The Worst Threats to Cloud Computing
CSA Global Research Director J.R. Santos said the list of nine threats was released with the intent of bringing increased awareness to help companies make informed decisions to mitigate risks within their cloud adoption strategy.
As-a-service adoption doesnt mean you let your guard down. According to CSA: whether the service model is IaaS, PaaS or SaaS ... the key is that a single vulnerability or misconfiguration can lead to a compromise across an entire providers cloud.
CSA warns not to get swept up in the gold rush mentality of low-bid providers and promises of the moon and stars. The organization recommends: organizations moving to a cloud technology model ... must have capable resources and perform extensive internal and [service provider] due diligence and understand the risks it assumes.
At one time the top perceived threat with the cloud, this provider-side risk still holds water. The questions cloud providers need to answer are: How will you detect people abusing your service? How will you define abuse? How will you prevent them from doing it again?
The potential for an attack from a malicious insider, such as a system administrator, is a subject of debate. Yet deployment to a cloud does little to abate management fears.
Preventing access to cloud services in the first place has become an in vogue method of disruption. In 2010, DOS attackers werent ranked in the top nine cloud threats. Their use by hackers and attackers now can leave cloud users with a feeling akin to being stuck in rush-hour gridlock.
Although insecure interfaces arent deemed as damning a threat as in past CSA assessments, it remains important for cloud consumers to understand security implications with the usage, management, orchestration and monitoring of cloud services.
Unfortunately, CSA notes that phishing, fraud and exploitation of software vulnerabilities still produce results. With access to credentials and, subsequently, cloud accounts via these measures, your account or service instances may become a new base for the attacker. Avoid sharing of account credentials among users and services, and leverage two-factor authentication when possible, CSA recommends.
Accidents will happen, along with natural disasters, putting data loss near the top of cloud threats. Regular backup measures and encryption safeguards can protect much of the increasing amount of data stowed in the cloud.
Ranked as the fifth-largest threat to cloud deployments in 2010, data breaches now rank as the biggest risk to cloud environments. In one instance, CSA cited a 2012 academic study that outlined ways VMs could be used to extract cryptographic keys for other VMs on the same server.
As cloud computing adoption and capabilities change, so, too, do the threats. The Cloud Security Alliance this week released a survey from its threats working group that ranks the top nine threats to cloud computing deployments in 2013.
5 Key IT Spending Trends
Future of Big Data: 12 Society & Technology Trends to Expect
The Top 15 Paying Technology Certifications For 2016
Top 10 Strategic Technologies for Government in 2016
JUNE TOP READER PICK 19 Tips To Help You Land a CDO Job
JUNE TOP READER PICK Big Data in 2016: 11 Biggest Professional Services Cos.
JUNE TOP READER PICK Big Data in 2016: 10 Biggest Software Companies
JUNE TOP READER PICK Gartner's 19 In-memory Databases for Big Data Analytics