The Cloud Security Alliance published a resource entitled “The Notorious Nine Cloud Computing Top Threats in 2013.” Below we will address how each of these potential issues are avoided when using CapLinked software.
- Data Breaches
“It’s every CIO’s worst nightmare: the organization’s sensitive internal data falls into the hands of their competitors.”
CapLinked has a number of measures working in unison to prevent data breaches. All CapLinked data is encrypted, secured with with SSL, and connected using HTTPS. CapLinked is also SSAE16 Type I certified (formerly SAS70).
- Data Loss
“Any accidental deletion by the cloud service provider, or worse, a physical catastrophe such as a fire or earthquake, could lead to the permanent loss of customers’ data unless the provider takes adequate measures to backup data.”
CapLinked uses Amazon Web Services (AWS) to store files securely on a remote server, which also ensures redundancies and backup servers. AWS accreditations include ISO 27001, SOC1, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).
- Account or Service Tracking Hijacking
“Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results.”
CapLinked has very strict password and account requirements. After five attempts to log in, a user’s account will be locked for security. CapLinked also offers two-factor authentication, which adds an additional layer of security beyond just email and password credentials.
- Insecure Interfaces and APIs
“From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.”
CapLinked’s API is protected with token authentication. The API can only be accessed using an API key. Only custom integration customers are given the API keys and they must include the key every time their system accesses the API.
- Denial of Service
“By forcing the victim cloud service to consume inordinate amounts of finite system resources… the attacker… causes an intolerable system slowdown and leaves all of the legitimate service users confused and angry as to why the service isn’t responding.”
CapLinked uses elastic load-balancing to anticipate and absorb large influxes of requests. If a large number of requests originate from the same source, they are blocked and CapLinked developers are notified.
- Malicious Insiders
“A malicious insider, such as a system administrator, in an improperly designed cloud scenario can have access to potentially sensitive information.”
When using CapLinked, administrators have access to scalable permissions settings. Using CapLinked permissions settings, administrators can grant and revoke access to particular folders and assign various permissions levels to the folders including view-only, download, and upload. CapLinked also offer Digital Rights Management (DRM) and watermarking. To learn more, check out CapLinked’s product tour.
- Abuse of Cloud Services
“[An abuse of cloud services] is more of an issue for cloud service providers than cloud consumers, but it does raise a number of serious implications for those providers.”
CapLinked utilizes Amazon Web Services, who are known for their high levels of security and ability to monitor potential abuse. Amazon Web Services employ state-of-the art electronic surveillance and multi-factor access control systems. Visit AWS’s security page to learn more.
- Insufficient Due Diligence
“The bottom line for enterprises and organizations moving to a cloud technology model is that they must have capable resources, and perform extensive internal and CSP due-diligence…”
CapLinked is more than happy to educate potential users on the product, vendors/services used, and credentials that CapLinked has received with regards to cloud security. Our sales team is available to discuss CapLinked’s security qualifications, and our in-house developers are available to discuss more in-depth technical aspects of the product and its security measures.
- Shared Technology Vulnerabilities
“Cloud service providers deliver their services in a scalable way by sharing infrastructure, platforms, and applications.”
CapLinked has carefully chosen and audited all of the vendors and services used. Visit the CapLinked security page to learn more.
CapLinked is a platform that helps simplify workflow by making it easy to securely share documents in the cloud. If you’d like to learn more about CapLinked, our security credentials, or what the product can do for you, schedule a demo today.