Skip to content

Cloud Computing’s Seven Top Security Threats

by on April 15, 2010

Skull As attractive as the promises of cloud computing are, an overarching concern over security in the nimbus has become a drag chute on the technology’s adoption by businesses. Why are companies concerned? Here are seven of the major risks worrying organizations about moving operations to the cybersphere, according to the Cloud Security Alliance:

  1. Abuse of the Cloud. Cloud providers have become targets of cyber miscreants. As a result, some cloud providers have had blocks of their network addresses blacklisted. No business wants their brand tarnished by being associated with blacklisted services or have their email labeled as spam because it’s originating from a blacklisted source.
  2. Insecure Applications. Insecure authorization, unencrypted passwords and content, and unknown services or API dependencies are just a few of the things that give a business’s data guardians nightmares about the cloud.
  3. Malicious Insiders. Since the employment practices and internal policies on access to physical and virtual assets of a cloud provider aren’t often visible to its customers, vulnerability to a fifth column attack can be a real concern.
  4. Shared Vulnerabilities. Since many customers are using a cloud provider’s resources, it’s important to compartmentalize services so one customer can’t access another’s data or network traffic. Robust compartmentalization hasn’t been a strong suit of cloud environments.
  5. Data Loss. Insufficient authentication, authorization, and audit controls, as well as sketchy disaster recovery policies are just a few of the risks that can lead to data loss in the cloud.
  6. Hijacking. If a Black Hat gains access to an organization’s cloud services through stolen credentials or other means, he or she can eavesdrop on activities and transactions, manipulate data, return falsified information, and redirect clients to illegitimate sites.
  7. Unknown Risk Profile. Cloud providers like to tout the benefits of their services, but are less forthcoming about the nuts and bolts of their security procedures. Not knowing those details can expose an organization to threats that can affect its risk profile without its knowledge.
2 Comments
  1. Definitely good points in this post. Thanks for sharing.
    Check out enStratus to manage keys outside the cloud with role-based security and encryption.

  2. Thanks very much for checking out our post. I’ll look into enStratus. I know for many of our customers, security is at the forefront of their concerns with cloud computing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: