Skip to main content

Advances, Systems and Applications

Table 2 Overview of cloud related threats as defined by the Cloud Security Alliance [16, 24]

From: Security transparency: the next frontier for security research in the cloud

CSA defined tsreats

Description

Threat 1: Abuse and nefarious use of cloud computing

Malicious code authors, spammers and other criminals can abuse the relative anonymity behind some of current cloud services.

Threat 2: Insecure interfaces and APIs

A set of software interfaces are utilized by the CSPs for CSC interaction of the services. The security and availabilty of cloud services depends upon the security of the basic interfaces, such as Application Programming Interfaces (APIs).

Threat 3: Malicious insiders

The threat of malicious insider is amplified for cloud services due to the convergence of Information Technology (IT) services and customers under a single management domain.

Threat 4: Shared technology issues

CSPs deliver services in a scalable way. Some underlying component parts of the cloud infrastructure were not originally designed for that environment, and can potentially cause security problems. The main concern is that a single vulnerability or misconfiguration can lead to a compromise across an entire provider’s cloud

Threat 5:Data loss or leakage

The threat of data compromise increases in the cloud, due to the number of interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment.

Threat 6: Account or service hijacking

Phishing, fraud and exploitation of software vulnerabilities can be used for account or even service hijacking.

Threat 7: Unknown Security Profile

The reduction of cost of ownership induced by the cloud also resulted in more complex analysis of a company’s security posture. More tenants imply increased complexity in detecting who is using the infrastructure and how this is done.