(WEB HOST INDUSTRY REVIEW) — As cloud service offerings struggle to reach their full potential, exploits such as the Zeus botnet, data stealing trojan horses, and malicious software have proven to persist in compromising sensitive private resources in cloud environments, according to a new report from the Cloud Security Alliance (www.cloudsecurityalliance.org) and Hewlett-Packard (www.hp.com).
According to the report, “Top Cloud Security Threats Report,” released Monday, companies must be aware of abuse and nefarious use of cloud computing, however, not all of the threats in this category are rooted in malicious intent.
“In order to mitigate the business risk associated with the cloud, companies must invest the time and resources to properly secure their data center assets,” said CSA committee member Archie Reed, who is also chief technologist of HP Secure Advantage cloud security. “HP’s comprehensive security portfolio includes hardware, software and dedicated consulting services that are designed to help organizations reduce data breach within this space.”
Commissioned by HP, the research was designed to help companies understand current and future threats, and to provide remediation strategies to ensure that business processes as well as data remain secured in the cloud. The report is the result of a broad examination of information security experts across 29 enterprises, solution providers, and consulting firms exposed to some of the world’s most demanding and complex cloud environments.
Researchers found that as the social web evolves, more sites are relying on application programming interfaces, which enable interaction between software programs, however sites that rely on multiple APIs often suffer from the “weakest link security,” where one insecure API can adversely affect a larger set of participants. Together, these threats comprise a combination of existing vulnerabilities that are magnified in severity in cloud environments as well as new, cloud-specific techniques that put data and systems at risk. Additional threats outlined in the research include malicious insiders, shared technology vulnerabilities, data loss/leakage, and account/service and traffic hijacking.
Cloud Security Alliance founder Jim Reavis stated, “We have a shared responsibility to understand the security threats that accompany the cloud and apply the necessary best practices to mitigate them. The objective of this report was to not only identify those threats which are most germane to IT organizations but also help organizations understand how to proactively protect themselves. This is the first deliverable in our cloud threat research initiative, which will feature regular updates to reflect participation from a greater number of experts and to keep pace with the dynamic nature of new threats.”
Key findings from the report will be presented Monday at the Cloud Security Summit at the RSA conference (www.rsaconference.com) held in San Francisco from March 1 to 5.
No related posts.
