Top 10 Could Computing Threats

With 24x7 availability and accessible by almost any device with a browser, cloud computing allows organizations to scale their IT infrastructure and software applications as needed. However, like any technology, cloud computing has its risks.

  1. Changes the business model. Cloud computing changes the way IT services are delivered. No longer delivered from an on-site location, servers, storage, and applications are provided by external service providers. Organizations need to evaluate the risks associated with the loss of control of the infrastructure.
  2. Abuse. Initial registration with a cloud computing service is a pretty simple process. In many cases, the service provider even offers a free trial period. Organizations should consider their risks due to anonymous signup, lack of validation, service fraud, and ad-hoc services.
  3. Insecure interfaces. Application programming interfaces (API) are used to establish, manage, and monitor services. These interfaces may be subject to security vulnerabilities that put your users at risk.
  4. Malicious insiders. One of the benefits of cloud computing is that your organization doesn't need to know the technical details of how the services are delivered. The provider's procedures, physical access to systems, monitoring of employees, and compliance related issues are transparent to the customer. Without full knowledge and control, your organization may be at risk.
  5. Shared technology. Cloud computing allows multiple organizations to share and store data on the servers. However, the original server hardware and operating systems were most likely designed for use by a single tenant (one organization). Organizations should ensure the appropriate controls are in place to keep your data secure.
  6. Data loss and leakage. With shared infrastructure resources, organizations should be concerned about the service provider's authentication systems that grant access to data. Organizations should also ask about encryption, data disposal procedures, and business continuity.
  7. Account hijacking. Organizations should be aware that account hijacking can occur. Simple Internet registration systems, phishing and fraud schemes can allow a hacker to take over control of your account.
  8. Risk profile. For many service providers, the focus is on functionality and benefits, not security. Without appropriate software updates, intrusion prevention, and firewalls, your organization may be at risk.
  9. Users. When using cloud services, your users' activities such as clicking links in e-mail messages, Instant Messaging, visiting fake web sites, etc. can download malware to a local workstation. Once installed, the malware can launch attacks against your internal network.
  10. Browsers. Several years ago, hackers used to attack software operating systems. More recently, hackers have shifted their attacks to target user browsers. By exploiting browser vulnerabilities, hackers have access to the same applications and data that your users access.

Internet cloud computing services provide both business and technical benefits. Risk assessments help organizations identify, manage, and reduce their cloud computing risks so that they may achieve the greatest benefits at the lowest level of risk. Formal and documented policies ensure a top down approach to managing service provider risks.

Security Blog
verified If You Want a "Security Audit"
You Need a Certified Auditor.
Certified Information Systems Auditors

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your information systems, applications, and network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets
Assurance and Security Audit Services
network-security
Network Security Audit Company
Certified security audit
Cyber security audit
Network security audit
Penetration test and penetration testing
Risk assessment
Security testing
Social engineering security assessment
it-security
IT Security Audit Company
Data security audit
IT audit
IT security audit
Mobile software application security audit
Network security assessment
Security assurance
Web application security audit
Website security audit
Website security testing
compliance
Compliance Audit Company
Information assurance
Privacy audit
Security compliance
consulting-services
Consulting Services Company
Custom consulting service
Cyber security consulting
Network security consulting
Network audit
Network assessment
Quick Access
Audit Resources
Security Resources
Contact Us
Copyright ©     Altius IT.   All rights reserved.
Site map Privacy policy Do Not Sell or Share My Personal Information