Q

Minimizing cloud computing threats in the enterprise

In this expert response, Nick Lewis outlines the biggest cloud computing threats, and explains what can be done to mitigate those threats.

The Cloud Security Alliance and Hewlett-Packard Co. has recently come out with the top cloud computing threats. What do you think is the greatest threat to enterprises from the cloud, and how can we prevent it from happening to us?
The most important action you can take to protect your organization from cloud computing threats is to be prepared and conduct your due diligence when contracting with cloud-based service providers to understand the risks. Outsourcing data to an external service always presents some level of risk. Among those risks, the potential loss of control over enterprise data is the greatest threat to the enterprise.

After that, I think the greatest cloud computing threat to enterprises is either insecure application programming interfaces (APIs) or shared technology vulnerabilities. This is not to minimize the five other threats, but these are threats we should already be familiar with because they are common to many other areas in information security. Insecure APIs or shared technology vulnerabilities are threats to traditional information security,...

but they become even greater threats in a cloud computing environment. This is because of the shared nature of the service and potential increased attack surface.

You can prevent cloud computing threats from causing harm to your organization by first investigating what potential vendors use for security controls and doing a risk assessment as recommended by the Cloud Security Alliance and HP. You can minimize the risk of insecure application programming interfaces by strictly configuring the access control for utilizing the API and by closely monitoring your access logs. You can lessen the risk from shared technology vulnerabilities by using a service provider that minimizes the different customers on shared infrastructures, limiting the sensitive data stored with the provider or having the sensitive data stored on a higher security infrastructure.

This was first published in May 2010

Dig deeper on Legacy Application Modernization for the Cloud

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close