28-06-2012, 12:57 PM
Top Threats to Cloud Computing V1.0
Top Threats to Cloud Computing.pdf (Size: 103.19 KB / Downloads: 19)
Executive Summary
Cloud Computing represents one of the most significant shifts in information technology many of us are
likely to see in our lifetimes. Reaching the point where computing functions as a utility has great
potential, promising innovations we cannot yet imagine.
Customers are both excited and nervous at the prospects of Cloud Computing. They are excited by the
opportunities to reduce capital costs. They are excited for a chance to divest themselves of infrastructure
management, and focus on core competencies. Most of all, they are excited by the agility offered by the
on-demand provisioning of computing and the ability to align information technology with business
strategies and needs more readily. However, customers are also very concerned about the risks of Cloud
Computing if not properly secured, and the loss of direct control over systems for which they are
nonetheless accountable.
Abuse and Nefarious Use of Cloud Computing
Description
IaaS providers offer their customers the illusion of unlimited compute,
network, and storage capacity — often coupled with a ‘frictionless’
registration process where anyone with a valid credit card can register
and immediately begin using cloud services. Some providers even offer
free limited trial periods. By abusing the relative anonymity behind
these registration and usage models, spammers, malicious code authors,
and other criminals have been able to conduct their activities with
relative impunity. PaaS providers have traditionally suffered most from
this kind of attacks; however, recent evidence shows that hackers have
begun to target IaaS vendors as well.
Insecure Interfaces and APIs
Description
Cloud Computing providers expose a set of software interfaces or APIs
that customers use to manage and interact with cloud services.
Provisioning, management, orchestration, and monitoring are all
performed using these interfaces. The security and availability of
general cloud services is dependent upon the security of these basic
APIs. From authentication and access control to encryption and
activity monitoring, these interfaces must be designed to protect against
both accidental and malicious attempts to circumvent policy.
Furthermore, organizations and third parties often build upon these
interfaces to offer value-added services to their customers.