Cloud Security Threats
The Cloud Security Alliance (CSA) has identified some top threats for both infrastructure and application services in the cloud. They include:
Malicious insiders: The threat of malicious insiders is increased for users of cloud services because of the convergence of IT services and clients under a single management provider. Cloud users often do not have visibility into how a provider grants employees access to physical and virtual resources, how it hires and monitors employees and how it handles policy compliance.
Shared technology issues: At the heart of cloud computing is the premise of sharing underlying infrastructure components. If security requirements and protocols are not integrated into the shared infrastructure at multiple levels (i.e. computing resources, storage, and networking) then vulnerabilities could exist. This is particularly crucial to keep in mind when evaluating public cloud environments, through which there can be limited isolation.
Data loss or leakage: This is a real, yet unacceptable risk for any investment management firm, and the impact is far-reaching. Just as with traditional on-premise environments, threats in the cloud can include accidental deletion of data, unauthorized access or database corruption. It is essential to have strong controls in place, as well as data encryption and data protection processes.
Unknown risk profile: Another threat, which may cause a firm to accept unknown risks, is lack of knowledge of a cloud provider’s security protocols and policies. It is important to inquire about a cloud service provider’s security software, update and patch procedures, intrusion detection and alerting and overall security design.