The Worst Threats to Cloud Computing
CSA Global Research Director J.R. Santos said the list of nine threats was released with the intent of bringing increased awareness to help companies make informed decisions to mitigate risks within their cloud adoption strategy.
As-a-service adoption doesnt mean you let your guard down. According to CSA: whether the service model is IaaS, PaaS or SaaS ... the key is that a single vulnerability or misconfiguration can lead to a compromise across an entire providers cloud.
CSA warns not to get swept up in the gold rush mentality of low-bid providers and promises of the moon and stars. The organization recommends: organizations moving to a cloud technology model ... must have capable resources and perform extensive internal and [service provider] due diligence and understand the risks it assumes.
At one time the top perceived threat with the cloud, this provider-side risk still holds water. The questions cloud providers need to answer are: How will you detect people abusing your service? How will you define abuse? How will you prevent them from doing it again?
The potential for an attack from a malicious insider, such as a system administrator, is a subject of debate. Yet deployment to a cloud does little to abate management fears.
Preventing access to cloud services in the first place has become an in vogue method of disruption. In 2010, DOS attackers werent ranked in the top nine cloud threats. Their use by hackers and attackers now can leave cloud users with a feeling akin to being stuck in rush-hour gridlock.
Although insecure interfaces arent deemed as damning a threat as in past CSA assessments, it remains important for cloud consumers to understand security implications with the usage, management, orchestration and monitoring of cloud services.
Unfortunately, CSA notes that phishing, fraud and exploitation of software vulnerabilities still produce results. With access to credentials and, subsequently, cloud accounts via these measures, your account or service instances may become a new base for the attacker. Avoid sharing of account credentials among users and services, and leverage two-factor authentication when possible, CSA recommends.
Accidents will happen, along with natural disasters, putting data loss near the top of cloud threats. Regular backup measures and encryption safeguards can protect much of the increasing amount of data stowed in the cloud.
Ranked as the fifth-largest threat to cloud deployments in 2010, data breaches now rank as the biggest risk to cloud environments. In one instance, CSA cited a 2012 academic study that outlined ways VMs could be used to extract cryptographic keys for other VMs on the same server.
As cloud computing adoption and capabilities change, so, too, do the threats. The Cloud Security Alliance this week released a survey from its threats working group that ranks the top nine threats to cloud computing deployments in 2013.