Minimizing cloud computing threats in the enterprise

In this expert response, Nick Lewis outlines the biggest cloud computing threats, and explains what can be done to mitigate those threats.

Nick Lewis

The Cloud Security Alliance and Hewlett-Packard Co. has recently come out with the top cloud computing threats. What do you think is the greatest threat to enterprises from the cloud, and how can we prevent it from happening to us?

The most important action you can take to protect your organization from cloud computing threats is to be prepared and conduct your due diligence when contracting with cloud-based service providers to understand the risks. Outsourcing data to an external service always presents some level of risk. Among those risks, the potential loss of control over enterprise data is the greatest threat to the enterprise.

After that, I think the greatest cloud computing threat to enterprises is either insecure application programming...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

interfaces (APIs) or shared technology vulnerabilities. This is not to minimize the five other threats, but these are threats we should already be familiar with because they are common to many other areas in information security. Insecure APIs or shared technology vulnerabilities are threats to traditional information security, but they become even greater threats in a cloud computing environment. This is because of the shared nature of the service and potential increased attack surface.

You can prevent cloud computing threats from causing harm to your organization by first investigating what potential vendors use for security controls and doing a risk assessment as recommended by the Cloud Security Alliance and HP. You can minimize the risk of insecure application programming interfaces by strictly configuring the access control for utilizing the API and by closely monitoring your access logs. You can lessen the risk from shared technology vulnerabilities by using a service provider that minimizes the different customers on shared infrastructures, limiting the sensitive data stored with the provider or having the sensitive data stored on a higher security infrastructure.

This was last published in May 2010

Dig Deeper on Legacy Application Modernization for the Cloud

All
News
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Cloud Security experts

View all Cloud Security questions and answers

Legacy security tools challenge companies facing cloud migration

Companies make the migration to cloud, security remains on premises

The security divide between on-premises and cloud infrastructures

How can hybrid app security risks be mitigated?

Cloud application security issues and considerations

Former @stake researcher Aitel insists on data classification

Ensuring cloud application security amid a cloud application migration

How to develop cloud applications based on Web app security lessons

Legacy application migration to the cloud and security

Legacy security tools challenge companies facing cloud migration

Companies make the migration to cloud, security remains on premises

The security divide between on-premises and cloud infrastructures

How can hybrid app security risks be mitigated?

Please create a username to comment.

Moussouris: Bug bounty programs need to avoid jumping the shark

Schneier talks cyber regulations, slams U.S. lawmakers

Passive DNS techniques can reduce DNS abuse

Microsoft takes holistic approach to IoT security concerns

Get started with Red Hat OpenShift Container Platform

Compare management options for Google Kubernetes Engine

Amazon FreeRTOS aims to simplify, secure IoT deployment

Test your knowledge of GDPR rights and AWS data protection

Support for Node.js in AWS Lambda slowly, but surely, evolves

Four options to manage stateful apps in the cloud

BPM in cloud evolves to suit line of business, IoT

Use LinuxKit to increase container portability

Best practices for sizing a server

Overcome hybrid cloud deployment challenges

Get started with this Nutanix Community Edition installation guide

Use Ansible in vSphere to automate management tasks

VMware IoT services wield IT ties for device management

The essential guide to VMware NSX SDN technology

Global cyber crime worth $1.5tn a year, study reveals

Business needs to keep up with Investigatory Powers Act

Data protection is a business issue, says IAPP

Related Resources

Dig Deeper on Legacy Application Modernization for the Cloud

Related Q&A from Nick Lewis

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.