0
Top threats to cloud computing      Pole SCS      July 7th 2011      Sergio Loureiro, CEO and Founder      sergio@secludit...
2
Shared Technology VulnerabilitiesExposed hardware, operating systems, middleware, application stacks andnetwork components...
Data Loss and LeakageData compromise due to improper access controls or weak encryptionPoorly secured data is at greater r...
Malicious InsidersEmployees of the cloud vendor may abuse privileges to access customerdata + Reduced visibility into inte...
Abuse and Nefarious Use of Cloud ComputingAttackers are drawn to the cloud for the same reasons as legitimateconsumers - a...
Insecure APIsAPIs designed to permit access to functionality and data may bevulnerable or improperly utilized, exposing ap...
Account or Service HijackingSteal credentials to eavesdrop or manipulate account information /servicesImpact  • Confidentia...
Unknown Risk ProfileA lack of visibility into security controls could leave cloud consumersexposed to unnecessary riskImpac...
Resourceshttps://cloudsecurityalliance.org/research/projects/top-threats-to-cloud-computing/https://cloudsecurityalliance....
THANK YOUENTERPRISE >  secludit.comPRODUCT > https://elastic-detector.secludit.com/BLOG > elastic-security.comOPENSOURCE >...
Upcoming SlideShare
Loading in...5
×

Seclud it polesc_sjuly7

1,917

Published on

Presentation to partners

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,917
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Seclud it polesc_sjuly7"

  1. 1. Top threats to cloud computing Pole SCS July 7th 2011 Sergio Loureiro, CEO and Founder sergio@secludit.com
  2. 2. 2
  3. 3. Shared Technology VulnerabilitiesExposed hardware, operating systems, middleware, application stacks andnetwork components may posses known vulnerabilitiesImpact • Successful exploitation cloud impact multiple customersExample • Cloudburst - Kostya Kortchinksy • Red and Blue pill - Joanna Rutkowaska 3
  4. 4. Data Loss and LeakageData compromise due to improper access controls or weak encryptionPoorly secured data is at greater risk due to the multi-tenant architectureImpact • Data integrity and confidentialityExample • Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds - UCSD/MIT 4
  5. 5. Malicious InsidersEmployees of the cloud vendor may abuse privileges to access customerdata + Reduced visibility into internal processesImpact • Data confidentiality and integrity • Reputation damage • Legal repercussionsExample • Google investigates insider threat after China Hack 5
  6. 6. Abuse and Nefarious Use of Cloud ComputingAttackers are drawn to the cloud for the same reasons as legitimateconsumers - access to massive processing power at low costImpact • Password cracking, DDoS, malware hosting, spam, CAPTCHA crackingExample • Malware hosting and blacklisting of IPs of Amazon EC2 6
  7. 7. Insecure APIsAPIs designed to permit access to functionality and data may bevulnerable or improperly utilized, exposing applicationsImpact • Data confidentiality and integrity • Denial of serviceExample • P0wning the Programmable Web (Websense - AusCERT 2009) 7
  8. 8. Account or Service HijackingSteal credentials to eavesdrop or manipulate account information /servicesImpact • Confidentiality and integrity of data • Reputation damageExample • Twitter DNS account compromise 8
  9. 9. Unknown Risk ProfileA lack of visibility into security controls could leave cloud consumersexposed to unnecessary riskImpact • Data breaches could occur, without the knowledge of the cloud consumerExample • Heartland Payments Systems was “willing to do only the bare minimum and comply with state laws instead of taking the extra effort to notify every single customer, regardless of law, about whether their data had been stolen” 9
  10. 10. Resourceshttps://cloudsecurityalliance.org/research/projects/top-threats-to-cloud-computing/https://cloudsecurityalliance.org/guidance/http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessmentFrench:http://www.tendances-cloud.com/http://www.meetup.com/CSA-France/ 10
  11. 11. THANK YOUENTERPRISE > secludit.comPRODUCT > https://elastic-detector.secludit.com/BLOG > elastic-security.comOPENSOURCE > cloudyscripts.comTWITTER > @elasticsecurity
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×