Reality Check: Server Insights

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

An attempt to narrow down the top threats to Cloud Computing

by kristenreyes on 11-07-2011 03:32 PM

Guest blog written by Tim Golden, Chief Technology Officer, HP ISS Americas

 

A Google search of the term “cloud security threats” opens up Pandora’s box of the worst threats on the Internet.  The search reveals all the monsters nightmares are made of: hackers, malware, crooked insiders, phishing scams and bots. If you are afraid of the slime monster in your closet, I suggest you stop reading now. If you want to better arm yourself and your cloud enterprise architecture; continue on to uncover some of cloud computing’s top threats.

 

First: a common misnomer. Cloud computing and virtual environments are not more dangerous than an on-site data center.  The security threats they face are different. The necessary security measures differ in scope as well. While the threats look different from the outside, they are the same on the inside.

 

The goal is to exploit your data, expose your weaknesses and make money during the process. Sometimes attacks are looking for credit card numbers to use, other times they want to sell your data or sell the access to your information. The threats facing cloud computing range in scope, some attack the virtual infrastructure while others compromise the integrity of data. They are all dangerous and proper measures should be taken to prevent their destruction.

 

The top threats as compiled by the Cloud Security Alliance

In March 2010, HP sponsored a report by the Cloud Security Alliance (CSA) entitled “Top Threats to Cloud Computing V1.0”.  The alliance states that it recognizes there are more threats than what are on this list.

 

“We have tried to focus on issues we feel are either unique to or greatly amplified by the key characteristics of Cloud Computing and its shared, on-demand nature,” the report states. The threats are not listed in order of severity; input was collected by survey from multiple sources.

 

Here are the top threats as determined by the CSA:

 

  • Abuse and Nefarious Use of Cloud Computing— Spammers, malicious code authors and other criminals conduct their activities with relative impunity,  by abusing the relative anonymity behind “easy” registration and usage models. Future areas of concern include:  password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control and CAPTCHA solving farms.

 

  • Insecure Application Programming Interfaces (API)—API’s must be designed to protect against both accidental and malicious attempts to circumvent policy. Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability and accountability.

 

  • Malicious Insiders—The impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact and productivity losses are just some of the ways a malicious insider can affect an operation.

 

  • Shared Technology Vulnerabilities— Disk partitions, CPU caches, GPUs and other shared elements were never designed for strong compartmentalization. As a result, attackers focus on how to impact the operations of other cloud customers, and how to gain unauthorized access to data.

 

  • Data Loss/Leakage— Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications.

 

  • Account, Service and Traffic Hijacking— With stolen credentials, attackers can access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services.

 

  • Unknown Risk Profile— Know who has access to your information. Gain an understanding of internal security procedures.  If serious security issues are left unanswered or are overlooked in the drive for new and better, customers are left with an unknown risk profile that may include serious threats.

 

The security progression

In the next session of this series on cloud security, we will discuss the risks of getting cloud security wrong. Do not fear, while there are risks to cloud computing environments, there are also solutions to these threats. As we continue on with this series on securing the cloud, we will discuss how we are currently protecting our technology, now and in the future.

 

For more information on how you can combine cloud computing with your traditional IT Infrastructure to create an IT model that is best for you see HP Cloud Computing Solutions. To learn more on how you can make more efficient use of your server, storage and software assets see HP Virtual Solutions.

Labels:

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
  • Hello! I am on the HP Enterprise Servers, Storage and Networking team, focused on Interactive Web and Social Media Marketing for (ISS) Industry Standard Servers. I will be sharing relevant ISS and HP news & info as it crosses my path.
  • Greetings! I am in the HP Converged Infrastructure team focused on Server, Storage & Networking group at HP and will be sharing news & info as it crosses my path.
Labels