Afraid of outside cloud attacks? You're missing the real threat

While the focus on security is on attacks from the outside world, many attacks will occur within clouds -- by insiders

Many IT managers are not moving to the cloud due to security concerns. I suspect they're envisioning a group of Eastern Bloc hackers in a one-room apartment attacking their cloud providers and stealing their data. While I'm sure that does indeed go on, the true threat around cloud computing security issues are going to come from within the cloud.

The more common issues will be around those who have been trusted with cloud computing access and who walk off with data, typically before resigning or being fired. While this occurs all of the time now with the advent of cheap USB thumb drives, the cloud makes it a bit easier, considering that employees with access to cloud-based resources have access to large amounts of typically sensitive data from anywhere in the world.

[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report, featuring an exclusive excerpt from David Linthicum's new book on cloud architecture. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]

The only way to defend against this, other than doing a good background check, is to make sure that no single user has access to all of the data in a downloadable format. This includes limiting use of the data-oriented APIs provided by the cloud computing provider to only a few authorized and trusted people.

Data Explosion iGuide

The larger issue around cloud computing is the fact that while many clouds are set up to defend against those looking to hack directly into a server instance or instances from the outside, many attacks will occur between instances. This typically means they are exploiting issues with core cloud computing components, such as the hypervisor, to attack across virtual machines.

This was the case in a recent study that showed how potential hackers could use a side-channel attack to reach across virtual machines to do fun things such as gather passwords. The researchers demonstrated that a virtual machine sitting on the same physical server as a target VM could monitor shared resources on the server to make highly educated inferences about the target VM.

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies