06 December 2011

Why cloud services are a tempting target for attackers

The largest cloud providers today are Google, Microsoft, and Amazon; each offering multiple services and platforms for their respective customers. For example, Microsoft Azure, Google Apps, and Amazon EC2 are all hosting and development platforms. Google Docs, Acrobat.com, and Microsoft Office 365 all provide basic word processing, spreadsheets and other applications for individuals to use via the web instead of on their individual desktops. Then, of course, there's social networks, online gaming, and video and music sharing services — all of which rely on a hosted environment that can accommodate millions of users interacting from anywhere on earth, yet all connected somewhere in cyberspace. While the benefits are many, both to individuals and to corporations, there are three distinct disadvantages from an individual and national security perspective:

  • The cloud provider is not responsible for securing its customers' data.
  • Attacking a cloud-based service provides an economy of scale to the attacker.
  • Mining the cloud provides a treasure trove of information for domestic and foreign intelligence services.
The move to the cloud is both inevitable and filled with risk for high-value government employees, corporate executives, and companies engaged in key market sectors like energy, banking, defense, nanotechnology, advanced aircraft design, and mobile wireless communications, among others.

To make matters more complicated, cloud providers may move data to different server farms around the world rather than keep it in the same country as the corporation or individual that owns it. That could potentially put the customer's data at risk for being legally compromised under foreign laws that would apply to the host company doing business there. For example, Microsoft UK's managing director Gordon Frazier was recently asked at the Office 365 launch, "Can Microsoft guarantee that EU-stored data, held in EU-based datacenters, will not leave the European Economic Area under any circumstances — even under a request by the Patriot Act?" "Microsoft cannot provide those guarantees. Neither can any other company."

The best advice for individuals and companies at this time is to insist that cloud providers build a measurably secure infrastructure while providing legal guarantees and without the use of foreign data farms. Until that occurs, and it's highly unlikely to happen without strong consumer pressure, there are significant and escalating risks in hosting valuable data with any cloud provider.

Click here to read more ....

Solutions : www.xcyss.in

No comments:

Post a Comment