Seclud it polesc_sjuly7

  • 1,877 views
Uploaded on

Presentation to partners

Presentation to partners

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,877
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
11
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Top threats to cloud computing Pole SCS July 7th 2011 Sergio Loureiro, CEO and Founder sergio@secludit.com
  • 2. 2
  • 3. Shared Technology VulnerabilitiesExposed hardware, operating systems, middleware, application stacks andnetwork components may posses known vulnerabilitiesImpact • Successful exploitation cloud impact multiple customersExample • Cloudburst - Kostya Kortchinksy • Red and Blue pill - Joanna Rutkowaska 3
  • 4. Data Loss and LeakageData compromise due to improper access controls or weak encryptionPoorly secured data is at greater risk due to the multi-tenant architectureImpact • Data integrity and confidentialityExample • Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds - UCSD/MIT 4
  • 5. Malicious InsidersEmployees of the cloud vendor may abuse privileges to access customerdata + Reduced visibility into internal processesImpact • Data confidentiality and integrity • Reputation damage • Legal repercussionsExample • Google investigates insider threat after China Hack 5
  • 6. Abuse and Nefarious Use of Cloud ComputingAttackers are drawn to the cloud for the same reasons as legitimateconsumers - access to massive processing power at low costImpact • Password cracking, DDoS, malware hosting, spam, CAPTCHA crackingExample • Malware hosting and blacklisting of IPs of Amazon EC2 6
  • 7. Insecure APIsAPIs designed to permit access to functionality and data may bevulnerable or improperly utilized, exposing applicationsImpact • Data confidentiality and integrity • Denial of serviceExample • P0wning the Programmable Web (Websense - AusCERT 2009) 7
  • 8. Account or Service HijackingSteal credentials to eavesdrop or manipulate account information /servicesImpact • Confidentiality and integrity of data • Reputation damageExample • Twitter DNS account compromise 8
  • 9. Unknown Risk ProfileA lack of visibility into security controls could leave cloud consumersexposed to unnecessary riskImpact • Data breaches could occur, without the knowledge of the cloud consumerExample • Heartland Payments Systems was “willing to do only the bare minimum and comply with state laws instead of taking the extra effort to notify every single customer, regardless of law, about whether their data had been stolen” 9
  • 10. Resourceshttps://cloudsecurityalliance.org/research/projects/top-threats-to-cloud-computing/https://cloudsecurityalliance.org/guidance/http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessmentFrench:http://www.tendances-cloud.com/http://www.meetup.com/CSA-France/ 10
  • 11. THANK YOUENTERPRISE > secludit.comPRODUCT > https://elastic-detector.secludit.com/BLOG > elastic-security.comOPENSOURCE > cloudyscripts.comTWITTER > @elasticsecurity