Access to cloud services by standard passwords could cause a data security headache for businesses
Multiple use of similar passwords is causing problems when it comes to accessing sensitive data in the cloud.
Echoing recent claims that general questions are not secure enough to be used as a ‘forgot password' backup, and comments by Twitter, Facebook and Microsoft that the biggest problem with web security is still weak passwords, CRYPTOCard said that companies are unknowingly using predictable passwords to access services in the cloud.
It claimed that it takes less than a minute to gain someone's username and password with tools readily available on the internet, and hacking the password is the invisible and unseen threat to cloud computing.
Research found that two-thirds of respondents were unaware of whether or not people within the business were using applications such as Hotmail, Twitter or Google Mail, and whether these were based on cloud or in-house platforms.
Neil Hollister, CEO of CRYPTOCard, claimed that a problem remains that people use the same passwords at work as they do at home for the likes of webmail and social networking, and it is not just about hacking.
He said: “We are seeing efforts to take the token up and it is a slow process, as businesses take it up at work but do not put things together and say that they need to do something about it, and that is how people get viruses.”
He pointed at an example using white hat hacking using a social engineering attack, where they found out a personal interest and mocked up a page which referenced this – and it included malware. The recipient was intrigued and opened the page. Hollister said: “There is so much information for social engineering attacks and the only way to stop it is with a one-time password or it is too easy to get.”
Jason Hart, senior vice president of CRYPTOCard, said: “Access control and ‘identity' should be at the real heart of the cloud computing debate and central to its adoption yet it is clear that the true risk, that of reviewing the appropriate level and type of security protection, is not truly understood.
“The password is still the most vulnerable and softest point for a security breach to occur, so even if companies have the most robust security software and controls in place, the outdated system of a traditional user name and password is simply leaving the business exposed to hackers.
“Cloud computing security risks can be easily mitigated by implementing already existing solutions and so it is vital that businesses review their security policies immediately if they are to continue to protect their data and assets.”