Professional Documents
Culture Documents
ISSN:2320-0790
Abstract: Cloud Computing is the evolution, over the past 20+ years, of a continuous trend towards the industrialization of IT. This is in part
due to the popularity of outsourcing and hosting of increasingly industrialized service definitions and cost structures & pricing. This has also
spurred dramatic growth in popularity and use of both internet and corporate wide intranets as trusted delivery models. But are they safe and
secure for storing confidential information? How can we make sure that the client has total control over their data on the cloud? Is it true that in
order to reduce the cost of operation and efficiency, we have to comprising giving away sensitive data? This paper does an in-depth study of
the recurring vulnerabilities.
Keywords: DLP, SaaS, Cloud, Grid
I. INTRODUCTION
Today, cloud computing systems are providing a wide
variety of services and interfaces to enable vendors to rent
out spaces on their physical machines at an hourly rate for a
tidy profit. The services that are provided by these vendors
can vary from dynamically virtual machines to flexible
hosted software services.
Model
Private Cloud
Community Cloud
Public Cloud
Hybrid Cloud
Definition
Enterprise owned or Leased
Shared Infrastructure for a
specific community
Sold to Public, established
on
a
mega
scale
infrastructure
Composition of two or more
cloud deployment models.
193
COMPUSOFT, An international journal of advanced computer technology, 2 (7), July-2013 (Volume-II, Issue-VII)
Step
Incursion
Discovery
Capture
Exfiltration
Explanation
Hackers gain remote access to the network.
Hackers map out the company's systems and scan for
confidential / sensitive data.
Attackers take control of key systems and collect exposed
data as it flows through these systems.
The Stolen data is sent out the front door to external
servers under control of the attacker.
A.A.1
With response to a short survey we had conducted to
understand the overall Response from IT Consultants on
Various Threats identified by Cloud Security Alliance
resulted in a response below:
A.A.2
Let us look in to the top three threats for 2013 and proposal
of mitigation strategies to resolve them.
COMPUSOFT, An international journal of advanced computer technology, 2 (7), July-2013 (Volume-II, Issue-VII)
A.A.3
B. Account Hijacking
Account or service hijacking is not new. Attack methods
such as phishing, fraud, and exploitation of software
vulnerabilities still achieve results. Credentials and
passwords are often reused, which amplifies the impact of
such attacks. Cloud solutions add a new threat to the
landscape.
If an attacker gains access to your credentials, they can
eavesdrop on your activities and transactions, manipulate
data, return falsified information, and redirect your clients
to illegitimate sites. Your account or service instances may
become a new base for the attacker. From here, they may
leverage the power of your reputation to launch subsequent
attacks.
195
COMPUSOFT, An international journal of advanced computer technology, 2 (7), July-2013 (Volume-II, Issue-VII)
COMPUSOFT, An international journal of advanced computer technology, 2 (7), July-2013 (Volume-II, Issue-VII)
[4]
[6] http://readwrite.com/2010/09/16/googles-internal-security-brea
[7] Privacy in the Cloud: Google Lawsuits, Facebook Data Breach, NSA
Leaks
http://blog.malwarebytes.org/whats-in-thenews/2013/06/privacy-in-the-cloud-google-lawsuits-facebook-databreach-nsa-leaks/
[8] Lightning
strikes
Amazon
cloud
(honest).
Available:
http://www.theregister.co.uk/2009/06/12/lightning_strikes_amazon_
cloud/
[9] Catastrophic
Hardware
Failure
at
Swissdisk
http://www.theregister.co.uk/2009/10/19/swissdisk_failure/.
[10] http://www.telegraph.co.uk/finance/newsbysector/epic/btdota/10089
355/BT-dumps-Yahoo-email-after-hacking-claims.html
197