Cloud Computing's 7 Deadliest Security Risks - Security - News & Reviews - eWeek.com | eWeek

Cloud Computings 7 Deadliest Security Risks

Cloud Computings 7 Deadliest Security Risks
Verfasst von
Brian Prince
Brian Prince
Mar 8, 2010
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren


Cloud Computings 7 Deadliest Security Risks

1

by Brian Prince


Abuse and Nefarious Use of the Cloud

2

IAAS (infrastructure-as-a-service) providers are open to abuse with lenient registration processes, “where anyone with a valid credit card can register and immediately begin using cloud services,” said the CSA. By abusing the anonymity of the registrations, cyber-criminals can host exploits and malware. Cloud providers need a strict initial registration and validation process, and should monitor public blacklists and customer network traffic.


Insecure APIs

3

The security and availability of general cloud services depend on the security of the APIs customers use to manage and interact with those services. These interfaces must be designed to protect against accidental and malicious attempts to circumvent policy, which means ensuring strong authentication, encryption and access controls are in place.


Advertisement

Malicious Insiders

4

The risk of a malicious insider is heightened when there’s a lack of transparency into the cloud provider’s processes and procedures. Enterprises should require transparency into the provider’s information security and management practices, enforce strict supply chain management and closely assess the supplier. Also, specify job requirements as part of legal contracts to govern the hiring process of those who are handling your data.


Shared Technology Issues

5

Often the underlying components used by IAAS vendors in their infrastructure were not designed to offer strong isolation capabilities in a multitenant architecture. Providers use virtualization to bridge this gap, but due to the possibility of vulnerabilities, businesses should monitor the environment for unauthorized changes or activity, and promote patch management and strong authentication.


Data Loss or Leakage

6

Lowering the risk of data leaks means implementing a strong API access control as well as encrypting data in transit. The CSA also recommends implementing strong key generation, storage, management and destruction practices.


Account or Service Hijacking

7

If an attacker gets hold of your credentials, they can cause all sorts of trouble, from eavesdropping on your activities and transactions and manipulating data to returning falsified information and redirecting your clients to illegitimate sites. Businesses should block the sharing of account credentials between users and services, and use strong two-factor authentication techniques when possible.


Advertisement

Unknown Risk Profile

8

Know your security profile, from versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design. Find out who is sharing your infrastructure, and get information on such aspects as network intrusion logs and redirection attempts. “Security by obscurity may be low effort, but it can result in unknown exposures,” the CSA says.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.