Ten years ago most of us would think long and hard before entering a credit card number or other personal information into a website. Now, it barely occurs to us to verify the security and legitimacy of a service provider before we share our personal details. It seems the Internet has become a safer, more familiar place and cloud computing is trekking the same path…sort of. Like the Internet, the cloud is booming. Only it isn’t 1994 and the uptake and volume of data collected are staggering. With that kind of usage it goes without saying that cloud computing service providers and governments have implemented iron-clad cloud security measures to minimize threats against our business and personal information…doesn’t it?
No, it doesn’t.
In 2012, the Cloud Security Alliance’s Mobile Working Group Released “Security Guidance for Critical Areas of Mobile Computing”; a survey of 210 security practitioners in 26 countries and a comprehensive look at the mobile computing landscape including top cloud security threats, current trends and recommendations for decision makers.
According to the Mobile Working Group (whom I imagine to be wearing capes) a threat is “a potentially adverse event and may be incidental or malicious”. And they’ve identified the eight nastiest intruders we can only hope to avoid. They even call them the Evil 8—capes I tell you!
The Evil 8: Top Cloud Security Threats
1. Data loss from lost, stolen, or decommissioned devices
2. Information-stealing mobile malware
3. Data loss and data leakage through poorly written third-party applications
4. Vulnerabilities within devices, OS, design, and third-party applications
5. Unsecured WiFi, network access, and rogue access points
6. Unsecured or rogue marketplaces
7. Insufficient management tools, capabilities, and access to APIs (includes personas)
8. NFC and proximity-based hacking
With so much on the line, many users are likely to assume that most businesses are doing their due diligence to lock up cloud computing and online systems tighter than Davy Jones’ Locker. But statistics gathered by our super-power Working Group suggest otherwise. Let’s focus on BYOD.
- 86% of respondents said they allow BYOD at their company. Yeah!
- 64% of respondents said they don’t restrict files or apps on a BYOD device. This significantly increases the potential for a “data leakage gap”, by the way. Boo!
- 53% of respondents said they do not use a Mobile Device Management (MDM) solution to keep BYOD practices in check. Eek!
Fight Fire with Authentication!
Businesses and service providers are, of course, strongly encouraged to engage cloud security experts to identify the vulnerabilities, threats and risks that could exist within their business environment at all levels of authentication. Vulnerabilities range from soft spots in the architecture, app design and user actions, and failure to implement adequate cloud security measures that comply with both best practices and local (or galactic) laws can result in catastrophes ranging from minor to FUBAR faster than you can Google this article.
Cloud security assessments will determine the level of authentication required to complete a specific action based on the level and severity of the assessed threat(s). Threats can range from low, meaning inappropriate access would have significantly negative outcome; to severe, in which the risk of breaching authenticity protocols means, hide your kids, hide your wife!
For now, recommendations from CSA and the Mobile Working Group are just that—nobody is being forced to follow them. But in the high-stakes game of cloud computing and online data storing, businesses hoping to survive the inevitable wave of the Evil 8 top threats would do well to heed their advice.
To view the report and learn more click here.