Jun 25

Cloud Security and Privacy – Threats & Mitigations

By admin Sessions Comments Off on Cloud Security and Privacy – Threats & Mitigations

Discuss various security and privacy threats faced by cloud applications (IaaS, PaaS and SaaS) and highlight solutions developers and architects need to be aware of.

IaaS: As a user of IaaS (Amazon, Rackspace, GoGrid, Cloud) you would need to consider following aspects:  Network Level, Host Level, Application Level, Data Access and Storage.
Threats : Infrastructure Abuse, Malicious Insiders, Virtualization vulnerabilities

PaaS: As user of PaaS (Azure, Salesforce, GAE), you would need to consider: Code vulnerabilities, Data Storage and Access
Threats : Insecure Interfaces and APIS, Data Leakage

SaaS: Finally as a user of a service online (SaaS) may be you are least exposed but here other concerns become relevant:  Privacy, Sharing / Privacy Controls, Identity and Access management, Authentication & Authorization/SSO/OAuth
Threats: Account/Service Hijacking, Phishing, Data Loss, Reliability
Continue reading »

preload preload preload