While cloud computing carries with it a wealth of benefits to organisations, including reduced capital costs and on-demand resources, it also provides cyber criminals with an environment ripe for attack, since huge amounts of data are housed in one place. Because data is stored and accessed on devices and resources often shared across many different users the risk is increased, and control of access becomes more important than ever.
Cloud account hijacking occurs when an individual or organization’s cloud account is stolen or hijacked by an attacker. Cloud account hijacking is a common tactic in identity theft schemes. The attacker uses the stolen account information to conduct malicious or unauthorized activity. When cloud account hijacking occurs, an attacker typically uses a compromised email account or other credentials to impersonate the account owner.
In a report from the Cloud Security Alliance service traffic hijacking was identified as the third-greatest cloud computing security risk. These types of security breach occur when attackers hijack cloud accounts by stealing security credentials and eavesdropping on activities and transactions. Attackers manipulate data, insert false information, and redirect clients to illegitimate sites.
Cloud account hijacking at the enterprise level can be particularly devastating, depending on what the attackers do with the information. Company integrity and reputations can be destroyed, and confidential data can be leaked or falsified causing significant cost to businesses or their customers. Legal implications are also possible for companies and organisations in highly regulated industries, such as healthcare, if clients’ or patients’ confidential data is exposed during cloud account hijacking incidents.
Businesses also should take proactive steps when choosing cloud service providers. Carefully review potential contracts and compare the cloud security and data-integrity systems of cloud service providers. Companies should also take a data-driven approach when evaluating providers, including the number of data loss or interference incidents they have experienced. You should know how often they've had downtime and how vulnerabilities are managed and monitored. Companies should choose cloud service providers that allow clients to audit the provider’s performance in all of these areas.
Wallix has launched today an on demand version of our AdminBastion solution to deliver management, control and auditing of privileged user access in cloud environments. Cloud providers can use WAB on Demand (WOD) to create a secured gateway for access to cloud infrastructure. This solution helps cloud service providers to address the security concerns of businesses they work for as well as helping to provide customers with increased visibility of activity.
If you’re a service provider you can find out more about WOD here.