One of the aspects in which cloud service providers have paid attention the most is without a doubt that of security due to all the threats that arise. Companies such as Google, Amazon or Microsoft spend colossal budgets to ensure the infrastructures with which they provide their services or those that companies rent on cloud platforms.
The responsibility for protecting company data in the cloud does not lie with the service provider but with the user. Therefore, allocating huge resources to examine whether a provider is more or less secure does not make much sense if the existing vulnerabilities are not taken into account and that we must take into account.
Threats for which we must be careful on Cloud services
▸Account theft
Account or service theft is not new, but cloud services add a new threat. If attackers gain access to a user’s login data, they can intercept activities and manipulate data, return falsified information and redirect users to deceptive sites, which not only endangers the person, but also both sensitive work information as personal.
▸Data loss
Data in the cloud can be lost for reasons other than an attack: an accidental deletion by the service provider or a catastrophe such as a fire or earthquake can cause permanent data loss. Therefore, both the provider and the user must take security measures to have a backup of the most important data.
▸Denial of service (DoS) attacks
DoS attacks are designed to stop machines or services and prevent users from accessing their data or applications. By forcing a cloud service to consume excessive amounts of resources such as processor power, memory, storage, or bandwidth, attackers can slow down legitimate users’ systems.
▸Systems vulnerabilities
The fact that the services and applications of different clients share elements such as the processor or the physical memory of the computers provides a new attack surface, this means that if a vulnerability is found on the part of an attacker, he will be able to access the entire customer information in that cloud.
▸Attacks from the insides
This should be extremely careful especially in large companies since a malicious user, such as an administrator, can access confidential information and may have increasing levels of access to more critical systems and, finally, to data – systems that depend exclusively on service providers Cloud services for security are at greater risk. To prevent these attacks, organizations adopt user monitoring systems, intrusion detection and prevention systems, etc.
