73
computing, which can compromise the confidentiality, integrity and
availability of those services.
Malicious insiders
Even the best technical security measures are of no avail if Cloud provider
employees abuse their privileges and authorisations to obtain financial or
other benefits at the expense of customers. Because of the simultaneous
provision of Cloud services for multiple customers within one and the same
management domain, the consequences of possible abuse here can be
particularly serious.
Abuse of Cloud computing
The relative anonymity behind the registration and use of Cloud computing
services (especially in the Public Cloud) enables criminals to use powerful
and scalable IT resources to conduct their activities with relative impunity.
These include password and key cracking, botnet command and control and
hosting malicious software.
Unknown risk profiles
Critical questions about the features and functionality advertised by the
Cloud computing provider should be asked before ever adopting Cloud
computing services. If these are complex, that makes it even more
important to request details about the Cloud computing provider's security
processes and security features, and to see how they compare to your own
requirements. As long as these and all other relevant questions are not
answered to your satisfaction, the potential Cloud computing provider's risk
profile remains unknown, which could spell serious danger.
Prevention ‐ how to avoid and reduce Cloud security risks
As the widespread use of Cloud computing by enterprises and government
is barred by the risk issues, the question of the use of Cloud technologies
and the outsourcing of services in the Cloud initially have to be seen from
the perspective of controllability along with the related risks. The security
requirements vary according to the usage scenario (SaaS, PaaS, IaaS or
public, private, hybrid, community Cloud) These are explained in scores of
studies and guidelines, such as those published by BITKOM
27
,
EuroCloud
28
,
27
'
Cloud computing ‐ Evolution in technology, revolution in business', BITKOM, October 2009,
'
Cloud computing – What decision‐makers should know', BITKOM, 20 December 2010,
28
'
Law, data protection & compliance', EuroCloud, 2 December 2010,
