The buzz regarding cloud computing is becoming impossible to ignore. Businesses, governments, and organizations around the world are smitten with the possibility of using cloud computing to improve their operating functions while reducing costs. This is evidenced by the proliferation of cloud computing services around the world who are struggling to keep up with demand for this technology.
Unfortunately, cloud computing poses many tangible and perceived threats to information security. The Cloud Computing Alliance, or CSA, has detailed the following threats that may present themselves through the use of cloud computing.
Nefarious Use and Abuse of Cloud Computing
The relative anonymity and the ease at which users can register for IaaS cloud solutions may attract cyber criminals. IaaS solutions have been known hosts of Trojans, botnets, downloads for exploits, and many other security threats. There are numerous ways that cloud computing can be exploited for wrongdoing, and possible future threats may include key cracking, launching dynamic attack points, and the use of CAPTCHA solving farms. Although IaaS is being supplanted by SaaS and PaaS solutions, the inherent risks associated with IaaS raises certain red flags.
Insecure API’s and Insecure Interfaces
Due to the fact that users access and interact with cloud computing services through API’s and software interfaces, these interfaces must have the highest level of encryption, secure authentication, activity monitoring capabilities, and stringent access control measures in place. Cloud computing services can only be secured through complete interface analysis and implementation of these security protocols.
Malicious Insiders
Many cloud computing service providers do not reveal information on their hiring process, how they monitor employees, and the access that they are given. Cloud computing service providers have access to hordes of business data, including important financial data. Thus, transparency regarding their hiring process and the access controls they have in place are paramount in providing secure cloud computing services.
Issues with Shared Technology
Cloud computing service providers have embraced a shared infrastructure. Unfortunately, the individual components that make up the cloud infrastructure were not produced with sharing in mind. Strong compartmentalization and monitoring is necessary to keep business customers from treading on the territory of others. Also, cloud service providers need to constantly scan the infrastructure for vulnerabilities that could possibly jeopardize the data security of a shared environment.
Data Leakage and Loss
Whether an encoding key is lost, data is deleted without a backup, or unauthorized access occurs, the danger of lost or stolen data is always a very real possibility. Obviously, this is a major concern for businesses that are required by law to keep their customer’s data secure and cannot jeopardize their client relationships. Fortunately, there are numerous actions that can be taken to prevent the occurrence of lost or stolen data, such as the use of encryption, data backup, superior disaster recovery measures, and secure data destruction practices.
Account Hijacking
For those that worry about their Outlook account getting hijacked, the thought of a compromised cloud account can be quite troublesome. Cyber attackers can gather and change data, perform transactions, and possibly redirect clients to sites that can harvest their financial data. In today’s day and age, attackers can gain access with solid social engineering or an effective phishing site. Thus, stringent authentication practices, security protocols, and vigilant monitoring must be put in place by cloud computing service providers to prevent account hijacking from occurring.
Cloud computing may provide businesses with many perceived benefits, but the security risks associated with in-the-cloud computing can be quite severe. Businesses that take their security and the security of their clients seriously should forego cloud computing and use dedicated host servers for the safekeeping of their data. The inherent risks associated with cloud computing far outweigh any benefits that the service may provide.