With 24x7 availability and accessible by
almost any device with a browser, cloud
computing allows organizations to scale their IT
infrastructure and software applications as
needed. However, like any technology, cloud
computing has its risks.
- Changes the business model. Cloud
computing changes the way IT services are
delivered. No longer delivered from an
on-site location, servers, storage, and
applications are provided by external
service providers. Organizations need to
evaluate the risks associated with the loss
of control of the infrastructure.
- Abuse. Initial registration with a cloud
computing service is a pretty simple
process. In many cases, the service provider
even offers a free trial period.
Organizations should consider their risks
due to anonymous signup, lack of validation,
service fraud, and ad-hoc services.
- Insecure interfaces. Application
programming interfaces (API) are used to
establish, manage, and monitor services.
These interfaces may be subject to security
vulnerabilities that put your users at risk.
- Malicious insiders. One of the benefits
of cloud computing is that your organization
doesn't need to know the technical details
of how the services are delivered. The
provider's procedures, physical access to
systems, monitoring of employees, and
compliance related issues are transparent to
the customer. Without full knowledge and
control, your organization may be at risk.
- Shared technology. Cloud computing
allows multiple organizations to share and
store data on the servers. However, the
original server hardware and operating
systems were most likely designed for use by
a single tenant (one organization).
Organizations should ensure the appropriate
controls are in place to keep your data
secure.
- Data loss and leakage. With shared
infrastructure resources, organizations
should be concerned about the service
provider's authentication systems that grant
access to data. Organizations should also
ask about encryption, data disposal
procedures, and business continuity.
- Account hijacking. Organizations should
be aware that account hijacking can occur.
Simple Internet registration systems,
phishing and fraud schemes can allow a
hacker to take over control of your account.
- Risk profile. For many service
providers, the focus is on functionality and
benefits, not security. Without appropriate
software updates, intrusion prevention, and
firewalls, your organization may be at risk.
- Users. When using cloud services, your
users' activities such as clicking links in
e-mail messages, Instant Messaging, visiting
fake web sites, etc. can download malware to
a local workstation. Once installed, the
malware can launch attacks against your
internal network.
- Browsers. Several years ago, hackers
used to attack software operating systems.
More recently, hackers have shifted their
attacks to target user browsers. By
exploiting browser vulnerabilities, hackers
have access to the same applications and
data that your users access.
Internet cloud computing services provide
both business and technical benefits.
Risk
assessments help organizations identify, manage,
and reduce their cloud computing risks so that
they may achieve the greatest benefits at the
lowest level of risk. Formal and documented
policies ensure
a top down approach to managing service provider
risks.
Security Blog menu
Tags: cloud computing | cloud computing
security | cloud computing threats | cloud
policies | cloud service provider risks
|