The Cloud's - Negative Concerns and Threats to User's Privacy and data
According to the Cloud Security Alliance (CSA), Data Breaches and Cloud Service’s Abuse Rank among the Greatest Cloud Security Threats.
- Data Breaches - a single flaw in one client’s application could allow an attacker to get at not just that client’s data, but every other clients’ data as well.
- Data Loss - A malicious hacker might delete a target’s data out of spite -- but then, you could lose your data to a careless cloud service provider or a disaster, such as a fire, flood, or earthquake. Compounding the challenge, encrypting your data to ward off theft can backfire if you lose your encryption key.
- Account Traffic Hijacking - Cloud computing adds a new threat to this landscape, according to CSA. If an attacker gains access to your credentials, he or she can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites.
- Insecure Interfaces and APIs - IT admins rely on interfaces for cloud provisioning, management, orchestration, and monitoring. APIs are integral to security and availability of general cloud services. From there, organizations and third parties are known to build on these interfaces, injecting add-on services. “This introduces the complexity of the new layered API; it also increases risk.
- Denial of Service - DoS has been an Internet threat for years, but it becomes more problematic in the age of cloud computing when organizations are dependent on the 24/7 availability of one or more services. DoS outages can cost service providers customers and prove pricey to customers who are billed based on compute cycles and disk space consumed.
- Malicious Insiders - Which can be a current or former employee, a contractor, or a business partner who gains access to a network, system, or data for malicious purposes. In an improperly designed cloud scenario, a malicious insider can wreak even greater havoc.
- Insufficient Due Diligence - That is, organizations embrace the cloud without fully understanding the cloud environment and associated risks. For example, entering the cloud can generate contractual issues with providers over liability and transparency.
- Shared Technology Vulnerabilities - Cloud service providers share infrastructure, platforms, and applications to deliver their services in a scalable way. “Whether it’s the underlying components that make up this infrastructure (e.g. CPU caches, GPUs, etc.) that were not designed to offer strong isolation properties for a multi-tenant architecture (IaaS), re-deployable platforms (PaaS), or multi-customer applications (SaaS), the threat of shared vulnerabilities exists in all delivery models,” according to the report..