Your SlideShare is downloading. ×
0
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Seclud it polesc_sjuly7
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Seclud it polesc_sjuly7

1,901

Published on

Presentation to partners

Presentation to partners

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,901
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Top threats to cloud computing Pole SCS July 7th 2011 Sergio Loureiro, CEO and Founder sergio@secludit.com
  • 2. 2
  • 3. Shared Technology VulnerabilitiesExposed hardware, operating systems, middleware, application stacks andnetwork components may posses known vulnerabilitiesImpact • Successful exploitation cloud impact multiple customersExample • Cloudburst - Kostya Kortchinksy • Red and Blue pill - Joanna Rutkowaska 3
  • 4. Data Loss and LeakageData compromise due to improper access controls or weak encryptionPoorly secured data is at greater risk due to the multi-tenant architectureImpact • Data integrity and confidentialityExample • Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds - UCSD/MIT 4
  • 5. Malicious InsidersEmployees of the cloud vendor may abuse privileges to access customerdata + Reduced visibility into internal processesImpact • Data confidentiality and integrity • Reputation damage • Legal repercussionsExample • Google investigates insider threat after China Hack 5
  • 6. Abuse and Nefarious Use of Cloud ComputingAttackers are drawn to the cloud for the same reasons as legitimateconsumers - access to massive processing power at low costImpact • Password cracking, DDoS, malware hosting, spam, CAPTCHA crackingExample • Malware hosting and blacklisting of IPs of Amazon EC2 6
  • 7. Insecure APIsAPIs designed to permit access to functionality and data may bevulnerable or improperly utilized, exposing applicationsImpact • Data confidentiality and integrity • Denial of serviceExample • P0wning the Programmable Web (Websense - AusCERT 2009) 7
  • 8. Account or Service HijackingSteal credentials to eavesdrop or manipulate account information /servicesImpact • Confidentiality and integrity of data • Reputation damageExample • Twitter DNS account compromise 8
  • 9. Unknown Risk ProfileA lack of visibility into security controls could leave cloud consumersexposed to unnecessary riskImpact • Data breaches could occur, without the knowledge of the cloud consumerExample • Heartland Payments Systems was “willing to do only the bare minimum and comply with state laws instead of taking the extra effort to notify every single customer, regardless of law, about whether their data had been stolen” 9
  • 10. Resourceshttps://cloudsecurityalliance.org/research/projects/top-threats-to-cloud-computing/https://cloudsecurityalliance.org/guidance/http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessmentFrench:http://www.tendances-cloud.com/http://www.meetup.com/CSA-France/ 10
  • 11. THANK YOUENTERPRISE > secludit.comPRODUCT > https://elastic-detector.secludit.com/BLOG > elastic-security.comOPENSOURCE > cloudyscripts.comTWITTER > @elasticsecurity

×