www.Cloud-Security.us

Telephone: 732-763-2814
Email: service@infosecpro.com
Cloud-Security.us

T O P   T H R E A T S :

Abuse of Cloud Computing

Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Account or Service Hijacking
Unknown Risk Profile

VULNERABILITIES:

Common Exploits

Server Specific
Network Specific
CISCO Specific

CITRIX Specific

T E S T I N G   S T E P S

Footprinting
Discovery
Enumeration
Password Craking

Data Loss or Leakage:

There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented from gaining access to sensitive data.

The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment.

Examples

Insufficient authentication, authorization, and audit (AAA) controls; inconsistent use of encryption and software keys; operational failures; persistence and remanence challenges: disposal challenges; risk of association; jurisdiction and political issues; data center reliability; and disaster recovery.

Remediation

  • Implement strong API access control.
  • Encrypt and protect integrity of data in transit.
  • Analyzes data protection at both design and run time.
  • Implement strong key generation, storage and management, and destruction practices.
  • Contractually demand providers wipe persistent media before it is released into the pool.
  • Contractually specify provider backup and retention strategies.

References:

http://en.wikipedia.org/wiki/

http://news.cnet.com/

http://nylawblog.typepad.com/suigeneris/

Cloud Computing Security

Book Cover


book with ISBN: 1461194067, is now available.
Please click here to order.


Our Services:

Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications.

Our Cloud Security Assessments provide means for customers to:

1. assess the risk of adopting cloud services;
2. compare different cloud provider offerings;
3. obtain assurance from selected cloud providers;
4. reduce the assurance burden on cloud providers.
5. select and deploy the security monitoring tools needed and customizing the flow analysis features available on routers.

Our Cloud Security Assessment evaluation will cover all aspects of security requirements.

For a complete Cloud Security Assessment and Penetration Testing for an existing configuration please select:

Other members of our business group:
InfoSecPro.com

COPYRIGHT (C) 2000 - 2011 InfoSecPro.com ALL RIGHTS RESERVED