{"id":189780,"date":"2021-02-26T18:00:04","date_gmt":"2021-02-26T15:00:04","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/the-top-five-cloud-security-threats-cloudsavvy-it\/"},"modified":"2021-02-26T18:00:04","modified_gmt":"2021-02-26T15:00:04","slug":"the-top-five-cloud-security-threats-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/","title":{"rendered":"#The Top Five Cloud Security Threats \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2b361ebb8af\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2b361ebb8af\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#High_Availability_%E2%80%93_Including_Threat_Actors\" >High Availability \u2013 Including Threat Actors<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#Misconfiguration_and_Human_Error\" >Misconfiguration and Human Error<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#Lack_of_Change_Control\" >Lack of Change Control<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#Account_Hijacking\" >Account Hijacking<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#Reduced_Visibility\" >Reduced Visibility<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#Non-Compliance_With_Data_Protection_Regulations\" >Non-Compliance With Data Protection Regulations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-five-cloud-security-threats-cloudsavvy-it\/#Done_Right_Its_a_Full-Time_Job\" >Done Right, It\u2019s\u00a0 a Full-Time Job<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#The Top Five Cloud Security Threats \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-9871 size-full\" src=\"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/28ba7a5c68bfeb09d944ddeabed37ec2\/p\/uploads\/2021\/02\/f6f32294.png\" alt=\"\" width=\"700\" height=\"333\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/smart-city-concept-1255863442\" data-credittext=\"Shutterstock\/metamorworks\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/smart-city-concept-1255863442\">Shutterstock\/metamorworks<\/a><\/span><\/figcaption><\/figure>\n<p>Practically every business is running some kind of cloud network, meaning cloud security is vital. Here is our list of topics that you need to be in control of to stay safe.<\/p>\n<h2 id=\"high-availability---including-threat-actors\"><span class=\"ez-toc-section\" id=\"High_Availability_%E2%80%93_Including_Threat_Actors\"><\/span>High Availability \u2013 Including Threat Actors<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>One of the major benefits of the cloud is the high-availability it offers to your hosted resources. They are accessible from anywhere. And that\u2019s great. But it also means your cloud-infrastructure is\u2014inevitably!\u2014internet-facing. That makes it easy for any threat actor to try to connect to your servers and services, to do port scanning, dictionary attacks, and reconnaissance activities.<\/p>\n<p>Some of the security issues that need addressing for cloud infrastructure are the same as those for on-premise, traditional infrastructure. Some are different or include additional challenges. The first step is to identify the risks associated with your cloud infrastructure. You need to implement counter-measures and other responses and activities that reduce or mitigate those risks. Make sure you actually document them and rehearse them with all stakeholders present and engaged. This will form your overarching cloud security strategy.<\/p>\n<p>Not having a cloud security strategy is like ignoring cyber security for terrestrial networks. Actually, it is probably worse because of the internet-facing nature of the cloud.<\/p>\n<p>The particular risks that you face vary slightly depending on how your using the cloud and what mixture of cloud offerings you\u2019re using: infrastructure-as-a-Service, platform-as-a-service, Software-as-a-Service, Containers-as-a-Service, and so on. And there are different ways to categorize the risks. We\u2019ve gathered them together into coherent but generic risk groups. There may be some that do not <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly to your exact use cases, but make sure that really is the case before you discard them.<\/p>\n<h2 id=\"misconfiguration-and-human-error\"><span class=\"ez-toc-section\" id=\"Misconfiguration_and_Human_Error\"><\/span>Misconfiguration and Human Error<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Errors through oversight, overwork, or simply not knowing any better still abound in organizations of all sizes. Forgotten items and missed settings cause system compromises every week. The massive\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/2017_Equifax_data_breach\">Equifax breach of 2017<\/a>\u00a0that leaked the personal data of over 160 million people exploited an out-of-date SSL certificate. If there had been a process governing renewable items and clear guidance on who was responsible for the process it\u2019s probable the certificate would have been renewed and the breach would never have occurred.<\/p>\n<p>Unsecured containers are found almost weekly by security researchers using tools such as\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shodan.io\/\">Shodan<\/a>, a search engine that looks for devices, ports, and services. Some of these breaches and exposures arise because people expect things to be secure by default, which is not the case. Once you\u2019ve spun up your remote server you need to undertake the same hardening steps and security improvements as any other server. Patching is vital too. To maintain the integrity of the server\u2019s defenses it needs to have security and maintenance patches applied to it in a timely fashion.<\/p>\n<p>Applications, especially data stores and databases such as\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.elastic.co\/elasticsearch\/\">Elastic Search<\/a>, need to be hardened after installation too. Default accounts need to have their credentials changed and APIs protected with the highest level of security that is offered.