3. Offset threats to availability
Distributed denial-of-service (DDoS) attacks have become more sophisticated and easier to launch. DDoS-for-hire services, also known as booters or stressers, are readily available to take down networks or websites. And with cloud services becoming more popular, DDoS attacks have become more impactful as well, because the attackers can disrupt critical business services to many companies with a single attack.
In October 2016, for example, a large DDoS attack powered by tens of thousands of digital video recorders, cameras, and home routers targeted DNS provider Dyn, whose customers rely on the service to direct online users to their sites. As a result, many Internet services—including Netflix, Twitter, and PayPal—were disrupted.
You’ll need to determine whether your provider is elastic enough to weather an attack. While many cloud infrastructure providers offer capabilities to increase bandwidth, they often charge for that extra bandwidth during an attack, costing your business enormously. You need to assess at what point it costs too much to keep up with the level of attack and makes more sense to hire a DDoS mitigation service to intercept bad traffic before it gets to your apps.
4. Manage the threats of vulnerabilities
In 2015, a hacker used a vulnerability in antivirus firm BitDefender’s public cloud to steal an unknown number of unencrypted usernames and passwords. Vulnerabilities are no less a threat to cloud infrastructure than they are to on-premises devices and appliances.
Companies must be able to patch in an agile way, which means that operations teams need to know which infrastructure components are vulnerable and have options for managing that vulnerability. Fast patch deployment should be a priority, but virtual patching should also be available to give security teams enough time to fix problems without causing more issues.
Overall, cloud services and platforms tend to be more secure than the average company’s infrastructure owing to service-level agreements and regular updating and patching, so businesses should focus on the aspects of cloud within their control. Companies will find the cloud a much more secure option if they focus on controlling access and credentials, keeping services available, and managing vulnerabilities in the parts of the cloud infrastructure that are under their control.
As a Senior Security Solutions Architect at F5 Networks, Brian McHenry focuses on web application and network security. McHenry acts as a liaison between customers and the F5 product teams, providing a hands-on, real-world perspective. He is a regular contributor on InformationSecurityBuzz.com, a co-founder of BSidesNYC, and a speaker at AppSecUSA, BC Aware Day, GoSec Montreal, and the Central Ohio Infosec Summit, among others. Prior to joining F5 in 2008, McHenry, a self-described IT generalist, held leadership positions within a variety of technology organizations, ranging from startups to major financial services firms.