Cloud security soon 'sizeable headache' for IT managers
Hackers view Cloud Computing as ‘having a silver lining for them’, a survey of attendees at the DEF CON 2010 Hacker conference has found.
A landslide 96 per cent of the respondents to the Fortify Software-sponsored poll admitted that they believed the Cloud Computing adoption would ‘open up more hacking opportunities’ for them. This belief is driven, says Barmak Meftah, chief products officer with the software assurance firm, the allegation from the hackers, that Cloud vendors are ‘not doing enough to address the security issues of their services’.
“Some 89 per cent of respondents said they believed this was the case and, when you analyse this overwhelming response in the light of the fact that 45 per cent of hackers said they had already tried to exploit vulnerabilities in the Cloud, you begin to see the scale of the problem,” he explained.
“When you factor-in the prediction from numerous analysts that at the start of 2010 20 per cent of businesses would have their IT resources in the Cloud within four years, you begin to appreciate the potential scale and complexity of the security issues involved,” Fortify’s Meftah adds. “In the many predictions 20 per cent of organisations would own no appreciable IT assets, but would instead rely on Cloud Computing resources – the same resources that 45 per cent of the DEF CON 2010 attendees in the survey freely admitted to already having tried to hack.”
In regard to identifying the biggest vulnerabilities, 21 per cent of respondents say that Software-as-a-Service (SaaS) Cloud systems are viewed as being the most vulnerable, with 33 per cent of the hackers having discovered public DNS vulnerabilities, followed by log files (16 per cent) and communication profiles (12 per cent) in their Cloud travels.
“Remember, we are talking about hackers having already discovered these types of vulnerabilities in the Cloud, rather than merely making an observation,” Meftah warns.