Discuss various security and privacy threats faced by cloud applications (IaaS, PaaS and SaaS) and highlight solutions developers and architects need to be aware of.

IaaS: As a user of IaaS (Amazon, Rackspace, GoGrid, Cloud) you would need to consider following aspects:  Network Level, Host Level, Application Level, Data Access and Storage.
Threats : Infrastructure Abuse, Malicious Insiders, Virtualization vulnerabilities

PaaS: As user of PaaS (Azure, Salesforce, GAE), you would need to consider: Code vulnerabilities, Data Storage and Access
Threats : Insecure Interfaces and APIS, Data Leakage

SaaS: Finally as a user of a service online (SaaS) may be you are least exposed but here other concerns become relevant:  Privacy, Sharing / Privacy Controls, Identity and Access management, Authentication & Authorization/SSO/OAuth
Threats: Account/Service Hijacking, Phishing, Data Loss, Reliability

Takeaways from the session

  • Awareness of the security ecosystem around applications on the cloud
  • Evaluate the threats cloud based applications face
  • Gather solutions and risk mitigation methodologies for addressing these concerns
Speaker: Vineet Mago &  Naresh Khalasi
This session on “Cloud Security and Privacy – Threats & Mitigations” will be presented at the 1st IndicThreads.com Conference On Cloud Computing to be held in Pune, India on 20,21 August 2010.Click here for a list of other Sessions @ The Conference

Comments are closed.

preload preload preload