Cloud Security Reports Missing Critical ElementsBy Lawrence Walsh | Posted 2010-03-02 Email Print
A new report by the Cloud Security Alliance and Hewlett-Packard define the security concerns that come with or hinder cloud computing implementations. There are several lists like this, and they all miss the business relationship aspects of ensuring cloud security.
Everyone wants to talk about "The Cloud," a term that has become as amorphous as the concept of the ether once was for the Internet. There are more than two dozen definitions for what constitutes "the cloud," which is causing great confusion about the correct utilization. Consequently, how end users properly secure and maintain integrity of their clouds is of high concern.
A new report by the Cloud Security Alliance (CSA), commissioned by Hewlett-Packard, enumerates the security concerns of midmarket and enterprise customers. They are:
- Abuse and Nefarious Use: This is a fancy way of saying hackers gaining access to applications and resources by cracking accounts and passwords.
- Insecure APIs: Faulty code used to create hooks between on-premises applications and their cloud-based counterparts that could lead to a breach (see last item).
- Malicious Insider Risks: Those in the data centers hosting the clouds using their credentials and access to manipulate applications and data, and steal digital valuables.
- Shared Technology Vulnerabilities: Having malware infecting one virtual machine cross over the partitions through the hypervisor to infect other applications.
- Data Loss and Leakage: The unauthorized or accidental release of data to third parties.
- Account Service and Traffic Hijacking: This is another way of saying denial of service attacks.