compromise these accounts.

How to avoid?

Multi-factor Authentication: For example, typing a password and then receiving a notification on mobile phone with a randomly-generated single-use string of numbers active for a short period. This has become one of cloud security standards nowadays.

Data-at-Rest Encryption: Data-at-rest is a type of data that is stored in the system but not actively used on different devices. This process includes logs, databases, datasets, etc. This data can be encrypted and decrypted when it is used again.

Firewall: between a private and public network that controls in and out traffic in the system.Internal firewall to monitor authorized traffic and detect anomalies

3 Data Loss

Data loss is one of the cloud security risks that are hard to predict, and even harder to handle. It can be caused by mishandling of data and natural disaster like fire, flood, earthquake etc. This can also happens due to data alterations, unreliable storage medium outage, data deletion and loss of access control.

How to avoid?

Backups: Frequent data backups are the most effective way of avoiding data loss in the majority of its forms. You can also create backup scheduler with information what to backup and what to not. e.g. Critical data to be backed up more frequently.

Geolocation: physical location of the cloud servers in data centers is scattered and not dependent on a particular spot. This feature helps in dealing with the aftermath of natural disasters and power outages.

4 Misconfigured Cloud Storage

Misconfigured Cloud Storage is a continuation of an insecure API cloud security threat. Cloud misconfiguration is a setting for cloud servers (for storage or computing purposes) that makes it vulnerable to breaches. The most common types of misconfiguration include: Default cloud security settings: of the server with standard access management and availability of data. Mismatched access management: when confidential data is left out in the open and requires no authorization. Mangled data access: when confidential data is left out in the open and requires no authorization

How to avoid?

Double-check cloud security configurations upon setting up a particular cloud server.

Use specialized tools to check security configurations. There are third-party tools like CloudSploit and Dome9 that can check the state of security configurations on a schedule and identify possible problems before it is too late.