Cloud Computing’s Seven Top Security Threats

tweetmeme_source = ‘datacompliancy’;tweetmeme_service = ‘bit.ly’;   As attractive as the promises of cloud computing are, an overarching concern over security in the nimbus has become a drag chute on the technology’s adoption by businesses. Why are companies concerned? Here are seven of the major risks worrying organizations about moving operations to the cybersphere, according to the Cloud Security Alliance:

1. Abuse of the Cloud. Cloud providers have become targets of cyber miscreants. As a result, some cloud providers have had blocks of their network addresses blacklisted. No business wants their brand tarnished by being associated with blacklisted services or have their email labeled as spam because it’s originating from a blacklisted source.
2. Insecure Applications. Insecure authorization, unencrypted passwords and content, and unknown services or API dependencies are just a few of the things that give a business’s data guardians nightmares about the cloud.
3. Malicious Insiders. Since the employment practices and internal policies on access to physical and virtual assets of a cloud provider aren’t often visible to its customers, vulnerability to a fifth column attack can be a real concern.
4. Shared Vulnerabilities. Since many customers are using a cloud provider’s resources, it’s important to compartmentalize services so one customer can’t access another’s data or network traffic. Robust compartmentalization hasn’t been a strong suit of cloud environments.
5. Data Loss. Insufficient authentication, authorization, and audit controls, as well as sketchy disaster recovery policies are just a few of the risks that can lead to data loss in the cloud.
6. Hijacking. If a Black Hat gains access to an organization’s cloud services through stolen credentials or other means, he or she can eavesdrop on activities and transactions, manipulate data, return falsified information, and redirect clients to illegitimate sites.
7. Unknown Risk Profile. Cloud providers like to tout the benefits of their services, but are less forthcoming about the nuts and bolts of their security procedures. Not knowing those details can expose an organization to threats that can affect its risk profile without its knowledge.