Welcome!

SOA & WOA Authors: Roger Strukhoff, Jackie Kahle, Jason Bloomberg, Mark Cravotta, Jason Thompson

Related Topics: Cloud Expo, SOA & WOA, Virtualization, Security, Big Data Journal, SDN Journal

Cloud Expo: Blog Feed Post

Three Surprising Cloud Security Threats

What threats should you be worried about in the cloud?

Threats to cloud infrastructure are widely discussed, but much of the talk is based on assumptions — the cloud must be less secure —  and fears — this is something new, so I don’t quite understand all the implications yet.

OK, we will say it: Security is an issue in the cloud … and in traditional managed hosting, in-house data centers, and desktop endpoints.

What’s important is to understand the specific security issues of each environment.

Alert Logic (Logicworks‘ security partner) recently released the latest “State of Cloud Security” report, which provides and in-depth view on the major issues impacting security in the cloud.

Cloud Lock

What threats should you be worried about in the cloud?

According to Alert Logic’s report, the top three incidents for cloud hosting customers it surveyed were:

  • Web application attacks that exploit vulnerabilities in web-facing applications (for example, SQL injection and cross-site scripting). More than half of all cloud hosting customers surveyed reported having experienced these attacks.
  • Brute force attacks, such as password cracking — these are unsophisticated but effective, and nearly a third of cloud hosting customers say they were targeted.
  • Vulnerability scans used by attackers to probe infrastructure for vulnerabilities they can exploit. Over a quarter of cloud hosting customers said they were scanned during the study period.

It’s worth noting that when looking at enterprise data centers, two of the top three threats were the same (web app and brute force attacks). The big difference is that half of those customers also experienced malware and botnet activity, while only 5% of cloud hosting customers reported that.

The take-home message? Security programs need to be tailored to the threat profile for each environment. While the cloud isn’t inherently unsafe, it is a bit different. As you think about your security investments, think about the workloads you’re deploying and the kinds of attacks they’re likely to experience.

Thoughts on this post? Let us know on Twitter @CloudGathering.

By Jake Gardner

Read the original blog entry...

More Stories By Gathering Clouds

Cloud computing news, information, and insights. Powered by Logicworks.