Microsoft recently issued a warning to some of its Azure Cloud customers that a security research team had discovered a flaw that could have allowed unauthorised access to their data. Fortunately for all involved, it seems that this flaw had gone unnoticed by cybercriminals and was quickly fixed by Microsoft. This could have led to a catastrophic data breach as many large corporations such as Boeing, Samsung, and eBay use Microsoft Azure. Customers were notified to change their login credentials as a precaution.
Cloud customers who were using specific security software may have been able to detect a malicious attack, and these events would have shown up in their logs. This incident highlights the shared responsibility that both Cloud providers and customers should have to manage IT security risks. Although Cloud architecture is generally regarded as safe, there is an increasing incidence of Cloud-based attacks by well-funded organisations, including governments, to steal sensitive Cloud data.
Cloud technology allows for sharing resources over the internet and has dramatically improved operational efficiencies, especially during lockdown when many people were forced to work remotely. However, it remains susceptible to cyber-attacks, which Cloud developers and users need to be aware of and take precautions against.
It should go without saying that Cloud data must be protected outright - from the initial source, during transit, and through to its final storage stage on the database. Besides Cloud service providers implementing and adhering to industry best practices, users and IT departments must take a layered security approach to protect their sensitive data.
Other considerations should include;
- Improved IT Security Policies
- IT software vendors and clients should be fully aware of each other’s scope of responsibility and take the appropriate security measures from their respective sides.
Strengthened Authentication and Access Management
Multi-factor authentication should be implemented by developers and IT Managers alike, as stealing passwords is one of the most common ways to access and steal data. Cloud developers should also enable Cloud users to assign roles to different administrators - limiting capabilities according to job roles and responsibilities.
Fully-Managed Cloud Intrusion Detection
All Cloud solutions must have a reliable intrusion detection system to monitor the network and forewarn service providers and users alike about any potential intrusions.
Although Cloud computing has many advantages it also comes with its own set of vulnerabilities. An awareness of how cyber-attacks are carried out and a preparedness to counter this will allow users to protect their data assets better while continuing to enjoy the benefits that Cloud computing brings to their daily business operations.
Westech, a leading professional IT company in South Africa, has the expertise to assist companies in conducting a complete IT Security Audit to understand their vulnerabilities better and implement the correct security solution.
Contact Westech for further details.