?
MAYLEEN
BYWATER,
SR PRODUCT
MANAGER FOR
CLOUD SECURITY
SOLUTIONS, VOX
B
usinesses are
migrating to the
cloud to benefit
from the latest
technologies,
gain speed
and agility and
create a better experience for staff and
customers. However, they need to be
aware that cloud application attacks can
happen in many shapes and forms.
These attacks take advantage of
opportunities within cloud-native
applications, such as business or
private data that can be exposed
publicly or leveraged for financial gain.
Cloud application attacks can be direct
attempts on vulnerable access points
such as open Wi-Fi networks, phishing
via email or ransomware.
The threat landscape is evolving daily
with new types of malware and attack
methods constantly being modified.
The four most common types of attacks
include cross-site scripting (XSS) –
www.intelligentciso.com
|
Issue 14
this is the most common type as it
scans for vulnerabilities; SQL injection;
DDoS attacks and cookie poisoning.
So how can you prevent these exploits
from happening?
Ensure you have a next generation
firewall with full functionality (threat
Cloud application
attacks can be
direct attempts on
vulnerable access
points such as open
Wi-Fi networks,
phishing via email or
ransomware.
editor’s question
management) installed and have
your policies set up to understand
your processes and business critical
information. This will assist with some
DDoS attacks and attempts to gain
access to your network.
In addition, your Internet service
provider (ISP) should have measures in
place to prevent access. Here are other
preventative measures you can take:
• Run continuous checks on your
network, firewall and websites to test
that your policies are relevant to the
ever-changing threat landscape
• Make sure that all necessary
updates and patches are applied in
a timely manner to circumvent threat
and exploit attempts
• Protect your other entry points
to your network, for example email
and endpoints
• Train your staff to be vigilant
and create a security culture in
your business
• When selecting an application,
consider the encryption methods
to use to protect your data
Many companies are turning to a
managed service provider that can
analyse their network, endpoint
and email security posture, make
recommendations and proactively
monitor and protect their systems.
This allows the business to focus on
growth, as it entrusts the management
and the day-to-day running to a
competent managed services team,
who has the company’s best interests
in mind.
It is also key to make sure that you have
service level agreements (SLAs) in place
with your ISP, cloud service provider and
managed service provider. The cloud
entails a shared responsibility model.
The onus is on you as the business to
keep your data safe while the cloud
provider looks after the management and
uptime of the cloud-based services.
29