Advances, Systems and Applications
From: Security transparency: the next frontier for security research in the cloud
CSA defined tsreats | Description |
---|---|
Threat 1: Abuse and nefarious use of cloud computing | Malicious code authors, spammers and other criminals can abuse the relative anonymity behind some of current cloud services. |
Threat 2: Insecure interfaces and APIs | A set of software interfaces are utilized by the CSPs for CSC interaction of the services. The security and availabilty of cloud services depends upon the security of the basic interfaces, such as Application Programming Interfaces (APIs). |
Threat 3: Malicious insiders | The threat of malicious insider is amplified for cloud services due to the convergence of Information Technology (IT) services and customers under a single management domain. |
Threat 4: Shared technology issues | CSPs deliver services in a scalable way. Some underlying component parts of the cloud infrastructure were not originally designed for that environment, and can potentially cause security problems. The main concern is that a single vulnerability or misconfiguration can lead to a compromise across an entire provider’s cloud |
Threat 5:Data loss or leakage | The threat of data compromise increases in the cloud, due to the number of interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment. |
Threat 6: Account or service hijacking | Phishing, fraud and exploitation of software vulnerabilities can be used for account or even service hijacking. |
Threat 7: Unknown Security Profile | The reduction of cost of ownership induced by the cloud also resulted in more complex analysis of a company’s security posture. More tenants imply increased complexity in detecting who is using the infrastructure and how this is done. |