Cloud Computing Threats and Vulnerabilities
Cloud Computing Threats and Vulnerabilities
University of Maryland University College
Table of Contents
I. Introduction: What is cloud computing and why is it important?
II. What are Cloud Computing’s Threats and Vulnerabilities?
III. Threat/Vulnerability Occurrence Likelihood, Risk Reduction and Customer Satisfaction
A. “Abuse and Nefarious Use of the Cloud” / “Session Riding and Hijacking”
B. “Insecure Interfaces and APIs” / “Virtual Machine (VM) Escape”.
C. “Malicious Insiders” / “Reliability and Availability of Service”
D. “Shared/Virtualized Technology Issues”/ “Insecure Cryptography”
E. “Data Loss or Leakage” / Data Protection and Portability”
F. “Vendor Lock-in” / “Account or Service Hijacking”
G. “Internet Dependency” / “Unknown Risk Profile”
IV. Conclusions
I. Introduction: What is cloud computing and why is it important? Cloud computing involves distributed computing over the public internet or similar private computer network. Cloud computing, which means your data and software are stored on servers owned and maintained by a third party, is becoming increasingly commonplace. This means that business owners need not purchase or lease computer software for each employee. Instead of installing a suite of software for each computer, it is only necessary to load a single application to permit employees to log into a Web-based service that provides all the computer programs the employees need to perform their tasks. The remote machines, accessed via the Web and owned by another company, can provide word processing, e-mail, research, complex data analysis and many other functions provided by computer programs. Even law firms are taking advantage of the cost savings, flexibility, and agility benefits of using cloud computing services. (Black, 2012).
II. What are Cloud Computing’s Threats and Vulnerabilities?
Cloud Computing Threats and Vulnerabilities
University of Maryland University College
Table of Contents
I. Introduction: What is cloud computing and why is it important?
II. What are Cloud Computing’s Threats and Vulnerabilities?
III. Threat/Vulnerability Occurrence Likelihood, Risk Reduction and Customer Satisfaction
A. “Abuse and Nefarious Use of the Cloud” / “Session Riding and Hijacking”
B. “Insecure Interfaces and APIs” / “Virtual Machine (VM) Escape”.
C. “Malicious Insiders” / “Reliability and Availability of Service”
D. “Shared/Virtualized Technology Issues”/ “Insecure Cryptography”
E. “Data Loss or Leakage” / Data Protection and Portability”
F. “Vendor Lock-in” / “Account or Service Hijacking”
G. “Internet Dependency” / “Unknown Risk Profile”
IV. Conclusions
I. Introduction: What is cloud computing and why is it important? Cloud computing involves distributed computing over the public internet or similar private computer network. Cloud computing, which means your data and software are stored on servers owned and maintained by a third party, is becoming increasingly commonplace. This means that business owners need not purchase or lease computer software for each employee. Instead of installing a suite of software for each computer, it is only necessary to load a single application to permit employees to log into a Web-based service that provides all the computer programs the employees need to perform their tasks. The remote machines, accessed via the Web and owned by another company, can provide word processing, e-mail, research, complex data analysis and many other functions provided by computer programs. Even law firms are taking advantage of the cost savings, flexibility, and agility benefits of using cloud computing services. (Black, 2012).
II. What are Cloud Computing’s Threats and Vulnerabilities?
Cloud Computing Threats and Vulnerabilities
References: Black, N. (2012, September). The ethics of cloud computing for lawyers. GPSolo eReport. Cloud Security Alliance. (March 2010). Top Threats to Cloud Computing V1.0. Retrieved from https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf Montalbano, E. (2011, May 17). DARPA seeks more resilient cloud infrastructure. Information Week Government CERT. (2012). The CERT insider threat. Retrieved from http://cert.org/insider_threat/ Crabbe, N Crane, K. (2013). Nearly 15,000 Shands patients could be identity theft targets. The Gainesville Sun. Retrieved from http://www.gainesville.com/article/20130403/ARTICLES/130409896 Goedert, J Health Leaders Media. (2013). Johns Hopkins Hospital has July security breach, data recovered. Retrieved from http://www.healthleadersmedia.com/content/HOM-76229/Johns-Hopkins-Hospital-has-July-security-breach-data-recovered.html Himma, K.E. (2006). Legal, social and ethical issues of the Internet. In H. Bidgoli (Ed.), Handbook of information security, volume 2 Jacksonville Business Journal. (2008). UF warns patients of security breach. Retrieved from http://www.bizjournals.com/jacksonville/stories/2008/05/19/daily9.html Johns Hopkins Medicine Kabay, M.E., & Robertson, B., Akella, M., & Lang, D.T. (2009). Using social psychology to implement security policies. In Bosworth, et al (Eds.), Computer security handbook. New York, NY: John Wiley & Sons Kay, L Kinzie, S. (2007). Lost computer tapes had details on 135,000 workers, patients. Washington Post. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2007/02/07/AR2007020701004.html Messmer, E., (2008) Office of Inadequate Security. (2010). Five indicted in Johns Hopkins Hospital ID theft ring. Retrieved from http://www.databreaches.net/?p=14347 O’Harrow, R Socol Piers Resnick & Dym, Ltd. (2013). Professional details: Steven H. Cohen. Retrieved from http://www.hsplegal.com/lawyers/Steven_Cohen/ Treen, D Vendormate. (2009). New year policy resolutions. Retrieved from http://vendorcompliance.vendormate.com/tag/university-of-chicago-medical-center/