Get in Touch Close Menu

Cloud Application Security

Frequently Asked Questions (FAQs)

1. What are some common cloud application security issues?

Some of the significant cloud application security issues experienced by many organisations include the following.

i. Misconfiguration

In many organisations, misconfiguration is a significant cause of cloud data breaches. For example, ensuring elements like access controls are correctly configured is crucial to make sure data extraction doesn’t take place through exposed dashboards, portals and other interfaces. Across the board, organisations should make sure not to trust the default configurations from CSPs, and secure cloud deployments in a manner tailored to the specific organisation.

Insecure APIs

APIs are a common point of attack. While being easy to use and generally well-documented in an attempt to make them easy-to-use, they can also be vulnerable if not set up correctly.

Lack of visibility

Having visibility of all cloud-based assets is not straightforward, given their number and ease of deployment. Specialist controls are crucial to providing an overview of these and mapping them to policies.

Credentials

Weak password security has hindered organisations for as long as they have been in existence. The Cloud doubles down on this issue, putting everything from technical infrastructure to crucial applications within reach of a stolen password unless multi factor authentication is utilised.

2. What security features should be employed in the cloud?

Most Cloud Security Providers have a range of native security functions to protect their customers, however, many prefer to augment this with their own specialist controls. These typically include and not restricted to:

SIEM

A Security Information and Event Management tool is a valuable way of centralising the data from separate controls into a single point of access. This can be crucial for managing and triaging events in a busy environment. Given the complexity of the cloud and the plethora of data points, a central collection and visibility tool is important to effective decision making.

Intrusion Detection Systems

Most cloud security compliance standards require companies to have a way of tracking and recording intrusion attempts. If you want your organisation to meet compliance standards, including HIPAA and PCI, using IDS event logging solutions is necessary.