The move from on-premises systems to cloud services has transformed the design and delivery of computing technology and applications. These changes have created new security vulnerabilities and changed the threat landscape significantly. Whilst the hardware and software may be managed by the cloud provider, the responsibility for security remains with the information owner.
- Data Breaches: every company’s worst nightmare is that sensitive information falls into the hands of their competitors, or is published on the web causing massive reputational damage.
- Data Loss: an attacker destroying your data can have catastrophic consequences for your business. The new EU data protection rules also treat data destruction as a breach, with the same penalties.
- Account Hijacking: If an attacker steals your credentials, they can read or modify your information, conduct fraud, or redirect your customers to fake sites. Your cloud services may also enable the attacker to leverage the power of your reputation to launch subsequent attacks.
- Insecure APIs: The security and availability of cloud services depends on the security of the service’s APIs. From authentication and access control to encryption and activity monitoring, these interfaces must protect against both accidental and malicious attempts to circumvent security.
How do you answer these questions?