72
3.2.2
The Risks of Cloud computing
Concerns about security and data protection are mainly what have been
delaying the widespread use of Cloud computing services.
25
In particular,
these include concerns about data confidentiality and integrity as well as
compliance and data protection. Fear of a loss of control or a lack of
accessibility another factor that has been hindering the adoption of Cloud
solutions by enterprises and governments. The Cloud Security Alliance
(
CSA)
26
has defined seven top threats to Cloud computing:
Compromised data
Given the special security challenges in the Cloud, the danger of
compromised data (e.g. unauthorised deletion or alteration, loss of security
keys) constitutes a serious danger. The loss of data can have a ravaging
effect on an enterprise. In particular, the loss of intellectual property, brand
damage and the loss of trust among business partners and customers can
have serious consequences for an enterprise's financial and competitive
position. Nor can non‐compliance or violation of the law be ruled out in the
event of illegitimate or undetected data manipulation.
Shared technology issues
The virtualisation of multiple systems on shared hardware harbours some
noteworthy risks. Disk partitions, CPU caches, GPUs and other elements
were never designed for the shared use of multiple compartmentalised
virtual systems. As a result, attackers focus on how to exploit the resultant
security gaps and to compromise the systems of other Cloud customers.
Insecure programming interfaces
Cloud computing providers offer a set of application programming interfaces
or APIs that customers use to manage and interact with Cloud services. The
security and availability of Cloud services is highly dependent on the security
of these interfaces. If the security of these interfaces is lacking, customers
will be exposed to a variety of security risks relating in particular to data
protection, integrity and availability.
Account and service hijacking
Account and service hijacking with stolen credentials and the related
manipulation of processes, data and transactions is a top risk in Cloud
25
I.Tsvihun und M. Kulicke, 'Security Analysis of the IaaS Offering "FUJITSU Cloud in Central
Europe",' May 2011
26
/