Tavola disegno 1 copia

Security

Security

Cloud infrastructures are intrinsically secure and the general security aspects are managed by Cloud Service Providers.

The tools available in the AWS Clouds, combined with the professionalism of AlmavivA in the Cloud Services and Cyber Security environment, meet the customers’ need to handle the risks correlated with making the user portions secure.

The fundamental security principles that must guide the creation of Cloud solutions:

Security is a shared responsibility.

Cloud solution designs must contemplate resilience specifications.

Enable event auditing.

Activate effective monitoring.

Keep the infrastructure and the applications updated.

Grant minimum privileges.

Other

Some threats could undermine the stability of the services provided:

Data Breach

A Data Breach is an incident in which sensitive, protected, or confidential information is released, viewed, stolen or used by an unauthorized person. A Data Breach can be the primary objective of a targeted attack or, more simply, it can be the result of human error, vulnerability of the applications or insufficient security practices.

Vulnerabilità del sistema

System vulnerabilities are bugs that can be used in programs that the attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or interrupting the service. The vulnerabilities within the components of the operating system – kernels, system libraries and application instruments – place the security of all the services and data at risk.

Insecure management of Identities, Credentials and Access Management

Data Breaches and other attacks can occur due to the lack of security in managing the access systems, failure to use multiple-factor authentication, the use of weak passwords and the lack of encryption key, password and certificate management.

Irresponsible use of the Cloud Services

Inadequately protected cloud solutions expose IaaS, PaaS and SaaS cloud computing resources to harmful attacks. Some improper uses of poorly protected resources:

  • DdoS attacks
  • Spam and phishing campaigns via E-mail
  • Cryptocurrency mining
  • Database brute force attacks
  • hosting of harmful or illegal content.

Insecure interfaces and API

Cloud computing providers present a set of (UI) or API (Application Programming Interface) software user interfaces that the customers use to manage and interact with the cloud services. Provisioning, management, orchestration and monitoring are executed with these interfaces. Security and the availability of general cloud services depend on the security of these base API. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to be protected against accidental and harmful attempts to elude the criteria.

Data Loss

The data archived in the cloud can be lost for reasons other than harmful attacks. Accidental deletion by the cloud services provider or, worse yet, a physical catastrophe such as a fire or earthquake, can result in the permanent loss of the customers’ data, unless the provider or the CSP customer adopt adequate measures to execute a data backup, following the recommended procedures for corporate continuity and emergency recovery, as well as a daily data backup. The burden of preventing data loss does not fall exclusively on the provider, therefore data conservation logic functional to the requirements must be implemented. Data loss also occurs in the event in which a customer encrypts the data prior to uploading it to the cloud, but loses the encryption key.

Account Hijacking

Account and Services Hijacking violation is widespread. Using more traditional attacks, such as phishing or exploitation of software vulnerabilities, credentials and passwords are seized and reused to intercept activities and transactions, manipulate data, return falsified information and redirect the customers to illegitimate websites.

Insufficient Due Diligence

In defining new projects of migration to the Cloud, the cloud technologies and service providers must be considered. Defining an efficient roadmap and specific checklists for the assessment of technologies and CSP is essential in achieving the best chances of success. The hasty adoption of cloud technologies and relative CSP results in an exposure to commercial, financial, technical and legal risks.

Denial of Service

DoS (Denial-of-Service) or DDoS (Distributed Denial of Service) attacks are attacks intended to prevent the users of a service from accessing their data or their applications. The attack consists in forcing the attacked service to consume excessive quantities of system resources, for example processor power, memory, disk space or network bandwidth. This causes the system to slow down intolerably, rendering the service unusable.
AWS makes tools available to facilitate control and to securely manage the infrastructures created in the Cloud and allows the fundamental security and compliance requirements to be met: data localization, protection and confidentiality, with the available services and functions, automating controls.

Not only reacting to attacks, but recognizing and preventing potential threats in the ecosystems of every industry. With AlmavivA Cyber Intelligence.

Contact the Cloud Services team

Digital Change

DevOps

Digital Change

Architecture