Top 10 Cloud Security Vulnerabilities
Top 10 Cloud Security Vulnerabilities have been identified and ranks by level of importance and impact by a panel of 57 CIOs, CTOs, and CSOs.
The top 10 are:
- Data breaches
- Weak Security
- Non-Secure Interfaces & API
- OS vulnerabilities
- Account hijacking
- Insider breach as System Administrator
- Parasitic code on server
- Data Destruction
- Denial of service (DoS).
All of these are addressed in Janco’s How to Guide for Cloud Process and Outsourcing.
Top 10 best practices address Cloud Security Vulnerabilities
Top 10 best practices for cloud Security – The cloud is great technology that helps organizations to improved productivity, reduce costs, and simplify the user’s life. However it does raise significant security risks. Here are 10 best practices that if followed minimize those risks.
- Utilize a SDM (System Development Methodology) to design, test and implement changes in the both the source and object level code.
- Implement a disaster recovery and business continuity plan that includes a focus on security of the data and application assets that are cloud based.
- Implement metrics and cloud application monitoring which can help to detect potential security violations and breaches in the cloud based data and applications
- Utilize a secure access and change management system to manage revisions to the cloud application.
- Utilize a patch management approach to install revisions to the cloud data and application.
- Implement a log management system to have an accurate audit trail of what occurs on the cloud.
- Implement firm security policies via a formal security management system (see https://www.e-janco.com/Security.htm and https://www.e-janco.com/Cloud.htm).
- Review latest published cloud vulnerabilities and make appropriate changes to cloud applications and access rules
- Contract with independent 3rd parties to find security vulnerabilities in your cloud based applications
- At least annually, conduct a security compliance audit on the total cloud based application from development to user access.