9 top threats to cloud computing security

Grazed from InfoWorld. Author: Ted Samson.

Cloud computing has grabbed the spotlight at this year’s RSA Conference 2013 in San Francisco, with vendors aplenty hawking products and services that equip IT with controls to bring order to cloud chaos. But the first step is for organization to identify precisely where the greatest cloud-related threats lie. To that end, the CSA (Cloud Security Alliance) has identified "The Notorious Nine," the top nine cloud computing threats for 2013. The report reflects the current consensus among industry experts surveyed by CSA, focusing on threats specifically related to the shared, on-demand nature of cloud computing.

First on the list is data breaches. To illustrate the potential magnitude of this threat, CSA pointed to a research paper from last November describing how a virtual machine could use side-channel timing information to extract private cryptographic keys in use by other VMs on the same server. A malicious hacker wouldn’t necessarily need to go to such lengths to pull off that sort of feat, though. If a multitenant cloud service database isn’t designed properly, a single flaw in one client’s application could allow an attacker to get at not just that client’s data, but every other clients’ data as well…

The challenge in addressing this threats of data loss and data leakage is that "the measures you put in place to mitigate one can exacerbate the other," according to the report. You could encrypt your data to reduce the impact of a breach, but if you lose your encryption key, you’ll lose your data. However, if you opt to keep offline backups of your data to reduce data loss, you increase your exposure to data breaches…

Read more from the source @ http://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security-213428