The Cloud Security Alliance recently released a white paper on cloud computing vulnerability incidents spanning the last five years. They looked at more than 11 thousand news articles regarding cloud computing-related incidents to determine the top reasons behind outages. Did you know 64 percent of the outages can be attributed to one of three causes:
- Insecure Interfaces & APIs
- Data Loss & Leakage
- Hardware Failure
If you are developing an application for the cloud or deploying software in the cloud, there is good news: There are some key ways to avoid the majority of outages.
First, ensure you create strong policies and protect your credentials for the cloud APIs. We discussed how to do this with Amazon Web Services in an earlier post. The same advice applies to all of the cloud service providers. Next, secure every external interface from your cloud applications (both web applications and APIs) to protect against a variety of injection, privilege escalation, overflow and other attacks. Prevent data loss and leakage by implementing strong identity and access control to your cloud application and between nodes of your application. Another way is to confirm all data, whether in motion or at rest, is encrypted to hide it from prying eyes. Lastly, and most importantly – cloud or not – hardware fails! Design your applications to use multiple instances, availability zones and regions for every tier of your application. Some cloud providers offer load balancing, clustered computing and high-availability data storage solutions to make this much easier.
To read the paper from the Cloud Security Alliance and find out more about the working group, visit here.
At Trend Micro, we are committed to cloud security. One of the ways we help is by being involved in organizations like the Cloud Security Alliance through our corporate membership and many individual contributors on working groups. The other is by providing the best products and services to secure your journey to the cloud. Deep Security and Secure Cloud can help you take the next step. We have also recently announced our new Deep Security as a Service for AWS and we encourage you to sign up and see how easy it is to secure your cloud applications with our free trial.