From tripwire.com
Cloud Security Challenges
Organizations embracing cloud environments must understand that cloud applications and services have become popular targets for cybercriminals. A few notable and inherent risks with cloud deployments include:
API Vulnerabilities
Unfortunately, API exploits are on the rise, costing organizations dearly. Whether it’s stolen data or denial-of-service (DoS) attacks, an API security breach can put data in the hands of criminals and cost a company its hard-won reputation in the blink of an eye.
To avoid API vulnerability exploits:
- Review APIs currently in use and keep a comprehensive record of all APIs in your environment. Keep logs from these APIs.
- Implement rate limiting to prevent criminals from DoS attacks, in which a user floods an API with request pings in an effort to cause the system to crash and go offline.
- Ensure strong authentication and session management controls, including enforcing strong passwords, defining session timeouts, and encrypting data in transmission.