• Home
• About
• My Articles
• My Conferences
• My Presentations
• CAEAP
• NY Giants

Cloud Computing Top Threats

popping..

The Cloud Security Alliance (CSA) released another important document today, Top Threats to Cloud Computing V1.0.  While many simply declare the cloud as insecure, organizations like the CSA work diligently on defining the standards, describing best practices, and highlighting the top risks and threats.

The top threats are:

1. Abuse and Nefarious Use of Cloud Computing
2. Insecure Application Programming Interfaces
3. Malicious Insiders
4. Shared Technology Vulnerabilities
5. Data Loss/Leakage
6. Account, Service & Traffic Hijacking
7. Unknown Risk Profile

It is interesting that for two of the top seven threats (Malicious Insiders and Account Hijacking), the document  had no public examples.  However, the consequences of either could be serious.  It is important to note that these two threats have many documented examples for on-premise data centers so companies moving to the cloud should address these risks with at least the same rigor that they would for their own datacenter.

When evaluating cloud service providers, I would highly recommend asking them how they mitigate the risks of these threats.  Amazon has a sound approach to security in the cloud that you can see here and a very good whitepaper on security.

Your vendor’s security policies and best practices are only part of the equation.  Composite applications deployed in the cloud can contain APIs from many sources.  If any API within the composite application is not built with the proper level of security, the entire application is at risk.  Also,  just because a company may outsource some of their infrastructure and software to a cloud provider, they still should monitor, log, and audit their cloud assets with the same rigor (if not more) than they would for an on-premise data center.

I would like to thank and congratulate the CSA for the completion of another important deliverable.  It is the dedication, passion, and professionalism of volunteers from organizations like the CSA who arm practitioners like myself with critical information so we can make better decisions when evaluating cloud computing service providers and make better design decisions if we choose to take advantage of the cloud.

I will leave you with this thought….

The cloud is not insecure, but your cloud  implementation, whether it is  SaaS, PaaS, or IaaS (or a combination of the three), may be insecure if you do not mitigate the risks of these top seven threats (and others).

Take the time to read the Top Threats document!

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.

Copyright Kavis Technology Consulting | Theme by DailyBlogTips