Is Cloud Computing Good or Bad? Cloud Computing - The network of remote servers hosted on the Internet to store, manage, and process data instead of a local server. The much hyped cloud computing may excite all but the following top threats are more than enough to make you feel insecured about the buzzing Cloud Computing. 1) EASY DATA BREACH A virtual machine could be used to side channel timing information to extract private #cryptographic keys being used in other virtual machines on the same physical server. However, in many cases an attacker wouldn’t even need to go to such lengths. If a multitenant cloud service database is not properly designed, a flaw in one client’s application could allow an attacker access not only to that client’s data, but every other client’s data as well. The data loss and data leakage are both serious threats to cloud computing, the measures you put in place to mitigate one of these threats can exacerbate the other. You may be able to encrypt your data to reduce the impact of a data breach,but if you lose your encryption key, you’ll lose your data as well. Conversely, you may decide to keep offline backups of your data to reduce the impact of a catastrophic data loss, but this increases your exposure to data breaches only. 2) DATA LOSS Data stored in the cloud can be lost due to reasons other than malicious attackers. Any accidental deletion by the cloud service provider, or worse, a physical catastrophe such as a fire or earthquake, could lead to the permanent loss of customers’ data unless the provider takes adequate measures to backup data.If a customer encrypts his or her data before uploading it to the cloud, but loses the encryption key, the data will be lost as well. 3) HIJACK OF ACCOUNTS AND SERVICE TRAFFICS Account or service hijacking is not new so as the attacking methods such as #phishing, fraud and exploitation of #software #vulnerabilities still achieve results.Credentials and passwords are often reused, which amplifies the impact of such attacks. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. 4) INSECURE INTERFACES Cloud computing providers expose a set of #software #interfaces that customers use to manage and interact with cloud services. Provisioning, management, orchestration and monitoring are all performed using these interfaces. The security and availability of general cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. 5) DENIAL OF SERVICE Denial-of-service attacks are attacks meant to prevent users of a cloud service from being able to access their data or their applications. By forcing the victim cloud service to consume inordinate amounts of finite system resources such as processor power, memory, disk space or network bandwidth, the attacker (or attackers, as is the case in distributed denial-of-service (DDoS) attacks) causes an intolerable system slowdown and leaves all of the legitimate service users confused and angry as to why the service isn’t responding. 6) MALICIOUS INSIDERS The risk of malicious insiders has been debated in the security industry. While the level of threat is left to debate, the fact that the insider threat is a real adversary is not.A malicious insider, such as a system administrator, in an improperly designed cloud scenario can have access to potentially sensitive information.Systems that depend solely on the cloud service provider (CSP) for security are at great risk here. Even if encryption is implemented, if the keys are not kept with the customer and are only available at data-usage time, the system is still vulnerable to malicious insider attack. 7) ABUSE OF CLOUD SERVICES One of cloud computing’s greatest benefits is that it allows even small organizations access to vast amounts of computing power.might take an attacker years to crack an encryption key using his own limited hardware, but using an array of cloud servers, he might be able to crack it in minutes. Alternately, he might use that array of cloud servers to stage a DDoS attack, serve malware or distribute pirated software. This threat is more of an issue for cloud service providers than cloud consumers, but it does raise a number of serious implications for those providers. 8 ) Shared Technology Vulnerabilities Cloud service providers deliver their services in a scalable way by sharing infrastructure, platforms, and applications. Whether it’s the underlying components that make up this infrastructure (e.g. CPU caches, GPUs, etc.)
Posted on: Tue, 10 Sep 2013 18:25:49 +0000
Trending Topics
Recently Viewed Topics
© 2015