<\/p>\n<p>Two-factor or multi-factor authentication should be used if it is available. Avoid SMS-based two-factor authentication, it is easily compromised. Unused API\u2019s should be switched off if they are not needed, or blocked with unissued\u2014and private\u2014API keys to prevent their use.\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Web_application_firewall\">Web application firewalls<\/a>\u00a0will provide protection against threats such as SQL injection attacks and cross-site scripting.<\/p>\n<h2 id=\"lack-of-change-control\"><span class=\"ez-toc-section\" id=\"Lack_of_Change_Control\"><\/span>Lack of Change Control<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Related to configuration errors are vulnerabilities introduced when you change or update a working system. should be done in a controlled and predictable fashion. This means planning and agreeing on the changes, reviewing the code, applying the changes to a sandboxed system, testing them, and rolling them out to the live system. This is something perfectly suited to automation\u2014as long as the development to deployment pipeline is suitably robust and actually tests what you think it does, as thoroughly as you need it to.<\/p>\n<p>Other changes that you need to be aware of are in the threat landscape. You can\u2019t control new vulnerabilities being discovered and added to the list of exploits the threat actors can use. What you can do is ensure that you scan your cloud infrastructure so that all <em>currently known<\/em> vulnerabilities are addressed.<\/p>\n<p>Frequent and thorough penetration scans should be run against your cloud infrastructure. Finding and rectifying vulnerabilities is a core element of keeping your cloud investment secure. Penetration scans can search for forgotten open ports, weak or unprotected APIs, outdated protocol stacks, common misconfigurations, all the vulnerabilities in the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cve.mitre.org\/\">Common Vulnerabilities and Exposures<\/a>\u00a0database, and more. They can be automated and set to alert when an actionable item has been discovered.<\/p>\n<h2 id=\"account-hijacking\"><span class=\"ez-toc-section\" id=\"Account_Hijacking\"><\/span>Account Hijacking<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Account hijacking is the name for compromising a system by accessing an authorized person\u2019s email account, login credentials, or any other information required to authenticate against a computer system or service. The threat actor is then at liberty to change the password for the account and to conduct malicious and illegal activity. If they have compromised an administrator\u2019s account they can create a new account for themselves and then log into that, leaving the administrator\u2019s account seemingly untouched.<\/p>\n<p>Phishing attacks or dictionary attacks are common means of obtaining credentials. In addition to dictionary words and permutations using the common number and letter substitutions, dictionary attacks use databases of passwords from other data breaches. If any of the account holders were caught up in previous breaches on other systems and re-use the compromised password on your systems they\u2019ve created a vulnerability on your system. Passwords should never be re-used on other systems.<\/p>\n<p>Two-factor and multi-factor authentication will help here, as will automated scanning of logs looking for failed access attempts. But make sure you check on the policies and procedures of your hosting provider. You assume they\u2019ll be following industry best practices, but in 2019 it was revealed that Google had been\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cloud.google.com\/blog\/products\/g-suite\/notifying-administrators-about-unhashed-password-storage\">storing G Suite passwords in plain text<\/a>\u2014for 14 years.<\/p>\n<h2 id=\"reduced-visibility\"><span class=\"ez-toc-section\" id=\"Reduced_Visibility\"><\/span>Reduced Visibility<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Driving in fog is a thankless task. And administering a system without the low-level, granular information that security professionals use to monitor and verify the security of a network is a similar prospect. You won\u2019t do as good a job as if you can see what you need to.<\/p>\n<p>Most cloud servers usually support multiple connection methods such as Remote Desktop Protocol, Secure Shell, and built-in web portals to name a few. All of these can be attacked. If attacks are happening you need to know. Some hosting providers can give you better logging or more transparent access to logs but you must request this. They don\u2019t do it by default.<\/p>\n<p>Having access to the logs is just the first step. You need to analyze them and look for suspicious behavior or unusual events. Aggregating the logs from several different systems and looking through them over a single timeline can be more revealing than wading through each log individually. The only way to realistically achieve that is to use automated tools that will look for inexplicable or suspicious events. The better tools will also match and find patterns of events that might be the result of attacks, and which certainly warrant further investigation.<\/p>\n<h2 id=\"non-compliance-with-data-protection-regulations\"><span class=\"ez-toc-section\" id=\"Non-Compliance_With_Data_Protection_Regulations\"><\/span>Non-Compliance With Data Protection Regulations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Non-compliance is the data protection and data privacy equivalent of system misconfiguration. Not implementing legally-required policies and procedures to ensure the lawful collection, processing, and transmission of personal data is a different type of vulnerability, but it is vulnerability nonetheless.<\/p>\n<p>It is an easy trap to fall into, too. Data protection is obviously a good thing, and legislation that requires organizations to function in ways that safeguard and protect people\u2019s data is also a good thing. But keeping track of the legislation itself is very difficult without specialist help or in-house resources with sufficient skills and experience.<\/p>\n<p>Fresh legislation is being enacted all the time and existing legislation is amended.\u00a0When the United Kingdom left the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Eurasian_Economic_Union\">European Economic Union<\/a>\u00a0(EEU) on Jan.\u00a031, 2020, UK companies found themselves in a curious position. They must adhere to the UK-specific version of the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.legislation.gov.uk\/ukpga\/2018\/12\/part\/2\/chapter\/2\/enacted\">General Data Protection Regulation<\/a>\u00a0contained within Chapter Two of the UK\u2019s\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.legislation.gov.uk\/ukpga\/2018\/12\/contents\/enacted\">Data Protection Act, 2018<\/a>\u2014for any data they hold on UK citizens. If any of the personal data they hold belongs to people residing elsewhere in Europe then the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679&amp;qid=1600605964569&amp;from=EN\">EU GDPR<\/a>\u00a0comes into play.<\/p>\n<p>And the GDPR applies to all organizations, regardless of where they are based. If you collect, process, or store the personal data belonging to UK or European citizens one of those GDPRs will apply to you\u2014it isn\u2019t just UK and EU organizations that have to deal with this. The same model applies to the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/leginfo.legislature.ca.gov\/faces\/billVersionsCompareClient.xhtml?bill_id=201720180SB1121\">California Consumer Privacy Act<\/a>\u00a0(CCPA). It protects Californian residents regardless of where the data processing takes place. So it isn\u2019t something only Californian organizations need to get to grips with. It\u2019s not your location that counts. It\u2019s the location of the <em>person whose data you\u2019re processing<\/em> that counts.<\/p>\n<p>California isn\u2019t alone in addressing data privacy through legislation.\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/legiscan.com\/NV\/bill\/SB220\/2019\">Nevada<\/a>\u00a0and\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.maine.gov\/doe\/data-reporting\/privacy\/laws\">Maine<\/a>\u00a0also have legislation in place, and New York, Maryland, Massachusetts, Hawaii, and North Dakota are implementing their own data privacy laws.<\/p>\n<p>This is in addition to the legislation in vertically-focused federal legislation such as the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.hhs.gov\/hipaa\/index.html\">Health Insurance Portability and Accountability Act<\/a>\u00a0(HIPAA), the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ftc.gov\/enforcement\/rules\/rulemaking-regulatory-reform-proceedings\/childrens-online-privacy-protection-rule\">Children\u2019s Online Privacy Protection Rule<\/a>\u00a0(COPPA), and the\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ftc.gov\/tips-advice\/business-center\/privacy-and-security\/gramm-leach-bliley-act\">Gramm-Leach-Bliley Act<\/a>\u00a0(GLBA) should any of those apply to your activities.<\/p>\n<p>If you gather information through a portal or website in your cloud infrastructure, or process data on a hosted server some of this mass of legislation will apply to you.\u00a0Non-compliance can attract significant financial penalties in the case of data breaches, along with reputational damage and the possibility of class-action lawsuits.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Done_Right_Its_a_Full-Time_Job\"><\/span>Done Right, It\u2019s\u00a0 a Full-Time Job<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Security is a never-ending challenge and cloud computing brings its own set of unique concerns. A careful choice of hosting or service provider is a critical factor. Make sure you do thorough due diligence before formally engaging with them.<\/p>\n<ul>\n<li>Are they serious about security themselves? What is their track record?<\/li>\n<li>Do they offer guidance and support, or sell you their service and leave you to it?<\/li>\n<li>What security tools and measures do they provide as part of their service offering?<\/li>\n<li>What logs are made available to you?<\/li>\n<\/ul>\n<p>When cloud computing is discussed someone usually offers this well-known soundbite: \u201cCloud just means someone else\u2019s computer.\u201d Like all soundbites, it\u2019s a gross oversimplification. But there\u2019s still some truth in it. And that\u2019s a sobering thought.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/9754\/the-top-five-cloud-security-threats\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#The Top Five Cloud Security Threats \u2013 CloudSavvy IT&#8221; Shutterstock\/metamorworks Practically every business is running some kind of cloud network, meaning cloud security is vital. Here is our list of topics that you need to be in control of to stay safe. High Availability \u2013 Including Threat Actors One of the major benefits of the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":189781,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/thumbcache\/0\/0\/28ba7a5c68bfeb09d944ddeabed37ec2\/p\/uploads\/2021\/02\/f6f32294.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-189780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/189780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=189780"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/189780\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/189781"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=189780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=189780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=189780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}