Deep dive into threats within the cloud infrastructure

Gupta Bless
5 min readJan 13, 2024
Source

Introduction

Organizations are increasingly embracing the cloud because of its significant impact on business transformation, innovation, and value delivery, which is something that everyone can agree on. For example, it can process and store data even in the absence of local servers, which is only one of many advantages. A wide variety of security risks have evolved, posing serious challenges to the availability, confidentiality, and integrity of data and services stored in cloud settings; yet, cloud computing also offers us scalability, flexibility, and cost-effectiveness. The following are some of the most typical cyber security risks found in the cloud, along with suggestions for reducing their impact.

Misconfigured cloud services

Source

Misconfigured refers to something that is not properly configured and used in technology, leading to even greater deviation from best practices. Failure to properly configure or update cloud services can lead to misconfiguration for a variety of reasons, including ignorance, carelessness, and delay. Nevertheless, data breaches, unauthorized access to cloud resources, or vulnerabilities that bad actors can exploit can result from these misconfigured issues. Problems with storage (Amazon S3, Azure, Google Cloud Storage) and identity and access management (IAM) services in the cloud can arise during role assignment. Automated tools, constant monitoring, and frequent security assessments can help find and fix the misconfigurations.

When several organizations’ S3 buckets were misconfigured in 2017, their sensitive data became publicly accessible. All of the sensitive personal information became public knowledge since the permission was in the wrong place on the bucket. The data might also be accessed through short URLs on the web.

Threats on insecure API and their interfaces

Risks to data security might arise in cloud environments due to the prevalence of vulnerable application programming interfaces (APIs). Threat actors can jeopardize the security…

--

--

Gupta Bless

Security enthusiast working to secure web for others.