Above the Clouds: Managing Risk in the World of Cloud Computing
By Dick Weisinger
Security usually tops the lists of concerns that people have about the cloud. And now it seems like there is good reason. On a recent survey of 100 “elite” hackers at the 2010 Defcon conferenece, 96 of them said that the cloud offered up more opportunity for them to hack. 89 of them said that they thought that cloud providers weren’t being proactive enough in beefing up their security, and 45 of them admitted to already have engaged in cloud hacking, and 12 of them said that they hack for financial gain.
When asked about what areas of the cloud that they thought were most vulnerable, 21 percent said Software as a Service (SaaS), 33 percent said problems with the Domain Name System (DNS). 16 percent said that cracking the information in log files was on their list of things to hack, and 12 percent said that they’ve hacked into communication profiles.
Barmak Meftah, chief products officer at Fortify, sponsor of the survey, said that “more than anything, this research confirms our ongoing observations that cloud vendors – as well as the IT software industry as a whole – need to redouble their governance and security assurance strategies when developing solutions, whether cloud-based or not, as all IT systems will eventually have to support a cloud resource.”
Another highlight at the Defcon conference was a $1500 device that was able to intercept any GSM mobile phone call.
Related articles by Zemanta
- Hackers see the cloud as ripe territory (news.cnet.com)
- DEF CON Survey Reveals Vast Scale of Cloud Hacking – And the Need to Bolster Security to Counter the Problem (prnewswire.com)
- Cloud Computing Security One Year in the Cloud (cloudave.com)