Cloud computing promises to provide new and exciting opportunities for organizations to create a lean and robust infrastructure that is cost-effective. Though these benefits are valuable, the security issues must be understood by every organization before it embraces the new technology of cloud computing and allow its wide spread. Without addressing the security compliance issues, the rewards of loud computing cannot be fully realized. Here in this post we list the top threats of clout computing that are quite common in all cloud providers. Keeping these threats in mind, customers must evaluate cloud infrastructure vendors on more than price and top feature sets before deciding to move critical systems and applications.
1. Illicit Cloud Use and Common Platform Attacks
This category of threat includes illegal use of a cloud provider’s infrastructure to launch attacks or conduct illegal activity on the Internet. For instance, the cloud might be used to attack or abuse other users within the same cloud infrastructure by leveraging common address spaces, common networks or hardware to assist in the attack.
2. Insecure Cloud Application Programming
This category of threat includes the relative insecurity of cloud application programming interface (API) frameworks. The insecurity could also be in the operations that might be performed programmatically to manage cloud-based systems. Often the security controls, authentication and authorization mechanisms provided, lack the ability to prevent authentication bypass attacks and API hacks. This weakness may allow unauthorized access to privileged functions or operations.
3. Malicious Insiders
This category of threat is perhaps the most dangerous of all threats to cloud computing. The insider threat can also be the most difficult to prevent. In cloud computing, this threat carries disastrous implications because large segments of a customer’s infrastructure can be at risk while under the control of another party. Many cloud providers lack transparency about hiring practices, screening and background investigation processes. Getting a job at an Internet service provider (ISP) or SaaS provider, with ill intent, might be easier than many believe. Compounding this threat is the inability of cloud providers to monitor access to critical systems once an employee is granted privileged access to the infrastructure.
4. Shared Infrastructure
This category of thread is due to the sharing the cloud provider’s infrastructures across hundreds of customers though the cloud computing was never designed to operate in such a massive multitenant mode. Often, basic protections and customer compartmentalization is lacking in the cloud stack causing vulnerability in cloud infrastructure at all levels of the stack right from hardware, hypervisor, network, operating system to storage and also application layers.
5. Data Theft and Loss
Data is the lifeblood of most organizations. It has a high value and consequently is the target of many attacks. Preventing unauthorized access to cloud-based data is a top priority in cloud security. However, many cloud providers do not adequately protect customer data-at-rest. Data theft is but one type of risk that cloud providers must adequately address in their cloud implementations. Another risk is data loss, which carries equally severe impacts. Storage might be corrupted; drives might fail; and partitions could accidentally be deleted. Also, the cloud provider might lack adequate backup capability.
6. Account Hijacking
Phishing, pharming and email-based attacks designed to direct users to a fraudulent website with the goal of stealing their user names and passwords are a constant threat. Once the users’ credentials are obtained, the attacker can access customer accounts, change data and misdirect customers to other fraudulent sites. A company’s cloud-based infrastructure could actually be used as a staging ground for new attacks — all executed
under the company identity.
Via White Paper : Unisys Secure Cloud Addressing the Top Threats of Cloud Computing