It is rather obvious that people and businesses will continue the trend of reducing their need to rely on costly hardware and infrastructure by placing files and applications in the cloud.
In the meantime, data breaches to cloud services are also increasing every year due to hackers who are always trying to misuse the security vulnerabilities of the architecture of cloud.One of the main challenges in cloud computing is data security.
A vulnerability is a weakness that can be exploited by the attacker for his own personal gain. A weakness can be present in the software, environments, systems, network, etc.
CLOUD COMPUTING VULNERABILITIES:
- Session Riding and Hijacking: Session Hijacking refers to use of a valid session key to gain unauthorized access to the information or services residing on a computer system. It also refers to the theft of a cookie used to authenticate a user to a remote server. While session riding refers to the hackers sending commands to a web application on behalf of the targeted user. Session riding deletes user data, executes online transactions, changes the system and opens the firewall.
- Virtual Machine Escape: In virtualized environments, the physical servers run multiple virtual machines on top of hypervisors. An attacker can exploit a hypervisor remotely by using a vulnerability present in the hypervisor itself – such vulnerabilities are quite rare, but they do exist.
- Reliability and Availability of Service: Users expect the cloud services and applications to be available all the time when the users need them, which is one of the main reasons to move to the cloud. With more services being built on top of cloud computing infrastructures, an outage or power failure can create a huge effect on a large amount of Internet-based services.
- Insecure Cryptography: Cryptography calculations, for the most part, require arbitrary number generators, which utilize unpredictable sources of data to create real actual random numbers, which is required to acquire a huge entropy pool. It is common to find crucial flaws in cryptographic algorithm implementations, which can twist strong encryption into weak encryption
- Data protection and portability: When choosing to switch the cloud service provider for a cheaper one, we have to address the problem of data movement and deletion. The old Cloud Service Provider has to delete all the data we stored in its data center to not leave the data lying around. Secondly, if the provider went out of business due to any reason, what will happen to the services and data of the client?
- Vendor Lock-in: Lock-in makes a customer subject to a supplier for products and services so they will be not able to manage another supplier without reasonable exchanging costs. Users have to choose a cloud provider that will allow us to easily move to another provider when needed
- Internet Dependency: By using the cloud services, the users are dependent on the Internet connection. What if the Internet is not available or service is down, what will happen to the user systems and operations that are very critical and need to run 24 hours such as Healthcare and Banking systems.