Security is a key element for cloud computing, it is also appointed by 30% of respondents as concern in a survey conducted by Forrester Research for Cloud Computing adoption. Data privacy issues are also accounted for by 25% where security is also directly related, and integrity threats of infrastructure can expose user’s data and availability of the whole environment. Security is not an option for cloud environment, it’s a requirement without it user’s will not have confidence in the cloud and like any other institution, it will fail.
Security strategies should be treated in depth, from bottom to top and during the design process, not as something that you add at the end. Inheriting most of the old school techniques such as SDLC for application development, auth
enti cati on/a utho riza tion protocols and safe guard of credentials plus new and reviewed measurements focused on nature of cloud architecture.
New vectors attacking virtualized environment are rising such as:
- VM Jumping/Guest Hoping:
- VM and Networking:
You can read more on cloud computing and virtualization vulnerabilities through many papers on the web. The counter measure against this attack can be mutual authentication provided by Trusted Compute Pools, encryption or isolation of traffic in a secure network separated physically or virtually
I abridged the post a bit, so click the link above for more in depth information. Keep your doors locked!