4. RISK ASSESSMENT IN CLOUD COMPUTING
TOPMOST THREATS IN CLOUD COMPUTING –
DATA BREACHES -
DATA LOSS -
ACCOUNT OR SERVICE TRAFFIC HIJACKING -
INSECURE INTERFACE AND APIS –
DENIAL OF SERVICE –
MALICIOUS INSIDERS -
INSUFFICIENT DUE DILIGENCE -
ABUSE OF CLOUD SERVICES -
SHARED TECHNOLOGY VULNERABILITIES -
5. VIRTUAL MACHINE VULNERABILITIES
DRAWBACKS OF VIRTUAL MACHINE : -
VM ATTACKS - CLOUD SERVER CONTAINS MORE THAN ONE VMS. ONCE VM IS
COMPROMISED, VMS ON THE SAME PHYSICAL SERVER CAN ATTACK EACH
OTHER AS THEY SHARE THE SAME RESOURCES.
MULTITENANCY - BY DESIGN, CLOUD SHARE THE SAME SOFTWARE AND
HARDWARE SOURCE TO RUN THEIR VMS. AS A RESULT, INFORMATION LEAKAGE
AND INCREASE IN THE ATTACK SURFACE CAN OCCUR.
HYPERVISOR ATTACKS - ATTACKER OFTEN CONSIDER HYPERVISOR AS A
POTENTIAL TARGET BECAUSE OF ITS ABILITY TO CONTROL OVER ALL INSTALLED
VMS, THE PHYSICAL SYSTEM AND THE HOSTED APPLICATIONS. EX. HYPER
JACKING, VM ESCAPE.
6. SECURITY STANDARDS RECOMMENDATIONS
SIEM -
Identity Access Management (IAM) –
Data Dispersion –
Data Leakage Prevention (DLP) –
Bit Splitting –
Cloud-watch -
Load Balancer –
Ensure Effective Exit Process –
Disaster Recovery Plan -
7. REFRENCES
Guidelines on Security and Privacy in Public Cloud Computing -
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-
144.pdf
Cloud Security Alliance - https://cloudsecurityalliance.org/group/security-
as-a-service/#_downloads
Cloud standards Customer Council - http://www.cloud-council.org/
Security and Privacy Controls for Federal Information Systems and
Organizations -
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf