What should be noted about cloud security in 2020?

The world today is entering the digitization process at full speed. To conquer the digital world, companies around the world are trying to stay competitive by reinvigorating business models or building new models from scratch. Most of these initiatives are based on a common foundation: cloud computing.

In fact, the use of cloud computing has exploded in the past decade, and this growth remains predictable within a predictable range. According to multiple industry reports, global spending on cloud computing reached US $ 273 billion in 2018, and may exceed US $ 623 billion in 2025.

The reasons for the growth of cloud computing are clear, mainly due to lower costs, greater flexibility and higher security. Cloud technology has brought a huge improvement in physical security. Although this improvement exceeds the end user’s expectations or affordability, security is a shared responsibility of both the service provider and the user. In other words, the service provider is responsible for overseeing cloud security, and users are responsible for their own security on the cloud, including the integrity of the data stored and processed and the flexibility of all applications and APIs that interact with the Web.

Most cloud packages contain only basic security. Without additional security protection, the entire IT value chain of users is basically a vulnerable target. As more and more enterprise and user data resides in the cloud, strict IP access policies may become a serious bottleneck. If the cloud platform goes offline, then the entire game is over.

DDoS attacks lead to service paralysis
This possibility exists not only in theory. In October 2019, Amazon Web Services (AWS) suffered a severe DDoS attack for approximately eight hours. During this period, users were unable to connect to the service because AWS incorrectly classified their legitimate users’ queries as malicious behavior. Google Cloud Platform also encountered a lot of trouble at about the same time, but Google said it had nothing to do with DDoS. Just a few weeks ago, a large number of DDoS attacks paralyzed South African Internet service providers for a whole day, which affected a large number of users’ Internet access.

In fact, in the global business field, DDoS attacks are one of the biggest threats. In Europol’s 2019 Cyber ‚Äč‚ÄčOrganized Crime Threat Assessment, DDoS attacks are also considered to be a serious problem. Similarly, the US Department of Homeland Security (DHS) warned that in the past five years, the scale of DDoS attacks has increased tenfold, and “it is not clear whether the current network infrastructure can withstand future attacks because of the scale It will continue to expand. ”

The World Economic Forum (WEF) pointed out that the paralysis of a cloud service provider may cause economic losses of 50 to 120 billion US dollars. This scale is reminiscent of the financial collapse after Hurricane Sandy and Katrina.

Broken cloud service
Attacks on damaged or manipulated cloud servers are also increasing. For example, after a data breach, criminals often use stolen credit card credentials to create fake cloud accounts.

According to Link11’s 2019 DDoS report, in the first half of 2019, the proportion of DDoS attacks involving damaged cloud servers increased to 51%. The largest known attack peak is currently 724 Gbps. Because many large enterprises use Internet connections of 10 Gbps or 1 Gbps, such a large-scale data tsunami is 70-700 times higher than available pipelines. The study found that the number of attacks on cloud service providers roughly corresponds to their market share, and AWS, Microsoft Azure, and Google Cloud have more cases of cloud damage.

It is worth noting that the longest-lasting DDoS attack handled by Link11 in the second half of 2019 lasted 6459 minutes, which was equivalent to more than 100 hours of interruption, or five consecutive days. Undoubtedly, such a long period of downtime causes serious damage and causes companies that rely on “digital presence” (whether in platforms, e-commerce, or applications) to fall into trouble.

API will be the hardest hit
DDoS problems are spreading beyond the infrastructure. Many organizations are starting to run native cloud computing applications as part of the fourth industrial revolution. Manufacturers, logistics companies and utility companies are equipping their production lines, warehouses, factories and other facilities with sensors and wireless connections. These all require APIs to function properly.

Although APIs can simplify architecture and product delivery, they can also be a channel for various risks and vulnerabilities. When the basic business application or API is threatened, all operations related to the business will be paralyzed and a series of chain reactions will be triggered. Therefore, it is no longer enough to protect only OSI layers 3 and 4. Today, layer-7 attacks can use less bandwidth to cause more serious damage.

User’s response plan
When an enterprise runs tests and develops instances on the cloud, the basic security level of the cloud service may be sufficient to protect the enterprise’s data and systems. But if the enterprise wants to run mission-critical or revenue-related services on the cloud, then the enterprise should thoroughly analyze the threat situation and ensure that it has the right tools. In other words, these enterprises not only provide basic security, but also (to the extent possible) ensure that their systems are flexible and allow functions to reach “enterprise level.” The upgraded security includes automatic reports and alerts, dashboards, integration with existing SIEM systems, and other features.

Many service providers provide some additional features, and their service packages are also roughly the same. But like all things, the devil is always in the details. Buyers should carefully evaluate the service level agreements of their providers before purchasing, to ensure that all services are compared with each other, and to ensure that the service level can meet their specific needs.

The combined threats of increasingly larger and more frequent attacks, the risks brought by APIs, and the economic losses caused by downtime are far greater than the sum of their various threats. Users should carefully plan and implement with safety as the primary consideration. Cloud computing is of extraordinary significance. In addition to economic reasons, they also enable users to collaborate with partners and customers on a deeper level, making it possible to market products in a faster time.

The author Marc Wilczek is a digital strategist and chief information officer consultant. He has more than 20 years of rich leadership experience in the field of information and communication technology. He is passionate about all digital things, especially cloud computing, big data and Internet of Things services.