Seven deadly sins of cloud security

By IDG News service staff | IDG News Service
Published 16:36, 12 July 10

Seven deadly sins you ought to be aware of before putting applications in the cloud

Restart

Hewlett-Packard and the Cloud Security Alliance list seven deadly sins you ought to be aware of before putting applications in the cloud. Have you or your provider committed these sins?

Data Loss/Leakage

There isn't currently an acceptable level of security controls surrounding data in the cloud. Some applications could be leaking data as a result of weak API access control and key generation, storage and management. And, data destruction policies may also be absent.

Shared Technology Vulnerabilities

In the cloud, a single misconfiguration can be duplicated across an environment where many virtual servers share the same configuration. Enforce service level agreements (SLAs) for patch management and best practices for network and server configuration.

Malicious Insiders

The level of background checks that cloud providers perform on staff may differ compared to how enterprises would prefer to control data centre access. Many providers may do a good job but it's largely uneven. Perform a supplier assessment and outline a level of employee screening.

Account, Service and Traffic Hijacking

A lot of data, applications and resources are concentrated in the cloud where, with weak authentication, an intruder can access a single user account and ultimately get at that customer's virtual machines. Proactive monitoring of threats and two-factor authentication is advised.

Insecure Application Programming Interfaces

It's important to perceive the cloud as a new platform and not merely as outsourcing when it comes to developing applications. There ought to be a vetting process surrounding application lifecycles, where the developer understands and applies certain guidelines regarding authentication, access controls and encryption.

Abuse and Nefarious Use of Cloud Computing

The bad guys are probably more progressive than the good guys in how they use technology. Hackers are seen very quickly applying new threats combined with the ability to easily scale up and down in the cloud. All it takes is a single credit card to open up the floodgates.

Unknown Risk Profile

Transparency issues continue to persist concerning cloud providers. Account users only interact with the front-end interface and really don't know what goes on in the back-end. Who knows which platforms or patch levels the provider is employing?

Hewlett-Packard and the Cloud Security Alliance list seven deadly sins you ought to be aware of before putting applications in the cloud. Have you or your provider committed these sins?

IT professionals' common LinkedIn mistakes

Best tools for social media analytics

Fifteen high impact Apache projects

RSA 2013: Six security startups

BlackBerry 10 - New mobile OS and smartphones in pictures

Mageia - A rising Linux star

Microsoft Excel and Word 2013 best add-ons

13 markets you might not associate with Cisco

Raspberry Pi hacks - Linux laptops and supercomputers

Apple's 15 boldest computer designs, 1976-2012

Internet Explorer 10 - Essential add-ons

Chrome extensions for power users

10 best open source projects of 2012

15 free security tools you should try

10 technologies that disappointed in 2012

12 useful websites for IT security

Apple vs. the world - Apple’s definitive legal battles

10 cloud predictions for 2013

14 of the most useful Linux websites

HP acquisitions - The good, the bad and the ugly

News

Nokia files cases against HTC One in the US

Nokia alleges that HTC phones infringe three of its patents in a new lawsuit read more »

Google, Facebook launch bidding war for Waze

Google may want crowd-sourced app or may just want to mess with Facebook, delaying its plans and boosting reported $1 billion price tag read more »

Google ready to start shipping Glass to #ifihadglass Explorers

The wait is almost over for the 8,000 early-bird users who signed up this spring read more »

Vanishing into thin [MacBook] Air: Shortages signal WWDC refresh

Lowest-priced 11.6-in. ultra-light out of stock at Amazon; new models powered by Intel's Haswell processors expected in two weeks read more »

Reshuffle sees SuccessFactor’s Lars Dalgaard step down from SAP board

Ariba’s CEO, Bob Calderoni, will head up the company’s cloud go-to-market read more »

Ethernet founders bemoan lack of investment in innovation

When Ethernet was invented at Xerox-owned PARC the location enjoyed government investment and good tax breaks read more »

BBC technology chief suspended over £100m failed digital project

The director general of the BBC said an independent review has been set up read more »

Republicans package H-1B plan in attractive website

New bill on immigration ready as House takes it term read more »

more news ..

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Nokia files cases against HTC One in the US

IT Business >>

Google ready to start shipping Glass to #ifihadglass Explorers

Infrastructure >>

U.S. urged to let companies 'hack-back' at IP cyber thieves

Security >>

Windows 8 users snub 'Modern' apps, stick to desktop

Applications >>

Cloudian connects with Citrix for easier cloud rollouts

Cloud Computing >>

Google to boost speed, cut data use on mobile devices

Operating Systems >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register