 |
| Palo Alto Networks sees the biggest threat to cloud security |
Palo Alto Networks has released its new report that highlights the security threats of cloud computing. Given the widespread acceptance of cloud computing environments and the main findings of this research, the report aims to uncover vulnerabilities in security threat scenarios.
Weak security practices in the cloud environment:
A study found that in addition to registry errors in 60% of cloud storage systems, 43% of cloud databases are unencrypted and a lack of database encryption can lead to security vulnerabilities, the most prominent example of which is the MoviePass event.
When data sets are destroyed in cloud storage systems, attackers can use this problem to access cloud storage systems without knowing who is responsible for the company.
The company has not adopted the concept of integrating security into the development process
Nearly 200,000 infrastructure release models are affected by moderate to severe security vulnerabilities, and infrastructure release models are the cornerstone of the cloud environment because they enable companies to dynamically build and deploy scalable applications.
Most infrastructure release models are based on three easy steps: design, programming, and deployment. However, the development team lacks the fourth step: investigate security problems.
If the infrastructure deployment models are not validated for security issues, they can attack the cloud environment. These vulnerabilities lead to poorly adjusted settings, which is one of the main causes of the data leakage problem.
The trainee uses the cloud to secretly operate cryptocurrencies:
Cybercrime gangs include: Rock Group and 8220 Mining Group, as well as Pasha, who steal corporate cloud resources to extract cryptocurrencies in mining operations at Monroe, which usually work in public or private mining groups. While enemy groups used this activity to finance their criminal activities in cyberspace.
Based on previous findings, Palo Alto Networks has proposed a number of practices to ensure the security of the organization:
Understanding and staying cloudy:
Protecting hidden or unknown objects is very difficult. Therefore, security teams must take the lead and defend a reliable cloud environment security system that can clearly see all parts of the mixed cloud environment. Private and public, containers for virtual machines and non-publication provided. Server, transparent line integration and program connection.
Applicable standards:
Cloud computing security requires strict application of standards in all private and public mixed cloud environments. If the company does not have any standards for implementing cloud computing security, then it is worth considering the standard security standard set by the Internet Security Center. org / cis Standards and documents are standard start. Excellent, but requires consistent and fast application without having to create and manage tools.
Early security checks:
The concept of early safety is to fix safety problems and refer to them in the early stages of the development process. Therefore, coordination with the development team must be coordinated to incorporate the safety standards established by the company. Successful coordination and integration of security between the development team and the security team. ,