|By Unitiv Blog||
|December 19, 2012 10:00 AM EST||
It isn’t so much that cloud computing solutions are more vulnerable than traditional solutions; rather, cloud vulnerabilities take a much different form (and can occur on a much wider scale) than traditional security vulnerabilities.
Up to this point, most of the major issues with cloud providers have had more to do with outages rather than data breaches. That doesn’t mean there are no risks in the cloud, but that the form of cloud attacks may be different than traditional attacks.
The cloud is not always the target
Keep in mind that, in terms of the very public cloud security breaches such as we saw in 2011 with Sony, the cloud itself isn’t necessarily the target. In some cases, it’s actually part of a hacker’s toolset.
Hackers in that instance used stolen credit card numbers to rent Amazon cloud servers to use as an attack on Sony. The same resources that the cloud offers to legitimate organizations can also be purchased by cyber-criminals.
What makes the cloud so vulnerable
Part of the reason that cloud computing solutions are as robust as they are from the security perspective is that cloud providers are highly motivated to create secure environments. Networks aren’t isolated anymore. Once the Internet took hold, company networks became connected with public infrastructure, and cloud providers were there to make it happen.
The biggest weaknesses of the cloud, however, are basic issues that are often easily resolved. Weak authentication protocols, an open management port, or the need to manage cloud resources remotely are all reasons why the cloud can become vulnerable. Hackers are recognizing all of these open ports, and starting to use them.
How these vulnerabilities affect your organization
While most surveyed companies say they believe cloud providers can provide a truly secure environment, nearly two thirds of those companies said that they wouldn’t put corporate finance information in the cloud. Most keep credit cards out of the cloud. The same is true of HR info and other confidential resources.
Ultimately, cloud security is improving as time goes on. When your organization is looking at a cloud solution, ask the tough questions about security. If possible, get the provider to build security measures into the SLA, too.
- "All It Took Was One E-Mail to Larry," Says Former eBay Research Director As He Moves to Google
- Google Ramps Up Its Mobile Reach: Launches "Mobile Web Search"
- VoIP Update: Yahoo! Buys DialPad
- Ericsson + Napster = World's First "Wireless Digital Music" Brand
- Free Guest Passes for the SOA World Conference & Expo in NYC
- SYS-CON i-Technology Podcast August 30, 2005
- A Flair for Food - Health-Conscious Cooking Is This Chef's Cup Of Tea
- Sony PSP May Feature Porn
- Kapow Helps Seiko UK, Provides SMS Text-Alert Services
- South Korea is World's Largest Phisher
- Will the Mac OS Now Be Offered by Dell?
- UK Targeted for Trojan Attacks
- MAX 2006: Tracks Announced
- BT's "Fixed-Mobile" Phone Gives Callers the Best of Both Worlds
- MetaSolv to Host Provisioning Symposium in London