Cloud Computing's 7 Deadliest Security Risks - Security - News & Reviews - eWeek.com | eWeek

Cloud Computings 7 Deadliest Security Risks

Cloud Computings 7 Deadliest Security Risks
Écrit par
Brian Prince
Brian Prince
Mar 8, 2010
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus


Cloud Computings 7 Deadliest Security Risks

1

by Brian Prince


Abuse and Nefarious Use of the Cloud

2

IAAS (infrastructure-as-a-service) providers are open to abuse with lenient registration processes, “where anyone with a valid credit card can register and immediately begin using cloud services,” said the CSA. By abusing the anonymity of the registrations, cyber-criminals can host exploits and malware. Cloud providers need a strict initial registration and validation process, and should monitor public blacklists and customer network traffic.


Insecure APIs

3

The security and availability of general cloud services depend on the security of the APIs customers use to manage and interact with those services. These interfaces must be designed to protect against accidental and malicious attempts to circumvent policy, which means ensuring strong authentication, encryption and access controls are in place.


Advertisement

Malicious Insiders

4

The risk of a malicious insider is heightened when there’s a lack of transparency into the cloud provider’s processes and procedures. Enterprises should require transparency into the provider’s information security and management practices, enforce strict supply chain management and closely assess the supplier. Also, specify job requirements as part of legal contracts to govern the hiring process of those who are handling your data.


Shared Technology Issues

5

Often the underlying components used by IAAS vendors in their infrastructure were not designed to offer strong isolation capabilities in a multitenant architecture. Providers use virtualization to bridge this gap, but due to the possibility of vulnerabilities, businesses should monitor the environment for unauthorized changes or activity, and promote patch management and strong authentication.


Data Loss or Leakage

6

Lowering the risk of data leaks means implementing a strong API access control as well as encrypting data in transit. The CSA also recommends implementing strong key generation, storage, management and destruction practices.


Account or Service Hijacking

7

If an attacker gets hold of your credentials, they can cause all sorts of trouble, from eavesdropping on your activities and transactions and manipulating data to returning falsified information and redirecting your clients to illegitimate sites. Businesses should block the sharing of account credentials between users and services, and use strong two-factor authentication techniques when possible.


Advertisement

Unknown Risk Profile

8

Know your security profile, from versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design. Find out who is sharing your infrastructure, and get information on such aspects as network intrusion logs and redirection attempts. “Security by obscurity may be low effort, but it can result in unknown exposures,” the CSA says.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.