Topics In Demand
Notification
New

No notification found.

Threats on the cloud are constantly evolving – here’s how you can safeguard your assets
Threats on the cloud are constantly evolving – here’s how you can safeguard your assets

263

0

According to a KPMG report, the five major risks in cloud computing are related to data security, technology, operations, vendors, and finance. All of these risks can result in business interruption, loss of revenue and reputation, as well as failure in regulatory compliance.

What accounts for the vulnerabilities and risks in cloud infrastructure? According to the report, these risks and vulnerabilities arise due to:

  • Lack of visibility into controls over initiation, authorization, recording, processing, or reporting of transactions
  • Unauthorized data access by a service provider and/or less control over who sees what data
  • Data leakage or access risks due to multi-tenancy or shared infrastructure between different organizations
  • Lack of flexibility over data protection mechanisms

A report by Flexera states that vulnerabilities such as hardware sprawl (many models), software sprawl (many versions), cloud sprawl (many VMs and other assets), and lifecycle management are top areas of concern for tech decision makers regarding IT assets.

It has also been reported that every day in 2021 there are at least 560,000 instances of new malware being created and detected – so keeping IT assets secure needs to be a top priority in any enterprise.

Knowing where you’re at risk and understanding how to pre-empt or counter it helps an enterprise save time, money and other valuable resources that drive your business.

Threats can be both external and internal

Malware constitutes the external threats, while vulnerabilities are the internal threats.

Vulnerabilities include sensitive data exposure, broken authentication, broken access control and so on. Once a security vulnerability is uncovered, it’s important to immediately patch it; if you’ve found it, malicious actors could too.

Vulnerabilities can be exploited in different ways depending on the nature of the vulnerability and motives of the attacker; it could be caused by mistakes in coding, improper access privileges, unanticipated interactions of different software programs and system components.

Therefore vulnerability assessments are required to identify what can affect the systems on the network.

What are the ways to avoid vulnerabilities?

  • Update systems, networks, and software as soon as an update is available. Do not delay or postpone. Conduct cyber-security audits as well. IT teams should regularly re-evaluate their networks to identify new flaws in their network security.
  • Be wary of automatic running of “safe” scripts as these can be a risk as malware can mimic them. Many services and protocols are vulnerable to spoofing attacks, which allows users to unintentionally send the attacker information.
  • Make sure the authentication systems are secure and ensure minimum granular access rights: An authentication process verifies users, so they cannot access critical data stores or interact with a network’s configuration
  • Ensure employees are well trained! An employee unfamiliar with cyber-security best practices might accidentally download harmful malware by clicking on an infected link for instance.

Threats and vulnerabilities to the cloud are ever-evolving, and there are always challenges and risks associated with cloud adoption. In Cloud Migration, the right cloud services and technology solutions provider can make all the difference. 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


CloudNow is a fast-growing technology firm focused on solving real-world business problems through smart, modern technology. CloudNow provides a host of services including cloud advisory, application development and modernization, DevOps and cloud managed services to help businesses achieve their goals using innovative, cost effective and agile technology.

© Copyright nasscom. All Rights Reserved.