Cyber Threats Report 2013

Data in the Cloud: Safer, but More Attractive to Attackers

Consider data storage in the cloud. As security expertise is increasingly being located within cloud service providers, companies and their customers typically improve the overall security posture of their data. However, while improved virtualization infrastructure means that mass compromises are unlikely, the growing trove of data concentrated in these cloud storage services will attract attackers.

“Most of the time, we are not going to see many security issues because the large cloud services do a good job, but once they fail, the impact will be much, much higher, and that is the problem,” said Engin Kirda, associate professor in computer science at Northeastern University.

Authorization, including account recovery, is a key weakness in cloud services. Allowing only authorized users to have access to the data continues to be a difficult and challenging problem.

In June, attackers compromised DDoS mitigation service CloudFlare by using flaws in AT&T’s voicemail service for its mobile users and in Google’s account-recovery service for its Gmail users. The attack—which aimed to get control over the site of one of CloudFlare’s customers—failed, but only because the company moved quickly when it discovered the incident.

“We will see more of these types of attacks, because a lot of interesting data is being hosted on [these] sites,” Kirda said.

Google’s latest approach to two-factor authentication is a good hybrid method, he said. Using a recognized device and a password, a user logs in and authorizes applications on other devices. By providing a different password for each application-device combination, the service provides stronger, yet usable, security.

Source and Full Report: Georgia Institute of Technology, Georgia Tech Cyber Security Summit 2012

0 yorum: