Seite 72 - Cloud Migration Version 2012 english

72 
3.2.2
The  Risks of Cloud computing 
Concerns about security and data protection are mainly what have been 
delaying the widespread use of Cloud computing services.
25
In particular, 
these include concerns about data confidentiality and integrity as well as 
compliance and data protection. Fear of a loss of control or a lack of 
accessibility another factor that has been hindering the adoption of Cloud 
solutions by enterprises and governments. The Cloud Security Alliance 
(
CSA)
26
has defined seven top threats to Cloud computing:  
Compromised data  
Given the special security challenges in the Cloud, the danger of 
compromised data (e.g. unauthorised deletion or alteration, loss of security 
keys) constitutes a serious danger. The loss of data can have a ravaging 
effect on an enterprise. In particular, the loss of intellectual property, brand 
damage and the loss of trust among business partners and customers can 
have serious consequences for an enterprise's financial and competitive 
position. Nor can non‐compliance or violation of the law be ruled out in the 
event of illegitimate or undetected data manipulation. 
Shared technology issues  
The virtualisation of multiple systems on shared hardware harbours some 
noteworthy risks. Disk partitions, CPU caches, GPUs and other elements 
were never designed for the shared use of multiple compartmentalised 
virtual systems. As a result, attackers focus on how to exploit the resultant 
security gaps and to compromise the systems of other Cloud customers. 
Insecure programming interfaces 
Cloud computing providers offer a set of application programming interfaces 
or APIs that customers use to manage and interact with Cloud services. The 
security and availability of Cloud services is highly dependent on the security 
of these interfaces. If the security of these interfaces is lacking, customers 
will be exposed to a variety of security risks relating in particular to data 
protection, integrity and availability. 
Account and service hijacking  
Account and service hijacking with stolen credentials and the related 
manipulation of processes, data and transactions is a top risk in Cloud 
25
I.Tsvihun und M. Kulicke, 'Security Analysis of the IaaS Offering "FUJITSU Cloud in Central 
Europe",' May 2011 
26
/