Unauthorized access to protected client data is a substantial threat recognized by security professionals and clients alike. A recent report reveals that 53 percent of organizations participating in a cloud security spotlight study reported unauthorized access to client information through “misuse of employee credentials and improper access controls” (Bell). Moreover, security professionals recognize unauthorized access as the most important challenge to cloud security. The aim of this paper is to explore the threat of unauthorized access to confidential information, its risk, and impact.
In order to detect all possible threat sources, security professionals have to consider the following elements of threats: threat vectors, threat targets, and types of attacks (Leiss 84). Threat vectors have to be taken into consideration in order to track the path a threat takes to reach its target. Threat vectors come in numerous forms with Trojan programs and viruses, girlfriend exploits, and back doors being the most common ones (Leiss 84). The most popular threat targets are intellectual property, trade secrets, financial data, credit card numbers, social security numbers, and voice communication among others (Leiss 84). Any computer or electronic device that has access to the Internet can be attacked with malicious intent. The attacks can take the following forms: automated attacks, malicious mobile code, advanced persistent threats (APTs), and manual attacks (Rhodes-Ousley 47).
Risk analysis is an essential part of professional security efforts (Rhodes-Ousley 50). A risk of unauthorized access to protected data can be calculated as the probability of a threat “exploiting a vulnerability to cause an undesired result to an asset” (Rhodes-Ousley 52). The impact of such threats can be assessed by taking both quantitative and qualitative approaches to the risk analysis process. The magnitude and impact of unauthorized access to protected data also depend on the type of information stored on computers, mobile devices, and computer networks (Khalil et al. 413). For example, the loss of financial data and business plans can undermine a company’s image and destroy its competitive advantage (Cisco). Breaches of security can also lead to multi-million dollar lawsuits and fines. However, the most important result of unauthorized access to protected data is the reduction of customer confidence (Bell). Therefore, organizations take a multilevel approach to the enforcement of rights of privileged clients.
According to a recent article published on Help Net Security website, 27 percent of organizations participating in a survey reported using technology-based access controls, and 24 percent relied on the combination of technology and process (Help Net Security). However, 26 percent of the respondents were not able to control sharing of access rights (Help Net Security). The article also reveals that more than 5,000 security managers indicated an inability to “keep pace with change requests, inconsistent approval processes, high costs of monitoring and difficulty in validating access changes” (Help Net Security) as the main reasons for their inability to enforce their clients’ right to data protection. It means that in order to ensure successful management of privileged user access to their protected data, it is necessary to improve the current access management technologies and processes (Zain, Soh and Pardede 1072).
Security practitioners around the world recognize the significance of the threat of unauthorized access to protected data of clients. To safeguard data against this threat, it is necessary to develop and implement effective countermeasures, which vary depending on threat vectors, threat targets, and types of attacks.
Bell, Sharon. “Unauthorized Access is the Biggest Threat to Cloud Security.” CDCNetworks, Web.
Cisco. “Data Leakage Worldwide: Common Risks and Mistakes Employees Make.” Cisco, Web.
Khalil, Issa, Abdallah Khreishah, Salah Bouktif and Ahmad Azeem. “Security Concerns in Cloud Computing.” Cloud Security, vol. 12, no. 2, 2013, pp. 411-416.
Leiss, Ernst. Principles of Data Security. Springer Science & Business Media, 2012.
Rhodes-Ousley, Mark. Information Security. The Complete Reference, 2012.
Zain, Mohammed, Ben Soh, and Eric Pardede. “A Survey on Data Security Issues in Cloud Computing: From Single to Multi-Clouds.” Journal of Software, vol. 8, no. 5, 2013, pp. 1068-1078.