Security Risks for Cloud Are Like Those for Non-Cloud Deployments

A new report from Alert Logic sheds light on the current state of cloud security threats.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

cloud security

Though the cloud offers a different deployment and consumption model for computing services, many of the same security risks present in non-cloud IT deployments are still in play. That's the general conclusion of the Spring 2014 State of Cloud Security Report from cloud security-as-a-service vendor Alert Logic.

"With the growing adoption of the cloud, we would, of course, anticipate an increase in attacks," Alert Logic's Chief Security Evangelist Stephen Coty told eWEEK. "The data got interesting when we started analyzing what types of attacks are taking place."

For example, the report found that brute-force attacks have increased by 50 percent on a year-over-year basis. Brute-force attacks, which are attempts by hackers to gain access by repeatedly trying different usernames and passwords, now affect 44 percent of its customers, according to Alert Logic.

Malware and botnet activity in the cloud has increased by 100 percent, but it currently affects only 11 percent of Alert Logic's customers, Coty said, but added that the increase in on-premise attack vectors moving to the cloud has occurred more rapidly than Alert Logic first thought.

The study also showed that 44 percent of Alert Logic's 2,200 customers had their cloud hosting instances subjected to a vulnerability scan from an unauthorized third party. Vulnerability scanning is a common enumeration tactic for attackers to identify potential targets. Vulnerability scanning is also a common tactic used by legitimate security professionals looking to improve security.

Alert Logic whitelists legitimate scanning activities and they are not counted in the 44 percent of customers that were impacted by vulnerability scanning, Coty said.

In addition to tracking security trends that affected its own customer base, Alert Logic also operated a honeypot to see what attacks might come in. A honeypot is a technique that involves the use of a seemingly vulnerable piece of technology that is left open to attract attacks.

Coty noted that 14 percent of malware delivered to Alert Logic's honeypot network was not detectable by traditional antivirus vendors. "This does not mean that it's a new and emerging piece of malware," Coty said. "It just means that there is not signature content for that piece of malware."

Alert Logic deployed honeypots around the world and experienced more malware attack volume in Europe than anywhere else.

"We feel that the malware number speaks to the large population of coders and [the] prices offered for code in the underground market in Europe," Coty said. "It makes for a free testing bed for code, against local addresses that require quick access."

Overall, understanding the shared security model is one of the biggest hurdles with securing cloud environments, Coty said. Security should not be a reason for organizations to be hesitant about moving to the cloud, he added.

"The [cloud] providers have a responsibility to maintain and patch the foundational services, networks and hosts that they manage," Coty said. "You, as the customer, are responsible for patching the app layer and certain functions of the host and network."

If consumers remember that the cloud is a shared responsibility, they will have a secure space in the cloud, he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.