According to Alert Logic’s report, the top three incidents for cloud hosting customers it surveyed were:
- Web application attacks that exploit vulnerabilities in web-facing applications (for example, SQL injection and cross-site scripting). More than half of all cloud hosting customers surveyed reported having experienced these attacks.
- Brute force attacks, such as password cracking — these are unsophisticated but effective, and nearly a third of cloud hosting customers say they were targeted.
- Vulnerability scans used by attackers to probe infrastructure for vulnerabilities they can exploit. Over a quarter of cloud hosting customers said they were scanned during the study period.
It’s worth noting that when looking at enterprise data centers, two of the top three threats were the same (web app and brute force attacks). The big difference is that half of those customers also experienced malware and botnet activity, while only 5% of cloud hosting customers reported that.
The take-home message? Security programs need to be tailored to the threat profile for each environment. While the cloud isn’t inherently unsafe, it is a bit different. As you think about your security investments, think about the workloads you’re deploying and the kinds of attacks they’re likely to experience.
Thoughts on this post? Let us know on Twitter @CloudGathering.
By Jake Gardner