Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda
Data Breaches
Data Loss
Account Hijacking
Insecure APIs
Denial of Service
Malicious Insiders
Abuse of Cloud Services
Insufficient Due Diligence
Shared Technology Issues
Data Breach
Data Breach is a serious threat that most CIOs are concerned
about. In November 2012, researchers at the University of
Carolina published a paper which described how an automated
machine was able to use side channel timing information to
access private cryptographic keys on another machine located on
the same physical server.
Security breaches are inevitable. Service providers may claim that
they adopt best practices, however, we all know that theres no
way to completely eliminate risks associated with it. The best way
for businesses is to be on the defensive and work with the
vendors, providers, and lawyers to prepare Data Breach
Response in advanceto reduce the risks and liabilities when data
breach incident happens.
Data Loss
It is a petrifying thought to lose data for both businesses and
consumers alike. The data in the cloud is in complete possession
of the cloud service provider. Any accidental deletion through
human error, a physical catastrophe like fire or earthquake, may
lead to a permanent loss of all data. This risk can be mitigated by
keeping an adequate backup of the data. A backup on a separate
server still is open to a data breach or data loss on losing the
encryption key. However, many companies are required to deal
with compliance standards for record keeping. If physical records
are kept, then data loss may not have that big an impact on the
enterprise.
Malicious Insiders
The backbone of the entire cloud technology is storing data with a
third party. Where there is trust, there is also a breach of trust.This
is much like data breach, except it comes fromthe different sources
and purposes.
CERN, the European Organization for Nuclear Research, defines an
insider threat as:
A malicious insider threat to an organization is a current or former
employee, contractor, or other business partner who has or had
authorized access to an organizations network, system, or data
and intentionally exceeded or misused that access in a manner that
negatively affected the confidentiality, integrity, or availability of
the organizations information or information systems.
Cloud computing has made its presence felt with a bang. All the
organizations want a piece of the cloud. The promise of reduced
cost, efficiency in operations and improved security has baited
the organizations well. By pushing to the cloud, organizations
may be minimizing their risk at the operational and
departmental front but they are adopting risk associated with
the cloud. These risk, if not assessed diligently can pose a threat
and impact organization making it difficult for them recoup for
the lack of capable resources.
Conclusion
Lets Talk!
THANK YOU
http://www.kairostech.com