Chris Whitener of HPInsecure interfaces and APIs can wreak havoc on your IT system. For instance, watch for anonymous access and/or reusable tokens or passwords. Check for clear-text authentication or transmission of content.
Malicious insiders are also a high-level threat. Before moving to the cloud, know which insiders have access to the system: current/former employees, contractors and business partners. The FBI says that 75 percent of people leaving jobs are taking company data with them. However a bigger threat comes from the people that remain at the company after a layoff. They often will take company data to protect themselves in case they get laid off next.
IT departments need to identify where data loss or leakage can occur. Do you have sufficient authentication, authorization and audit controls, and consistent use of encryption and software keys. Ask how reliable your data center is and who has access in a disaster.
Account or service hijacking continues to be rampant as well. Security threats come from phishing, fraud and exploitation of software vulnerabilities. Credentials and passwords are often reused, which amplifies the impact of such attacks.
As the industry moves more into the cloud, Whitener urged IT firms to standardize, virtualize, consolidate – in order to better manage security threats and automate higher levels of protection.
