Discuss various security and privacy threats faced by cloud applications (IaaS, PaaS and SaaS) and highlight solutions developers and architects need to be aware of.
IaaS: As a user of IaaS (Amazon, Rackspace, GoGrid, Cloud) you would need to consider following aspects: Network Level, Host Level, Application Level, Data Access and Storage.
Threats : Infrastructure Abuse, Malicious Insiders, Virtualization vulnerabilities
PaaS: As user of PaaS (Azure, Salesforce, GAE), you would need to consider: Code vulnerabilities, Data Storage and Access
Threats : Insecure Interfaces and APIS, Data Leakage
SaaS: Finally as a user of a service online (SaaS) may be you are least exposed but here other concerns become relevant: Privacy, Sharing / Privacy Controls, Identity and Access management, Authentication & Authorization/SSO/OAuth
Threats: Account/Service Hijacking, Phishing, Data Loss, Reliability
Takeaways from the session
- Awareness of the security ecosystem around applications on the cloud
- Evaluate the threats cloud based applications face
- Gather solutions and risk mitigation methodologies for addressing these concerns
This session on “Cloud Security and Privacy – Threats & Mitigations” will be presented at the 1st IndicThreads.com Conference On Cloud Computing to be held in Pune, India on 20,21 August 2010.Click here for a list of other Sessions @ The Conference