The Cloud Security Alliance just released a new report outlining the top threats to online security. Are you ready to tackle them on your campus?
These attacks can strike on-site and off-site infrastructure, and the distributed nature of cloud infrastructure can make it hard to track down the source. In a denial of service (DoS) attack, someone causes the system to use inordinate amounts of bandwidth so that legitimate users can’t access the services they need. In distributed denial of service (DDoS) attacks, a group of users work together to coordinate the attack
On-site infrastructure can be completely taken offline by such an attack. An attack that targets resources hosted by your cloud provider can also result in big bills for usage.
Speak with your cloud provider about how they handle DoS attacks and their policies on billing and uptime.
Perhaps one of the most frightening threats, data breaches put your student and faculty information into the hands of data thieves. A wide-scale data breach can also damage your credibility not only with your current stakeholders, but also state officials and prospective students.
Many of the widely publicized data breaches over the past few years have focused on credit and debit card data, but the data you house can be infinitely more valuable. You have payment data plus the personal data that identity thieves can use to target students and faculty, and to socially engineer their way into more information in your systems. Prevent some of the longer-lasting implications by ensuring that your staff is trained to recognize social engineering attempts.
When you host data or processes in the cloud, in most cases you agree to put those items on technology tools that are shared among different clients. That is the power of the cloud — it allows providers to distribute their costly infrastructure among multiple clients, allowing all levels to experience economies of scale.
But sharing also puts you at risk. DoS attacks on other institutions may affect you. Technology failures in one system could cause data access problems for you. And when a technological issue has implications across multiple clients, it can be hard to get timely service as support resources are stretched across all of those clients. Privacy rules can also limit your providers’ ability to give you a straight answer about what is going on and when it will be fixed.
Your contract and annual due diligence reviews should give you ample opportunities to address the vulnerabilities of the shared system with your provider.
The CSA’s report — The Notorious Nine — outlines the rest of the threats they identified in a survey of technology leaders. Download it and previous documents on cloud security threats from their site.