Cybercriminals and the mayhem they can cause have become the leading concern of security experts in cloud computing. That's the takeaway from the Cloud Security Alliance's latest poll on the top nine threats the industry faces.
Changes In Security Priorities
The nonprofit's latest survey found a reshuffling of security priorities pointing to the growing danger posed by cyberattacks aimed at stealing corporate data. Data breaches and account hijackings that were in the middle of CSA's 2010 list of top threats rose to the number one and three spots, respectively, this year. At the same time, denial of service attacks made their debut as the fifth most worrisome threat.
The CSA report is meant to give cloud service providers and their customers a snapshot of what experts see as the greatest dangers to storing data and conducting business with customers in the cloud. Fueling fears is a steady stream of break-ins at service providers and Web sites owned by businesses, government and educational institutions.
So far this year, 28 breaches attributed to hackers have been made public, resulting in the loss of 117,000 data records, according to the Privacy Rights Clearinghouse. Service providers hacked included Zendesk and Twitter. In 2012 there were 230 publicly disclosed breaches for a loss 9 million records. Service providers that suffered breaches included Yahoo, eHarmony and LinkedIn.
Experts agree that no organization doing business on the Internet is immune from a break-in, particularly as the quality of software tools available to hackers through the underground development community continues to grow in sophistication.
"All the vulnerabilities and security issues that on-premise, non-virtualized and non-cloud deployments have still remain in the cloud," Lawrence Pingree, analyst for Gartner, said. "All that cloud and virtualization does is enhance the potential risks by introducing virtualization software and potentially mass data breach issues, if an entire cloud provider’s infrastructure is breached."
Hackers Not The Only Threat
Surprisingly, the second greatest threat in CSA's latest list is data loss not from cybercriminals, but from cloud service providers themselves. Accidental deletion happens more often than a lot of people may think.
In a survey released in January of 3,200 organizations, Symantec found that more than four in 10 had lost data in the cloud and have had to recover it through backups. "It's really kind of astounding," Dave Elliott, a cloud-marketing manager at the storage and security company, told Investor's Business Daily.
Whether from hackers or a service provider SNAFU, the loss of data is damaging to the reputation of all parties involved – customer and service provider -- no matter who is to blame, Luciano "J.R." Santos, global research director for the CSA, said. The potential financial impact from losing customer trust is why data loss is so high on the threats list.
"It's your reputation," Santos said. "A lot of folks are saying these are the things that if it happened to me or if it happened to me as a provider, they would have the most impact to the business."
The fourth top threat according to the CSA marks an improvement in internal security. In 2010, insecure application programming interfaces was the second greatest threat listed by experts.
APIs are what customers use to connect on premise applications with cloud services, as well as to manage the latter. While the technology is improving, the fact that it remains on the list indicates that cloud service providers still have a ways to go in locking down their APIs.
The Bottom Four
The remaining top threats, starting in order with number six, are malicious insiders, abuse of cloud services, insufficient planning on how to use cloud services and the vulnerabilities that may exist as a result of the way a cloud provider architects its infrastructure, so it can be shared among many customers.
Abuse of cloud services refers to hackers who rent time on the servers of cloud computing providers to perform a variety of nefarious acts, such as launching denial of service attacks and distributing spam. This along with the other bottom four threats was higher in 2010.
Overall, I see this year's list as a mixed bag for cloud security. While some areas show improvement, data protection needs to get a lot better. Gartner predicts public cloud services will reach $206.6 billion in 2016 from $91.4 billion in 2011. That much growth won't happen unless businesses are comfortable with data security.
The Notorious Nine: Cloud Computing Top Threats in 2013
- Data Breaches
- Data Loss
- Account Hijacking
- Insecure APIs
- Denial of Service
- Malicious Insiders
- Abuse of Cloud Services
- Insufficient Due Diligence
- Shared Technology Issues
Image courtesy of Shutterstock