Subscribe by Email

Your email:

Most Popular

Browse By Date

Browse By tag

Security as a Strategy (SaaS)

Current Articles | RSS Feed RSS Feed

Top 7 Threats to Cloud Computing – Part 2

Posted on Thu, May 20, 2010 @ 01:48 PM
  
 
The Cloud Security Alliance released a report on the top security threats to cloud computing. In Part 1 of this blog we reviewed the top 7 threats. In this installment, Part 2, we review the remedial steps you can to take to reduce your risk profile.

Threat #1: Abuse and Nefarious Use of Cloud Computing

Remediation

  • Stricter initial registration and validation processes
  • Enhanced credit card fraud monitoring and coordination
  • Comprehensive introspection of customer network traffic
  • Monitoring public blacklists for one's own network blocks

Threat #2: Insecure Interfaces and APIs

Remediation

  • Analyze the security model of cloud provider interfaces
  • Ensure strong authentication and access controls are implemented in concert with encrypted transmission
  • Understand the dependency chain associated with the API (application program interface)

Threat #3: Malicious Insiders

Remediation

  • Enforce strict supply chain management and conduct a comprehensive supplier assessment
  • Specify human resource requirements as part of legal contracts
  • Require transparency into overall information security and management practices, as well as compliance reporting
  • Determine security breach notification processes

Threat #4: Shared Technology Issues

Remediation

  • Implement security best practices for installation/configuration
  • Monitor environment for unauthorized changes/activity
  • Promote strong authentication and access control for administrative access and operations
  • Enforce service level agreements for patching and vulnerability remediation
  • Conduct vulnerability scanning and configuration audits

Threat #5: Data Loss or Leakage

Remediation

  • Implement strong API access control
  • Encrypt and protect integrity of data in transit
  • Analyze data protection at both design and run time
  • Implement strong key generation, storage and management, and destruction practices
  • Contractually demand providers wipe persistent media before it is released into the pool
  • Contractually specify provider backup and retention strategies

Threat #6: Account or Service Hijacking

Remediation

  • Prohibit the sharing of account credentials between users and services
  • Leverage strong two-factor authentication techniques where possible
  • Employ proactive monitoring to detect unauthorized activity
  • Understand cloud provider security policies and SLAs

Threat #7: Unknown Risk Profile

Remediation

  • Disclosure of applicable logs and data
  • Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.)
  • Monitoring and alerting on necessary information
Tags: , , , , , , , , , , , , , ,

Comments

Thanks for your post. A host of things to consider when migrating towards cloud computing and some great solution strategies contained here. I've been working with a company called TeleSign (http://www.TeleSign.com) who has deployed strong two factor authentication solutions to a variety of business verticals. Feel free to check them out. 
 
Respectfully, 
 
TeleSign Matt
Posted @ Wednesday, September 15, 2010 3:05 PM by TeleSign Matt
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics