Security Issues with Cloud Computing

9 11 2011

Cloud computing is a fast growing strategy that is being adopted by many businesses and individuals in the commercial, private and government sector. It is evident that cloud computing have taken the IT world by storm. There are still a few issues that the technology industry is having with the cloud; and security and risk management are the biggest ones. To better understand what I am about to share with you, you must understand the three models that cloud computing offers. There are three main models, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  SaaS focuses on delivering software over the Internet, PaaS focuses on helping one to develop applications with out all the complexities of hardware, and with IaaS Instead of setting up a data center, buying software, severs, and networking equipment you just outsource it as a service from a cloud provider.

According to the Cloud Security Alliance, “Future areas of concern include Password and key cracking, DDOS, launching dynamic attack points, hosting malicious data, botnet command and control, building rainbow tables, and CAPTCHA solving farms.” [1] These types of attacks seem to be more popular with the IaaS model but are also gaining some attention with PaaS. One of the biggest concerns in my eyes is that both individuals and business think that because of their cloud provider, everything is ok because they offer security. Kevin Fogarty in his article quoted Ezra Gotthiel who is an analyst who covers issues with Technology Business Research and she said, “Security and cloud hosting are two separate things, but the cost of entry is so low, and often so simple, that customers may not do as much due diligence as they should to find out who’s responsible for security.” [2] The Cloud Security Alliance believes that security of an infrastructure relies on the basic security function of API’s.  This to me makes the infrastructure weak.  In their words, “Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability and accountability.”  Jeff Beckham gives us 5 top security risks and with each of them we can evaluate potential providers. The 5 that he named were secure data transfer, secure software interfaces, secure stored data, user access control and data separation. In his article he advises that you ask a provider about each of these but it is not just their responsibility but also yours. [3]

A major security issue that many seem to overlook at times is the security of a cloud provider’s data center. In undergrad I learned in Project Management that contingency plans are very necessary to organizations and that in the north Eastern parts of America, there is a big problem with having sound disaster recovery plans (because of the lack of hurricanes/tornadoes). I remember at the beginning of this semester the eastern seaboard had an earthquake and a hurricane in basically the same week. To me this is a wake up call not just for cloud providers but also for consumers to check to see about these issues with their cloud providers and make necessary preparations.


[1] Cloud Security Alliance. “Top Threats to Cloud Computing V1.0” Cloud Security Alliance. March 2010.  Web. 21 Oct 2011. <>

[2] Fogarty, Kevin. “Cloud Computing’s Top Security Risk: How One Company Got Burned.”  14 Jul 2010. CXO Media Inc.  25 Oct 2011.


[3] Beckham, Jeff. “The Top 5 Security Risks of Cloud Computing” Cisco Blog. 3 May 2011. Web. 26Oct 2011. <>





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: