Security is a shared responsibility.
Cloud solution designs must contemplate resilience specifications.
Enable event auditing.
Activate effective monitoring.
Keep the infrastructure and the applications updated.
Grant minimum privileges.
A Data Breach is an incident in which sensitive, protected, or confidential information is released, viewed, stolen or used by an unauthorized person. A Data Breach can be the primary objective of a targeted attack or, more simply, it can be the result of human error, vulnerability of the applications or insufficient security practices.
System vulnerabilities are bugs that can be used in programs that the attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or interrupting the service. The vulnerabilities within the components of the operating system – kernels, system libraries and application instruments – place the security of all the services and data at risk.
Data Breaches and other attacks can occur due to the lack of security in managing the access systems, failure to use multiple-factor authentication, the use of weak passwords and the lack of encryption key, password and certificate management.
Inadequately protected cloud solutions expose IaaS, PaaS and SaaS cloud computing resources to harmful attacks. Some improper uses of poorly protected resources:
Cloud computing providers present a set of (UI) or API (Application Programming Interface) software user interfaces that the customers use to manage and interact with the cloud services. Provisioning, management, orchestration and monitoring are executed with these interfaces. Security and the availability of general cloud services depend on the security of these base API. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to be protected against accidental and harmful attempts to elude the criteria.
The data archived in the cloud can be lost for reasons other than harmful attacks. Accidental deletion by the cloud services provider or, worse yet, a physical catastrophe such as a fire or earthquake, can result in the permanent loss of the customers’ data, unless the provider or the CSP customer adopt adequate measures to execute a data backup, following the recommended procedures for corporate continuity and emergency recovery, as well as a daily data backup. The burden of preventing data loss does not fall exclusively on the provider, therefore data conservation logic functional to the requirements must be implemented. Data loss also occurs in the event in which a customer encrypts the data prior to uploading it to the cloud, but loses the encryption key.
Account and Services Hijacking violation is widespread. Using more traditional attacks, such as phishing or exploitation of software vulnerabilities, credentials and passwords are seized and reused to intercept activities and transactions, manipulate data, return falsified information and redirect the customers to illegitimate websites.
In defining new projects of migration to the Cloud, the cloud technologies and service providers must be considered. Defining an efficient roadmap and specific checklists for the assessment of technologies and CSP is essential in achieving the best chances of success. The hasty adoption of cloud technologies and relative CSP results in an exposure to commercial, financial, technical and legal risks.
DoS (Denial-of-Service) or DDoS (Distributed Denial of Service) attacks are attacks intended to prevent the users of a service from accessing their data or their applications. The attack consists in forcing the attacked service to consume excessive quantities of system resources, for example processor power, memory, disk space or network bandwidth. This causes the system to slow down intolerably, rendering the service unusable.
AWS makes tools available to facilitate control and to securely manage the infrastructures created in the Cloud and allows the fundamental security and compliance requirements to be met: data localization, protection and confidentiality, with the available services and functions, automating controls.
Contact the Cloud Services team
On its website, AlmavivA S.p.A. uses only technical cookies of session type to ensure and facilitate proper functioning. These cookies have a lifetime of only 20 minutes even if the browser fails to close. For further information, please consult the Legal Information page.