Question

In: Computer Science

Describe the major Information Security risks that you see associated with the move to this Microservices...

Describe the major Information Security risks that you see associated with the move to this Microservices strategy for Web Services. You should name and describe each risk that you estimate its likelihood and consequence and then describe a possible control for the risk and describe using tabular form

Solutions

Expert Solution

Based on the above Question

1. Lack of Encryption:-
Network transmissions are vulnerable to eavesdropping and Man-in-the-Middle (MitM) attacks that circumvent mutual authentication by impersonating endpoints. Mobility enterprise managers must encrypt communications and data to prevent security incursions.

Fix:

  • Shield transmissions from random attacks with cryptographic protocols that include endpoint authentication.
  • Employ a reliable VPN.
  • Use a reliable proxy server
  • Encrypt all transmissions using SSL/TLS to manage server authentication and prevent interception of data off the wire
  • Use Secure Shell (SSH) network tunnel protocols to send unencrypted traffic over a network.

2. Inadequate Security Risk Assessment

Fix:Failing to perform detailed risk profiles of an IT infrastructure and systems prevents network administrators from determining how and where an intrusion has occurred or when it happened. It makes future breaches virtually impossible to prevent.

  • Rigorous risk prevention and assessment must be in place - at all times.
  • IDS/IPS systems should always scan for any malicious traffic.
  • Log monitoring must be activated and software updates current.
  • A holistic approach is the best way to handle network organization security using a reliable SIEM system. This way all enterprise security data can be viewed and easily trended.

3. Poor Compliance:-Hybrid clouds require more due diligence when it comes to compliance. Both the public cloud provider and your private cloud must stay within compliance parameters. Maintaining and demonstrating compliance is more difficult with the hybrid model because data moves back and forth.

Fix:

  • The two clouds must be coordinated. You not only have to ensure that your public cloud provider and private cloud are in compliance, but demonstrate the compliance of the two clouds as they work together.
  • The two cloud must meet industry standards for data security when handling sensitive data.

4. Weak Security Management:-Too many enterprise managers run amuck when they fail to employ authentication, identity management, and authorization procedures for both their private and public cloud. Cloud security protocols must be integrated.

Fix:

  • Replicate controls for both clouds.
  • Synchronize security data or use an identity management service that works with systems you run in either cloud.
  • Maintain in-house data storage for sensitive data not appropriate for the public cloud.

5. Poor Data Redundancy:-A lack of redundancy puts a hybrid IT cloud and your enterprise at risk. This is especially true if you don’t have redundant copies of data properly distributed across all data centers. Distributing data this way mitigates the damage that occurs when there is an outage in one data center.

Fix:

Implement redundancy. This can be accomplished three ways:

  • By utilizing multiple data centers from one cloud provider
  • From many public cloud providers
  • From a hybrid cloud

6. Unprotected APIs:-When unprotected, API endpoints expose sensitive data to malicious attacks that exploit an authentication/authorization token or key to manipulate personal information and data. This vulnerability is of particular concern in enterprise mobility management and BYOD transmissions over unsecure connections.

Fix:

  • API keys must be handled in the same manner as encryption and code-signing keys.
  • Third- party developers must be sure to handle keys securely.
  • Always verify a third-party before releasing API keys to avoid a security breach.

8. Denial-of-Service (DoS) Attacks:- Attackers render a cloud or mobile enterprise inaccessible by issuing a DoS attack. Network service is disrupted in the virtual environment through an inherent weakness in shared resources such as CPU, RAM, and disk space or network bandwidth.

Fix:

Denial of Service attacks on cloud management APIs are often caused by sending bad SOAP or REST requests from the enterprise.

  • Flow analytics can fend off DoD attacks by reacting to the incursion and redirecting traffic to a mitigation device.
  • Keep in mind, the flow analytics tool must be scalable for the amount of traffic it gathers and analyzes. Because it is a slower method, it is not as effective in combating volumetric (DDoS) attacks.



    If you have any Queries please comment below.
    If you like my answer Please Upvote / Like it.
    Thank you

Related Solutions

Managing IT security and risks Information security is critical in the development and implementation of information...
Managing IT security and risks Information security is critical in the development and implementation of information systems in organizations. Assume that you are developing a customer relationship management system for Morita Loan, list five methods that you can use to protect the data in such a system and discuss how you can implement these five means for information security.
Explain in at least a paragraph What are the risks associated with a pervasive security infrastructure?...
Explain in at least a paragraph What are the risks associated with a pervasive security infrastructure? What are the reasons for NOT having such infrastructure? What are the alternatives?
What are the main steps of a physical inventory. What are the major risks associated with...
What are the main steps of a physical inventory. What are the major risks associated with performing a physical inventory?
Identify three major laws and how they relate to Information security describe them in detail
Identify three major laws and how they relate to Information security describe them in detail
Describe two risks associated with using visualizations as part of ADA.
Describe two risks associated with using visualizations as part of ADA.
Describe the specific risks, benefits, and internal controls associated with IT functions.
Describe the specific risks, benefits, and internal controls associated with IT functions.
Describe the major risks of international diversification in parapgraph form.
Describe the major risks of international diversification in parapgraph form.
What are the major risks associated with for-profit hospitals for the following: CEO: PATIENT: PAYER: SOCIETY:
What are the major risks associated with for-profit hospitals for the following: CEO: PATIENT: PAYER: SOCIETY:
If you are a retiree, which of the following risks associated with the bonds are you...
If you are a retiree, which of the following risks associated with the bonds are you most concerned about? a Price Risk b. Interest Rate Risk c. Default Risk d. Reinvestment Risk 2. Preferred stock is considered hybrid between bond and stock because the company must pay dividend every year to holders of preferred stock. True False 3. A bond has a $1,900 par value, 10 years to maturity, and 7% annual coupon and sells for $1,800. (2 pts.) What...
describe “divorce as a risk for children.” How does their review of the risks associated with...
describe “divorce as a risk for children.” How does their review of the risks associated with divorce illustrate both selection and causal effects of divorce on children’s outcomes?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT