Cloud Security Reports Missing Critical Elements

By Lawrence Walsh  |  Print this article Print

A new report by the Cloud Security Alliance and Hewlett-Packard define the security concerns that come with or hinder cloud computing implementations. There are several lists like this, and they all miss the business relationship aspects of ensuring cloud security.

 Everyone wants to talk about "The Cloud," a term that has become as amorphous as the concept of the ether once was for the Internet. There are more than two dozen definitions for what constitutes "the cloud," which is causing great confusion about the correct utilization. Consequently, how end users properly secure and maintain integrity of their clouds is of high concern.

A new report by the Cloud Security Alliance (CSA), commissioned by Hewlett-Packard, enumerates the security concerns of midmarket and enterprise customers. They are:

  • Abuse and Nefarious Use: This is a fancy way of saying hackers gaining access to applications and resources by cracking accounts and passwords.
  • Insecure APIs: Faulty code used to create hooks between on-premises applications and their cloud-based counterparts that could lead to a breach (see last item).
  • Malicious Insider Risks: Those in the data centers hosting the clouds using their credentials and access to manipulate applications and data, and steal digital valuables.
  • Shared Technology Vulnerabilities: Having malware infecting one virtual machine cross over the partitions through the hypervisor to infect other applications.
  • Data Loss and Leakage: The unauthorized or accidental release of data to third parties.
  • Account Service and Traffic Hijacking: This is another way of saying denial of service attacks.

>> CLICK HERE to read what's missing from this list

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.