www.Cloud-Security.us


Telephone: 732-763-2814
Email: service@infosecpro.com
Cloud-Security.us

T O P   T H R E A T S :

Abuse of Cloud Computing
Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Account or Service Hijacking
Unknown Risk Profile

VULNERABILITIES:

Common Exploits
Server Specific
Network Specific
CISCO Specific

CITRIX Specific

T E S T I N G   S T E P S
Footprinting
Discovery
Enumeration
Password Craking

Malicious Insiders:

The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.

To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection.

Examples

  • No public examples are available at this time.

Remediation

  • Enforce strict supply chain management and conduct a comprehensive supplier assessment
  • Specify human resource requirements as part of legal contracts.
  • Require transparency into overall information security and management practices, as well as compliance reporting.
  • Determine security breach notification processes.

References:

http://blogs.bankinfosecurity.com/

http://technicalinfodotnet.blogspot.com/

Cloud Computing Security

Book Cover


book with ISBN: 1461194067, is now available.
Please click here to order.


Our Services:

Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications.

Our Cloud Security Assessments provide means for customers to:

1. assess the risk of adopting cloud services;
2. compare different cloud provider offerings;
3. obtain assurance from selected cloud providers;
4. reduce the assurance burden on cloud providers.
5. select and deploy the security monitoring tools needed and customizing the flow analysis features available on routers.

Our Cloud Security Assessment evaluation will cover all aspects of security requirements.

For a complete Cloud Security Assessment and Penetration Testing for an existing configuration please select:

Other members of our business group:
InfoSecPro.com

COPYRIGHT (C) 2000 - 2013 InfoSecPro.com ALL RIGHTS RESERVED