Cloud computing has been an amazing technological breakthrough. 由于它的特点, such as 24/7 on-demand 可用性, 任何地方的可访问性, 可伸缩性, 以及在线存储, 它为在云上运行业务操作的澳门赌场官方下载提供了许多成本优势. 这些组织不需要产生资本支出,也不需要在计算基础设施上进行巨额投资. 相反,他们可以只支付所需的费用,并在需要时扩大规模. 除了, cloud computing leads to lower power costs, lower staff costs and reduced carbon footprint.
As a result, cloud adoption is occurring at a fast rate globally. 根据 Flexera 2024 State of the Cloud report, “向混合云和多云环境的转变凸显了全面成本管理的重要性, with nearly half of all workloads and data in the public cloud, 澳门赌场官方下载使用多云的比例从去年的87%上升到今年的89%.”
然而, 随着过去几年云计算使用量的增加, security threats have increased exponentially. 我们将在下面回顾一些当前的云攻击类型和新出现的威胁, along with possible countermeasures, drawing upon select research reports published in 2023 and 2024.
Cloud Computing: Current Threats and Vulnerabilities
按 Palo Alto Networks的Unit 42最新攻击面威胁研究报告, 在所有行业的组织中观察到的五分之四的安全漏洞来自云环境. This report outlined the most common security flaws, of which 60% come from web framework takeover (22.8%), remote access services (20.8%) and from IT security and 网络 infrastructure (17.1%).
它还强调了云产品的不断变化如何显著影响用户的暴露. 的 threat research team’s recommendations are as follows:
- 对所有可访问的互联网资产保持全面、实时的了解
- Regularly review and update cloud configurations
- Foster collaboration between security and DevOps teams
- 专注于解决最关键的漏洞和暴露.
同时,根据 Google Cloud Cyber Security Forecast 2024 report, 2024年将见证生成式人工智能和大型语言模型(llm)在网络钓鱼中的应用, 攻击者通过短信和社会工程操作来传播假新闻. 在世界经济论坛于2024年1月发布的《2024年全球网络安全展望》洞察报告中, the majority believe that “In the next two years, Generative AI will provide Cyber advantage to attackers (55.9%).”
因此,生成式人工智能将成为云计算的主要威胁.
Here are five other top cloud vulnerabilities:
1. 云配置错误
涉及云组件(如存储)的任何云错误配置, 网络, 访问控制, 等., can lead to cyberthreat exposure. It was reported last year that 日本汽车制造商丰田表示,约有26万名客户的数据在网上曝光 due to a misconfigured cloud environment. Some of the remedial measures include:
- Hardening the servers and closing the open ports
- Ensuring the functioning of logging mechanisms
- Strengthening 访问控制
- Periodic configurations audits
- 云端安全存储
2. 多重云漏洞
如上所述, 89% of organizations are using multicloud this year, which leads to shared technology vulnerabilities. Vulnerabilities in common software design, web浏览器, 而普通的数据库系统可能导致网络钓鱼和恶意软件攻击, data breaches and other security issues. Remediation measures include:
- 根据最佳实践和标准对服务器和防火墙进行加固
- 网络分段和适当的非军事区(DMZ)管理
- Patch management schedule per vendor recommendations
- 安全体系结构实现,遵循设计方法的安全性
3. 缺乏安全api
In November 2022, a Twitter API security breach exposed the personal data of 5.400万用户. 部分数据在暗网上出售,其余的则免费发布. 看看我之前的想法 这里是API安全性.
4. 缺乏透明度
A lack of transparency due to insufficient monitoring mechanisms, a lack of insight into user activities, 有时,即使是实时报告也会降低异常行为的检测速度,甚至降低检测任何已知攻击模式的机会. Research conducted by Illumio 到2023年,近一半的数据泄露源自云端, costing organizations an average of US$4.100万年, 95%的受访者指出,缺乏可视性和对攻击的反应迟缓是主要原因. 健壮的日志记录和监视机制是提高可见性和透明度的好方法.
5. Serverless architecture vulnerabilities
的 global serverless architecture market size 了7美元.6 billion in 2020 and is expected to grow at a CAGR of 22.7%,达到21美元.到2026年底将达到10亿美元. 无服务器架构意味着云提供商提供服务器,我们需要上传代码并进行操作. This is known as Function as a Service (FaaS), 在哪些情况下,计费是基于网络请求和在部署的功能上发生的活动的数量. 通过健壮的软件开发实践和对无服务器功能授予正确的访问控制权限,可以有效地修复无服务器架构漏洞.
从一个 2023 industry research report,云计算中常见的网络威胁和攻击类型的调查结果如下:
如上图所示,云计算环境中最常见的威胁和攻击有:
- 数据丢失或数据泄漏
- Denial of Service or Distributed Denial of Service attacks
- 中间人攻击
- 恶意软件
- 僵尸网络攻击
- 社会工程
- 账户劫持
的 most common mitigation techniques adopted as mentioned in the research report are as follows:
- Intrusion prevention systems
- 双因素身份验证
- 防火墙
- Machine learning and artificial intelligence
- 数据加密
研究报告得出结论,云计算最大的威胁是数据泄露,最推荐的技术是IPS或IDS来缓解云计算的威胁.
Protect Your Cloud Infrastructure
云计算是一种惊人的进化,它提供了更多的灵活性等优势, 可用性, increased performance and efficiency, while helping to lower IT costs. 重要的是, 它通过轻松地与人工智能和机器学习用例协作来执行其操作,从而加速了创新.
然而,云也面临着来自人工智能和机器学习的严重威胁. 除了, 云操作及其部署方法也在保护数据和隐私方面提出了挑战. 因此, in addition to deploying traditional security countermeasures, 我们应该有一个强大的战略来保护云基础设施免受人工智能的网络攻击.
作者附言: 的 所表达的意见是作者自己的观点,并不一定代表他所隶属的组织或认证机构的观点.
