Limiting Risks Found in the Cloud

Grazed from Bank Security Info. Author: Jeffrey Roman.

Operating in a cloud exposes organizations to a new dimension of insider threat problems, says Alex Nicoll of Carnegie Mellon University’s CERT Insider Threat Center. Cloud computing providers must step up and develop approaches to prevent their employees from stealing or harming customer data they host, says Nicoll, a senior cybersecurity analyst, and Dawn Cappelli, CERT technical manager, in a joint interview with Information Security Media Group.

"We’re hoping that the cloud service providers understand insider threat," Cappelli says. "We have recommendations that we provide for organizations for what they should do to protect themselves against rogue administrators and to protect themselves against theft of intellectual property. Our hope is that cloud service providers understand that as well."…

Cloud service providers, Nicoll says, can implement mechanisms to detect if their employees are attempting to modify a customer’s virtual machines to modify data. "But absent this client service provider [offering] those capabilities, the operating system really can’t tell," which leaves organizations vulnerable, he says…

Read more from the source @ http://www.bankinfosecurity.com/limiting-risks-found-in-cloud-a-5818