Tavola disegno 1 copia

Security

Security

Cloud infrastructures are intrinsically secure and the general security aspects are managed by Cloud Service Providers.

The tools available in the AWS Clouds, combined with the professionalism of AlmavivA in the Cloud Services and Cyber Security environment, meet the customers’ need to handle the risks correlated with making the user portions secure.

The fundamental security principles that must guide the creation of Cloud solutions:

Security is a shared responsibility.

Cloud solution designs must contemplate resilience specifications.

Enable event auditing.

Activate effective monitoring.

Keep the infrastructure and the applications updated.

Grant minimum privileges.

Other

Some threats could undermine the stability of the services provided:

Data Breach

A Data Breach is an incident in which sensitive, protected, or confidential information is released, viewed, stolen or used by an unauthorized person. A Data Breach can be the primary objective of a targeted attack or, more simply, it can be the result of human error, vulnerability of the applications or insufficient security practices.

Vulnerabilità del sistema

System vulnerabilities are bugs that can be used in programs that the attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or interrupting the service. The vulnerabilities within the components of the operating system – kernels, system libraries and application instruments – place the security of all the services and data at risk.

Insecure management of Identities, Credentials and Access Management

Data Breaches and other attacks can occur due to the lack of security in managing the access systems, failure to use multiple-factor authentication, the use of weak passwords and the lack of encryption key, password and certificate management.

Irresponsible use of the Cloud Services

Inadequately protected cloud solutions expose IaaS, PaaS and SaaS cloud computing resources to harmful attacks. Some improper uses of poorly protected resources:

  • DdoS attacks
  • Spam and phishing campaigns via E-mail
  • Cryptocurrency mining
  • Database brute force attacks
  • hosting of harmful or illegal content.

Insecure interfaces and API

Cloud computing providers present a set of (UI) or API (Application Programming Interface) software user interfaces that the customers use to manage and interact with the cloud services. Provisioning, management, orchestration and monitoring are executed with these interfaces. Security and the availability of general cloud services depend on the security of these base API. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to be protected against accidental and harmful attempts to elude the criteria.

Data Loss

The data archived in the cloud can be lost for reasons other than harmful attacks. Accidental deletion by the cloud services provider or, worse yet, a physical catastrophe such as a fire or earthquake, can result in the permanent loss of the customers’ data, unless the provider or the CSP customer adopt adequate measures to execute a data backup, following the recommended procedures for corporate continuity and emergency recovery, as well as a daily data backup. The burden of preventing data loss does not fall exclusively on the provider, therefore data conservation logic functional to the requirements must be implemented. Data loss also occurs in the event in which a customer encrypts the data prior to uploading it to the cloud, but loses the encryption key.

Account Hijacking

Account and Services Hijacking violation is widespread. Using more traditional attacks, such as phishing or exploitation of software vulnerabilities, credentials and passwords are seized and reused to intercept activities and transactions, manipulate data, return falsified information and redirect the customers to illegitimate websites.

Insufficient Due Diligence

In defining new projects of migration to the Cloud, the cloud technologies and service providers must be considered. Defining an efficient roadmap and specific checklists for the assessment of technologies and CSP is essential in achieving the best chances of success. The hasty adoption of cloud technologies and relative CSP results in an exposure to commercial, financial, technical and legal risks.

Denial of Service

DoS (Denial-of-Service) or DDoS (Distributed Denial of Service) attacks are attacks intended to prevent the users of a service from accessing their data or their applications. The attack consists in forcing the attacked service to consume excessive quantities of system resources, for example processor power, memory, disk space or network bandwidth. This causes the system to slow down intolerably, rendering the service unusable.
AWS makes tools available to facilitate control and to securely manage the infrastructures created in the Cloud and allows the fundamental security and compliance requirements to be met: data localization, protection and confidentiality, with the available services and functions, automating controls.

Not only reacting to attacks, but recognizing and preventing potential threats in the ecosystems of every industry. With AlmavivA Cyber Intelligence.

Benefits

With the world of IT shifting to cloud computing, security plays an essential role in the company's growth path. AlmavivA guarantees cybersecurity through innovative solutions and services that enhance AWS best practices, risk mitigation logic, vulnerability assessments and penetration tests, hardening management, and remediation processes.

Cyber Security & Privacy

go

Tools and services

The security tools available at AWS, designed to ensure maximum flexibility, through AlmavivA's experience and technological and process professionalism, take on the functional form the service provided in compliance with security, reliability and performance requirements.

The security of user accounts is managed through Identity and Access Management (IAM) services, and implements further controls such as Multi-Factor Authentication (MFA), to manage critical activities in compliance, such as the creation and management of access information, user authorizations, and administration privileges.

Software and application security is implemented with Web Application Firewall solutions such as AWS WAF, load management and distribution is guaranteed by Application Load Balancer mechanisms such as ALB and CloudFront. The technologies used are capable of protecting web applications from complex attached, such as XSS and SQL injection, examining program security, and managing hardening and patch management to reduce vulnerabilities and attack surfaces.

Additional solutions are represented by key management tools, such as AWS Key Management Service (KMS), and by at rest or in transit data encryption services. The cloud ecosystem is protected by monitoring systems for workload control and intelligent threat detection, to DDos protection, available thanks to proprietary and third-party tools.

Case Study

CheckMe, the free instrument for monitoring the security of Internet access

An instantaneous work, study, entertainment or private financial transaction station risk check

Joshua CyberRisk Vision

Joshua offers organizations an end-to-end solution to define, monitor, analyze, and improve their overall cyber security level, according to a predictive and context analysis approach, following a broad spectrum cyber intelligence-driven logic.

Visit the website

Case Study

Safer agriculture: the Italian Online Commodity Exchange Legal Supply Chain platform

Analysis, synergy, simplification, legality

Case Study

Estimator

Interoperability between insurance platforms

Case Study

The Multicash Platform

More streamlined back office operations, better interbank relations

Trace4Goods

The platform that allows tracking a product's supply chain on Blockchain to identify its origin and characteristics at each point along the supply chain

Find out more

Contact the Cloud Services team

Digital Change

DevOps

Digital Change

Architecture