Discuss various security and privacy threats faced by cloud applications (IaaS, PaaS and SaaS) and highlight solutions developers and architects need to be aware of.
IaaS: As a user of IaaS (Amazon, Rackspace, GoGrid, Cloud) you would need to consider following aspects: Network Level, Host Level, Application Level, Data Access and Storage.
Threats : Infrastructure Abuse, Malicious Insiders, Virtualization vulnerabilities
PaaS: As user of PaaS (Azure, Salesforce, GAE), you would need to consider: Code vulnerabilities, Data Storage and Access
Threats : Insecure Interfaces and APIS, Data Leakage
SaaS: Finally as a user of a service online (SaaS) may be you are least exposed but here other concerns become relevant: Privacy, Sharing / Privacy Controls, Identity and Access management, Authentication & Authorization/SSO/OAuth
Threats: Account/Service Hijacking, Phishing, Data Loss, Reliability
Continue reading »