RSS Alerts

Share

More services

Related Links

Related Stories

  • A Clear Future for a Cloudy Concept
    Cloud computing – it’s an industry buzz word that is all the rage. The concept is hardly new, and many companies and organizations embraced cloud computing services long ago. However, as budgets remain strained, the push toward more economical cloud services remains ever-present. Stephen Pritchard asks the questions every enterprise needs to know about security when transitioning to the cloud
  • CSA launches security certification for cloud computing
    The Cloud Security Alliance (CSA) has unveiled the industry's first user certification program for secure cloud computing.
  • Security doubts are holding back mass cloud adoption
    Research from a supplier of cloud-based email security systems claims to show that, while a majority (51%) of US and UK IT departments are using cloud technology, there are still doubts about the technology and its security.
  • US federal agencies still not convinced about cloud security
    Most US federal agencies are concerned about potential information security risks associated with cloud computing, according to a government report.
  • Federal CIO asks NIST to aid government’s transition toward cloud computing
    Federal chief information officer Vivek Kundra called upon NIST to help the federal government move toward increased adoption of cloud computing and has appointed the agency to develop standards and guidelines that promote secure implementation of cloud technologies.

Top 5 Stories

News

Hackers see opportunities in the cloud

25 August 2010

A survey conducted among IT professionals and hackers at last month’s DEF CON reveals concerns over cloud vendor security, and an opportunity for hackers.

The survey, conducted by Fortify Software at last month’s DEF CON show in Las Vegas, polled 100 high-level IT professionals and hackers and found that 96% said the transition to cloud services and storage would provide for more hacking opportunities.

This idea, that cloud vendors are not implementing enough security measures for their services, appears to be what is driving this opinion among hackers, said Barmak Meftah, chief products officer with Fortify.

"Eighty-nine percent of respondents said they believed this was the case and, when you analyze this overwhelming response in the light of the fact that 45 percent of hackers said they had already tried to exploit vulnerabilities in the cloud, you begin to see the scale of the problem," he revealed.

"While ‘only’ 12 percent said they hacked cloud systems for financial gain, that still means a sizeable headache for any IT manager planning to migrate their IT resources into the cloud," Meftah added.

Meftah said one can only appreciate the scale of the cloud security problem when realizing that, according to market analysis, nearly 20% of businesses will have transitioned IT resources to the cloud by 2014. He explained that many of these organizations would no longer own substantive IT assets, and would instead rely on cloud models – the same cloud products that 45% of the surveyed DEF CON attendees admitted to already having tried to hack.

Delving further into the survey results, 21% of respondents view software-as-a-service (SaaS) cloud systems as most vulnerable, with 33% admitting to having discovered public DNS vulnerabilities, followed by log files (16%), and communication profiles (12%).

Fortify’s Meftah reminds us: “We are talking about hackers having discovered these types of vulnerabilities in the cloud, rather than merely making an observation.”

This article is featured in:
Cloud Computing

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012