Seite 73 - Cloud Migration Version 2012 english

73 
computing, which can compromise the confidentiality, integrity and 
availability of those services. 
Malicious insiders 
Even the best technical security measures are of no avail if Cloud provider 
employees abuse their privileges and authorisations to obtain financial or 
other benefits at the expense of customers. Because of the simultaneous 
provision of Cloud services for multiple customers within one and the same 
management domain, the consequences of possible abuse here can be 
particularly serious. 
Abuse of Cloud computing 
The relative anonymity behind the registration and use of Cloud computing 
services (especially in the Public Cloud) enables criminals to use powerful 
and scalable IT resources to conduct their activities with relative impunity. 
These include password and key cracking, botnet command and control and 
hosting malicious software. 
Unknown risk profiles  
Critical questions about the features and functionality advertised by the 
Cloud computing provider should be asked before ever adopting Cloud 
computing services. If these are complex, that makes it even more 
important to request details about the Cloud computing provider's security 
processes and security features, and to see how they compare to your own 
requirements. As long as these and all other relevant questions are not 
answered to your satisfaction, the potential Cloud computing provider's risk 
profile remains unknown, which could spell serious danger. 
Prevention ‐ how to avoid and reduce Cloud security risks 
As the widespread use of Cloud computing by enterprises and government 
is barred by the risk issues, the question of the use of Cloud technologies 
and the outsourcing of services in the Cloud initially have to be seen from 
the perspective of controllability along with the related risks. The security 
requirements vary according to the usage scenario (SaaS, PaaS, IaaS or 
public, private, hybrid, community Cloud) These are explained in scores of 
studies and guidelines, such as those published by BITKOM
27
,
EuroCloud
28
27
 '
Cloud computing ‐ Evolution in technology, revolution in business', BITKOM, October 2009,  
 '
Cloud computing – What decision‐makers should know', BITKOM, 20 December 2010,  
28
  '
Law, data protection & compliance', EuroCloud, 2 December 2010,