With the Cloud now being seen as the defacto standard in enterprise computing, many are beginning to question the security of the environments provided and what steps have been taken to protect now just their servers, but also the data that they are hosting. Here we will look at what are some of the perceived threats to Cloud users and how the risk of these threats can be reduced.
User access levels
It is the responsibility of Cloud vendors to make sure that staff members are only assigned the access level to the environment that is necessary for them to perform their jobs, therefore preventing them from having access to information that could be classified and isn’t necessary for them to fulfill their roles. This would mean providing support staff with access to the hardware infrastructure only, rather than with full administrator access that could offer them a way into Cloud VMs. On occasions there have been attempts by staff members who have been provided with a level of access that goes well beyond their authority to access and steal data for personal gain, whether this is for the purpose of whistle blowing or selling private strategic documents to rivals. In other situations where support employees have been assigned access levels well beyond what they require, inexperienced workers have made mistakes whilst performing specific tasks that have led to huge data loss and downtime. In short, as a Cloud hosting provider you should ensure that employees are provided with the correct access because their actions, malicious or not, could end up damaging your business and brand as well as customer confidence.