Tuesday, March 2, 2010

Cloud Security Alliance research defines top threats and best paths to secure cloud computing

Security. It's one of the major issues that keeps cloud computing from working its way deeper and more quickly into the enterprise IT mainstream.

But what are the potential threats around using cloud services? How can companies make sure business processes and data remain secured in the cloud? And how can CIOs accurately assess the risks and benefits of cloud adoption strategies?

Hewlett-Packard (HP) and the Cloud Security Alliance (CSA) answer these and other questions in a new research report entitled, "Top Threats to Cloud Computing Report."

The report, which was highlighted during the Cloud Security Summit at the RSA conference this week, taps the knowledge of information security experts at 29 enterprises, solutions providers and consulting firms that deal with demanding and complex cloud environments. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

Mastering next-gen IT

As Cloud Security Alliance Founder Jim Reavis sees it, cloud services are the next generation of IT that enterprises must master – and it's imperative that companies understand and mitigate security threats that accompany the cloud.

"The objective of this report was to not only identify those threats which are most germane to IT organizations but also help organizations understand how to proactively protect themselves," Reavis said. "This is the first deliverable in our cloud threat research initiative, which will feature regular updates to reflect participation from a greater number of experts and to keep pace with the dynamic nature of new threats."

Cloud computing abuse

T
he Top Threats to Cloud Computing Report shines a light on vulnerabilities that threaten to hinder cloud service offerings from reaching their full potential. HP and the Cloud Security Alliance warn companies to be aware of the abuse and nefarious use of cloud computing. The report specifically points to the Zeus botnet and InfoStealing Trojan horses as a prime examples of malicious software that has compromised sensitive private resources in cloud environments.

Cloud services are the next generation of IT that enterprises must master – and it's imperative that companies understand and mitigate security threats that accompany the cloud.



Beyond malicious software, the report pegs sites that rely on multiple application programming interfaces (APIs) as typically representing the weakest security link. That's because one insecure API can impact a larger set of members using the evolving social Web, which presents data from disparate sources.

Rounding out the list of common cloud threats covered in the report are malicious insiders, shared technology vulnerabilities, data loss and leakage and account/service and traffic hijacking.

I'll be moderating a panel in San Francisco in conjunction with RSA later this week on the very subject of cloud security with Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security; Chris Hoff, Director of Cloud & Virtualization Solutions at Cisco Systems and a Founding Member of the CSA, and Andy Ellis, Chief Security Architect at Akamai Technologies. [Disclosure Akamai is a sponsor of BriefingsDirect podcasts.]

We'll be rebroadcasting the panel "live" with call-in for questions and answer at noon ET on March 31. More details to come.

For now, the RSA-debuted full report is available on the CSA Web site: http://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
BriefingsDirect contributor Jennifer LeClaire provided editorial assistance and research on this post. She can be reached at http://www.linkedin.com/in/jleclaire and http://www.jenniferleclaire.com.
You may also be interested in: