Tech Lover 9

Last month, The Cloud Security Alliance (CSA) published a short security guidance paper with an interesting overview of the top 7 threats to Cloud Computing (version 1.0) – according to their analysis. The paper can be used as a simple guideline for addressing, and perhaps checking off, all the major security concerns associated with implementing cloud computing and its different service modes.
This is important especially as people often lack an overview of all the potential security vulnerabilities associated with cloud computing. As pointed out in the paper, it is seen as a companion to the much more detailed “Security Guidance for Critical Areas in Cloud Computing” from the SCA (version 2.1 issued in Dec. 2009). The paper includes the top 7 following threats that need to be addressed – in accordance with the type of cloud computing adoption, i.e. “IaaS”, “PaaS”, “SaaS”:

#1: Abuse and Nefarious Use of Cloud Computing (IaaS, PaaS) #2: Insecure Interfaces and APIs (IaaS, PaaS, SaaS) #3: Malicious insiders (IaaS, PaaS, SaaS) #4: Shared Technology Issues (IaaS) #5: Data Loss or Leakage (IaaS, PaaS, SaaS) #6: Account or Service Hijacking (IaaS, PaaS, SaaS) #7: Unknown Risk Profile (IaaS, PaaS, SaaS)

The threats are equally important – and should reflect the critical threat concerns in Cloud Computing that organizations experience during their adoption processes. The CSA short paper was influenced by a more detailed European research paper produced by ENISA (European Network and Information Security Agency) called “Cloud Computing: Benefits, Risks and Recommendations for Information Society“, published in Nov. 2009.